Certify a file: how to give it legal value and a trusted date

You have a signed contract, a chat that proves a deal was made, photos of damage, a video walkthrough of a property. They sit on your laptop, and to you they are evidence. The trouble starts the moment you need to actually use them: in a dispute, in front of a client who denies everything, in a formal request to an authority. At that point the question is no longer “do I have it?” but “can anyone prove this file is authentic and that it already existed on a given date?”. The answer is almost always no, because a copied file carries no guarantee of its own.

To certify a file is to close exactly that gap. You give it a trusted date, a fingerprint that proves its integrity, and a chain of custody that makes it hard to contest. You do not need to be a forensic examiner. You do need the right method and the right tools, and this article covers both: why a copy is not proof, what makes a file tamper-proof, which formats you can certify, and how to do it in a few steps.

Why a copy of a file is not proof

A copy of a file proves neither when the file was created nor that nobody altered it. That is the limit most people discover too late, usually the moment the other side questions whether the document is genuine.

When you duplicate a file, the operating system creates a new object with new metadata. The creation date you see in the file properties is the date of the copy, not of the original, and anyone can change it in seconds by resetting the computer clock. The same goes for the content: a PDF, an image or a spreadsheet can be edited without leaving any obvious trace. A plain copy lives in a kind of limbo. It exists, but it cannot tell its own story.

A copy of a file is not proof because it carries none of the two things a dispute demands: a trusted date that holds against third parties, and evidence of integrity. The date shown by the operating system is freely editable by the user and refers to the last operation on the file, not to its origin. The content, in turn, can be altered with no visible sign. In litigation this becomes a near impossible burden: the party producing the document would have to demonstrate both the date and the absence of changes through other means. Courts assess digital evidence on its integrity, its tamper-evidence and a documented chain of custody, and under the U.S. Federal Rules of Evidence the party offering an item must show it is what they claim it is. An ordinary copy meets none of those tests.

The practical consequence is blunt. Against a challenge, a copy is worth as much as the trust the other side is willing to extend. And when a dispute is already underway, that trust is usually gone. To turn the file into something defensible, you have to add precisely what it lacks.

What makes a file impossible to contest

A file becomes hard to contest when five conditions hold at once: it is acquired without alteration, it gets a unique hash, it is stamped with a certain date and time, it keeps the context of date, time and location, and it is protected by a documented chain of custody. Miss even one and there is still room to question authenticity.

A file is impossible to contest when it satisfies five requirements together: acquisition without alteration of the original source, calculation of a hash that captures its content, a trusted timestamp that fixes the date and time, a record of the context (date, time and GPS coordinates), and a chain of custody documenting every step from acquisition to preservation. These five answer the questions a court actually asks about digital evidence: integrity, tamper-evidence and traceability. On their own, a hash or a timestamp is not enough. It is the combination that builds solid proof, because each element covers a different dimension: the “what”, the “when”, the “where” and the “who handled it”. This is the same logic that drives the acquisition of digital evidence under a forensic methodology, where the goal is a result that survives cross-examination rather than a single technical artifact.

Acquisition without alteration

The starting point is acquiring the file without changing it. If the act of collecting the evidence alters even a single bit, everything downstream loses value. A forensic methodology works on the original in read-only mode and logs the operation, so the certified data matches the source exactly.

The SHA-256 hash

A hash is a digital fingerprint of the file. The SHA-256 algorithm turns any content, of any size, into a fixed-length string. If even one bit of the file changes, the resulting fingerprint is completely different. That property is what makes it the ideal way to prove integrity: you recompute the hash and compare it with the one recorded at the moment of certification. If they match, the file was not touched. File integrity becomes a single comparison anyone can repeat.

Trusted timestamp and certain date

A hash combined with a trusted timestamp under the RFC 3161 standard gives a file a certain date, one that holds up even when an opposing party disputes it. RFC 3161, the Time-Stamp Protocol, defines how a trusted timestamp works: the file’s hash is sent to a timestamping service that binds it to a verified date and time, returning a signed token. From that moment there is mathematical proof that this exact content, identified by its hash, already existed at that instant. Nobody can backdate the file or swap it for a different version without the hash comparison exposing the discrepancy. The qualified timestamp, issued by an integrated third-party QTSP, is what gives the date the weight it needs in a legal setting and what makes it defensible if challenged. The timestamp says when; the hash says what. Together they leave no gap between the two.

Date, time and GPS

Beyond the timestamp, context matters. Knowing where a piece of content was acquired, with GPS coordinates, and at what exact moment adds a layer of verifiability that often makes the difference. Think of a photo of damage or a video of a site inspection, where the location is part of the proof itself, not a footnote to it.

Chain of custody and seal with legal value

Finally, the chain of custody documents every step the file goes through, from acquisition to preservation, so anyone can reconstruct who handled it and how. On that basis the electronic seal with a qualified timestamp is applied, issued through a qualified third-party QTSP. At that point the file no longer just claims to be authentic. It carries the proof of its own history.

Which files you can certify

You can certify practically any digital format, with no distinction between documents, images, audio and video, and you can do it for several files in a single operation. Certification does not look at the type of content: it works on the hash, which is computed the same way on a text PDF or on a few minutes of footage.

In practice that means office documents and contracts (PDF, DOCX, XLSX), images and screenshots (JPG, PNG), audio files (MP3) and video (MP4), along with most other formats. The table below maps the most common cases and how a digital signature differs from forensic certification, which answer two different questions.

Aspect Digital signature Forensic certification
What it proves Who signed and that the signer approved the content That the file existed at a date and was not altered since
Works on Mostly documents (PDF, signing formats) Any format: PDF, DOCX, XLSX, JPG, PNG, MP4, MP3
Trusted date Not always, unless a timestamp is added Yes, via a trusted timestamp (RFC 3161)
Integrity check Tied to the signature container Independent, via SHA-256 hash comparison
Chain of custody Not included Documented end to end

Being able to certify several files at once changes how you work. An insurance claim, for example, is rarely a single document: there is the claim form in PDF, the photos of the damage, maybe a short video. Certifying them in one operation ties them to the same instant and the same context, and saves the time you would otherwise lose going file by file. There are no format limits and no artificial cap on how many files belong to a single certified set.

TrueScreen certify files with legal value

Use case

Certify files with legal value

See how TrueScreen certifies one or more files, giving them a trusted date and legal value.

Discover more →

How to certify one or more files with TrueScreen

TrueScreen, the Data Authenticity Platform, certifies a file by acquiring it without alteration, then sealing it with a hash, a qualified timestamp and a documented chain of custody. The process follows a forensic methodology in a few steps: acquisition at the source with no changes, integrity verification, certification with a seal and a qualified timestamp issued through a third-party QTSP, and preservation. The original file is never altered, and what you get back is a report with legal value documenting date, time, location and hash.

Uploading is immediate: you select one or more files, you can add a context note, and you start the certification. There are no format limits, and multiple files are handled in a single operation, so they stay bound to the same moment. If you need to certify one or more files in different scenarios, the dedicated use-case page goes into more detail.

Certification is available across several tools, depending on how you work: the App to acquire and certify on the move, the Web Portal to manage files from the browser, the Forensic Browser to certify what you see online while you navigate, and the API and SDK to embed certification directly in your own systems and processes.

A concrete example. A law firm receives a contract in PDF from a client along with a set of photos documenting the condition of a property. It uploads everything together in one operation: the system records date, time and location, computes the hash of each file and applies the seal with a qualified timestamp. Months later, when the document is needed in court, comparing the hash is enough to prove that nothing changed since the day of acquisition, and the timestamp proves when that content already existed.

FAQ: file certification

How do I certify a document digitally?
To certify a document is to give it a trusted date and proof of integrity, so you can show when it existed and that it was not altered. You do it by computing a hash of the content and applying a trusted timestamp under the RFC 3161 standard. Unlike a file you simply copied, a certified document carries a verifiable history that holds up when someone questions it.
How to prove a file was not altered?
To prove a file was not altered, TrueScreen records its hash at the moment of forensic acquisition and binds it to a trusted timestamp. The SHA-256 algorithm produces a unique string: change a single bit and the fingerprint is completely different. To check the file later, you recompute its hash and compare it with the one registered at certification. If the two match, the file is identical to the certified original.
What is a trusted timestamp?
A trusted timestamp is a signed token that binds a file’s hash to a verified date and time. The RFC 3161 Time-Stamp Protocol defines how it works: a timestamping service receives the hash and returns proof that this exact content existed at that instant. A qualified timestamp, issued through an integrated QTSP, gives that date the standing it needs against third parties in a legal context.
How to check if a document has been tampered with?
You compare the document’s current hash with the one recorded when it was certified. Because SHA-256 produces a different fingerprint for any change, even a one-character edit shows up as a mismatch. If the values are identical, the document is intact. If they differ, it was modified after certification, and the chain of custody helps reconstruct the timeline.
Can I certify a photo or video, not just a PDF?
Yes. Certification works on the hash, not on the file type, so it applies to images (JPG, PNG), video (MP4) and audio (MP3) just as it does to a PDF or a DOCX. You can also certify several files of different formats together in one operation, with the same date, time and GPS context binding them.

Certify your files with legal value

Give your files a trusted date, proof of integrity and legal value, in a few steps.

mockup app