Record Evidence
Primer

Evidence Authentication for Digital Files

How to authenticate a digital photograph, document, or video under FRE 901(b)(9), survive Daubert scrutiny, and establish chain of custody using SHA-256 + blockchain anchoring. Written for claims professionals, litigation counsel, forensic engineers, and risk managers.

The authentication question

When a photograph, PDF, or video file is introduced as evidence, the question isn't whether the file can be opened — it's whether the file in front of the court is the same file that was created at the time and place being claimed. Traditional digital evidence workflows rely on metadata (EXIF, file-system timestamps), custodial testimony, and hash values that match between collection and presentation. Each of those has failure modes. Metadata can be edited by any user with file access. Custodial testimony can be challenged. Hash values only authenticate the file if the original hash was recorded somewhere independent and tamper-evident.

Blockchain anchoring solves the "somewhere independent and tamper-evident" problem by recording the SHA-256 hash on a public ledger that thousands of independent parties maintain copies of.

FRE 901(b)(9): authentication by process

Federal Rule of Evidence 901(b)(9) authorizes authentication by "evidence describing a process or system and showing that it produces an accurate result." It applies cleanly to SHA-256 and blockchain anchoring:

Daubert factors

The Daubert standard (Daubert v. Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579 (1993)) asks four things of expert methodology:

  1. Testability: SHA-256 is deterministic. Given the same input, the same hash is produced. Always reproducible.
  2. Peer review: SHA-256 is NIST FIPS 180-4. Blockchain consensus is extensively published in peer-reviewed computer science literature.
  3. Error rate: collision probability for SHA-256 is bounded at approximately 2−128 — below any threshold of legal concern.
  4. General acceptance: SHA-256 and public blockchain anchoring are generally accepted in the cryptography community and increasingly in the legal technology community.

Chain of custody

Chain of custody requires documenting that evidence has not been altered between collection and presentation. A cryptographic timestamp anchored at the moment of collection provides a tamper-evident baseline:

Pre-loss documentation

The most commercially significant application in insurance is pre-loss documentation. The policyholder or inspector documents an asset's condition before any loss event — photographs, measurements, inspection reports. Each file's SHA-256 hash is anchored to a public blockchain at the time of documentation. When a claim is filed, the on-chain record proves the photos existed at that earlier time. The evidence predates any incentive to fabricate.

In contested claims, this shifts the evidentiary burden. An opposing party alleging post-hoc fabrication must explain how a file with an on-chain hash recorded before the dispute could have been forged.

ProofLedger's implementation

ProofLedger anchors each file's SHA-256 hash to both the Polygon blockchain (for instant confirmation at low cost) and, via daily batched Merkle roots, to the Bitcoin blockchain (for maximum immutability and widest judicial recognition). Every escalation proof has both anchors; the user cites whichever is more persuasive in a given venue.

Verification is independent. A public REST endpoint (documented here) is available at GET /api/v1/verify?hash=<sha256> for third-party lookups.

ProofLedger does not assert authorship, ownership, rights, intent, or truth about any file. It proves that a specific fingerprint existed at a specific time. What the file means is a matter for the parties and the tribunal.

Related resources

Document evidence with ProofLedger

Dual-chain anchoring for claims adjusters, attorneys, forensic engineers, and risk managers. Your files never leave your machine — only the hash goes on-chain.

See pricing