The defense filed a motion to exclude the photographs. The argument wasn't that they were forged. It was simpler: the plaintiff couldn't establish an unbroken chain of custody for the files. No log of who accessed them. No record of where they were stored between capture and production. No way to certify they hadn't been modified.
The court took the motion seriously.
That's the moment chain of custody stops being a procedural formality and becomes the case.
What Chain of Custody Actually Requires
In criminal forensics, chain of custody is well-defined: every person who touches the evidence signs for it. The chain is physical and documented. Break it, and the evidence is vulnerable.
Digital evidence doesn't work like that. Courts are still working out what the equivalent standard looks like. The basic requirement hasn't changed: a party introducing digital evidence must be able to show what the evidence is, that it's the same evidence collected from the relevant source, and that it hasn't been altered since collection.
Where it gets complicated is the middle part. Digital files don't show their own handling history. A JPEG doesn't know who copied it, where it was stored, or whether it was opened and re-exported. The file looks identical before and after.
Why EXIF Data Doesn't Solve This
The first instinct is to point to metadata. The timestamp embedded in the file by the camera or phone.
I'd argue EXIF data is useful information. It isn't evidence. Not in any courtroom context where the authenticity of that timestamp is going to be tested.
Any EXIF editor, including free ones available to anyone, can change the capture timestamp in about ten seconds. Courts know this. Opposing counsel knows this. Offering EXIF data as your authentication foundation, and then having that fact raised on cross, is a bad position to defend.
FRE 901(b)(9) addresses authentication by process: evidence can be authenticated by showing it was produced by "a process or system that produces an accurate result." A camera timestamps a file. But the question isn't just when the camera wrote that timestamp. The question is whether the file, and that timestamp, can be shown to be unaltered from capture to courtroom.
EXIF doesn't answer that question. It answers a different one.
What an Immutable Anchor Does
A blockchain anchor is different in kind, not just degree.
When a SHA-256 hash of a file is anchored to a public blockchain, the hash is recorded on an immutable ledger at a specific block height, with a timestamp derived from the blockchain's own consensus mechanism. That record is verifiable by anyone, independently, without reference to the original file or the party who created it.
A recent discussion on r/DigitalForensics highlighted growing interest in purpose-built chain of custody tools for digital investigators. The interest reflects a real problem: as digital evidence proliferates across cases, the documentation layer hasn't kept pace with what courts are starting to expect.
The blockchain anchor solves the "was this file changed after capture?" question mechanically. If the SHA-256 hash of the file today matches the hash recorded on-chain before the loss event, the file hasn't changed. That's not an assertion. It's cryptographic verification.
The Three Rules Worth Knowing
FRE 901(b)(9) authenticates evidence produced by a reliable process or system. A blockchain transaction, recorded at a specific block height by a decentralized consensus mechanism, fits this route. The hash is what gets anchored. The process of anchoring and recording is what gets authenticated. This still typically requires foundational testimony or a certification to explain how the system works.
FRE 902(13) is the more direct route where it applies. Added in 2017, it allows self-authentication of "a record generated by an electronic process or system that produces an accurate result, as shown by a certification of a qualified person." In plain terms: no live expert testimony at trial if you have the right certification. The certification substitutes. For machine-generated records produced by reliable systems, this is the provision that avoids the cost of an expert at every hearing.
FRE 902(14) is the companion rule for certified copies of electronic data. If the evidence was copied from a device or system, the copy can be self-authenticated through certification of the copying process. This matters when the chain runs from device to storage to production.
I want to be precise about the difference between 901(b)(9) and 902(13), because they get conflated. Both are authentication tools. They apply to different problems. 901(b)(9) is about process reliability, and it requires the court to evaluate that reliability. 902(13) is about self-authentication through certification, removing the need for live foundational testimony. They can work together, but they aren't interchangeable.
Saying something is "self-authenticating under FRE 901(b)(9)" is legally incorrect. 901(b)(9) isn't a self-authentication rule. That distinction matters to the attorneys and paralegals in this audience.
Why Dual-Chain Matters for the Admissibility Argument
ProofLedger anchors to both Polygon and Bitcoin. The reason isn't redundancy for its own sake.
Two independent records, on two independent blockchains, neither of which can be altered by the other or by the party submitting the proof, strengthens the process reliability argument under 901(b)(9). A single-chain anchor is one record. A dual-chain anchor is two independent confirmations of the same hash at the same moment in time.
Bitcoin uses a merkle tree to bundle transactions into each block. A merkle proof lets anyone verify that a specific transaction was included in a specific block without downloading the entire blockchain. The proof is compact and auditable. It doesn't require trusting me or anyone else. The math is public.
That independence is the core of the admissibility argument: the process that produced this result doesn't depend on the credibility of the submitting party.
What This Means Monday Morning
If you're handling digital evidence in a claims or litigation context, the chain of custody question will come up. A few things that matter practically:
Anchor before the dispute. A blockchain timestamp recorded before adverse interest arises is categorically stronger than one recorded after. Pre-loss documentation is impossible to fabricate retroactively on a public ledger. That's the entire point.
Keep the original file. The SHA-256 hash is derived from the exact bytes of the file at anchor time. If the file is re-exported, re-compressed, or converted later, the hash won't match. The original has to be preserved.
Know which rule you're arguing. For authentication through process reliability, that's 901(b)(9). For self-authentication through certification without live expert testimony, that's 902(13). They're not the same argument, and conflating them in a brief gets noticed.
The chain of custody problem in digital evidence doesn't go away with better software. It goes away with a record that doesn't depend on anyone's word, on any platform, at any point after capture.
---
Learn more at proofledger.io?ref=legal