Page Vault vs TrueScreen: Web Evidence Capture Compared
Law firms and compliance teams capture web evidence daily: intellectual property disputes, regulatory compliance checks, contractual conflicts. Page Vault, with over 1,600 monthly brand searches in the United States alone (DataForSEO 2026 data), is the most searched tool in the North American market. But what happens when that evidence needs to hold up in a European court or an international arbitration?
The issue is not screenshot quality. It is the underlying evidentiary standard. An SHA-256 hash with an affidavit satisfies the U.S. Federal Rules of Evidence, but it does not carry the legal presumption that the eIDAS regulation grants to qualified timestamps. For anyone operating in Europe or handling cross-border disputes, this difference changes the procedural weight of collected evidence.
This article examines the concrete differences between Page Vault and TrueScreen in web evidence capture and certification: acquisition methods, legal standards, data residency.
What Page Vault offers: web evidence capture for the U.S. market
Page Vault is a web content capture service designed for legal professionals in the United States. It offers two operational modes: Page Vault Browser, a cloud-based software for self-service captures, and Page Vault On Demand, a managed service where the Page Vault team performs captures on behalf of the client. On Capterra, it ranks among the most reviewed solutions in the U.S. legal tech segment.
Capture methods and output formats
The software captures web pages as they appear in the browser and produces PDFs with a metadata cover sheet and footer on every page. Output formats include PDF, e-Discovery files, and video. Automated social media capture can acquire complete profiles including comments and embedded video. Since 2025, Page Vault has added scheduled captures (daily, weekly, monthly) for ongoing monitoring and a browser extension for quick captures.
SHA-256 hashing and affidavit authentication
Each capture generates an SHA-256 hash that records the exact state of the file at the moment of acquisition. Even a minor modification produces a completely different hash. For courtroom authentication, Page Vault offers affidavits on request, admissible under Federal Rule of Evidence 901(b)(9): if a software process produces accurate and repeatable results, its outputs are admissible. Collected metadata includes timestamp, source URL, IP address, and browser version. As explained in the Page Vault technical blog, SHA-256 was chosen for its balance between collision resistance and computational speed.
Pricing model and target market
Software packages start at $195 per month for a single concurrent user. The On Demand service starts at $149 per capture, with custom quotes for complex projects. Storage is unlimited for browser software clients. The target market comprises U.S. law firms, IP enforcement teams, and compliance departments operating within the Federal Rules of Evidence framework.
Where the evidentiary standard diverges
The substantive difference between Page Vault and TrueScreen is not about the interface or ease of use. It is about the level of legal assurance the acquisition process attaches to collected evidence. On this point, the two tools belong to different categories.
SHA-256 hash vs eIDAS qualified timestamp
An SHA-256 hash proves a file existed in a certain form at a certain moment. However, it does not establish who created it, on which device, or under what circumstances. And it does not indicate whether the content had already been altered before hashing. It is proof of integrity, not of authenticity at the source.
A qualified timestamp, issued by a Qualified Trust Service Provider (QTSP) under the eIDAS regulation, works differently. According to Signaturit's analysis of qualified timestamps, this certification carries a legal presumption of accuracy. The burden of proof is reversed: it falls on the party contesting validity to demonstrate tampering.
FRE 901(b)(9) vs eIDAS Article 42: the gap in legal presumption
Federal Rule of Evidence 901(b)(9) requires that a software process produce accurate and repeatable results. This is an admissibility standard, not a presumption. A judge may accept the evidence, but the opposing party can challenge its reliability without a particularly heavy evidentiary burden.
Article 42 of the eIDAS regulation establishes that a qualified timestamp enjoys a presumption of accuracy regarding the date, time, and integrity of associated data. This presumption applies across all EU Member States. According to Global Trust, this represents the highest level of temporal certainty available under the European legal framework.
Affidavit vs QTSP certification report
A Page Vault affidavit is a sworn statement from the service provider, admissible under U.S. procedural rules. It holds value within the American legal system, but outside that perimeter its effectiveness depends on local recognition of U.S. legal standards.
A QTSP certification report differs in substance. It carries intrinsic evidentiary value recognized throughout the EU. It does not rely on the credibility of the service provider but on the process's compliance with eIDAS requirements, independently verifiable by any party.
What forensic-grade web acquisition requires
Taking a screenshot is trivial. Producing web evidence that withstands a thorough forensic analysis is an entirely different matter. The distance between a hashed screenshot and a complete forensic acquisition is measured in metadata: how much, how detailed, and how verifiable the process that generated it.
Forensic metadata beyond the screenshot
A forensic acquisition records the visible page content, but also the live and original server HTML source code, the complete MHTML archive, active cookies, browser fingerprint, domain DNS resolution, server and hosting provider IP address, operator geolocation, and VPN/proxy detection status. With this data, a forensic analyst can reconstruct the exact conditions under which the evidence was acquired.
Network traffic capture and TLS verification
Network traffic captured in PCAP format (via tcpdump or dumpcap) documents all communications between browser and server. An analyst can verify TLS handshakes, identify SSL interception proxies, and confirm that no intermediary altered data during transmission. SSL certificates from every visited site are saved as PEM files with the complete chain, comparable against public Certificate Transparency logs.
Video recording with continuous audit trail
Video recording at 16 frames per second with audio capture documents the entire browsing session without interruption. The video shows what a single screenshot cannot: the operator's interaction with the page over time, scrolling, dynamic content loading, changing content. Every action is logged in an immutable audit trail with dual timestamps: local clock and NTP-verified time from four independent servers.
EU data residency and GDPR compliance for web evidence
For European organizations, the choice of web evidence capture tool directly affects GDPR compliance. Where data is stored and under which jurisdiction the provider operates are two questions that determine who can access collected evidence.
CLOUD Act exposure with U.S.-based providers
The 2018 CLOUD Act authorizes U.S. authorities to request data from companies headquartered in the United States, regardless of where servers are physically located. As documented by Exoscale in its CLOUD Act vs GDPR analysis, this regulation directly conflicts with the GDPR, which prohibits transferring European citizens' data to jurisdictions with lower protection standards. When web evidence contains personal data (social media profile screenshots, communications, identity documents), using a provider subject to the CLOUD Act creates a concrete compliance risk.
Data sovereignty vs data residency
Data residency indicates where data is physically stored. Data sovereignty indicates which legal jurisdiction applies. A European provider with servers in Europe offers both guarantees. A U.S. provider with European servers offers geographic residency but remains subject to U.S. jurisdiction. TrueScreen, as a European company (TrueScreen S.r.l.) with EU infrastructure, guarantees both residency and sovereignty without the risk of extraterritorial access.
How TrueScreen Forensic Browser captures and certifies web evidence
TrueScreen Forensic Browser is a desktop application for macOS and Windows that captures, documents, and certifies web pages with forensic integrity and legal validity. It is neither a browser extension nor a cloud-based solution: it is a standalone application with an architecture built to prevent any content alteration, whether by the operator or third parties.
Standalone forensic browser with tamper-proof architecture
DevTools are permanently disabled. Dangerous CLI flags are blocked at startup. External library injection is detected and the application package is verified at every launch. Each session starts with complete clearing of all browsing data: cookies, localStorage, cache. The operator must accept a legal declaration attesting they have not altered the system, and this acceptance is recorded in the certification report.
Dual capture mode: screenshots and video recording
Two modes. Screenshot capture acquires viewport and full-page screenshots, HTML source code, MHTML archive, cookies, and browser fingerprint for each visited page. Video recording captures the entire session at 16 fps with audio and allows on-demand snapshots during recording. Each screenshot is hashed with SHA-512 and stamped with dual timestamps (local and NTP-verified).
QTSP seal and eIDAS-compliant certification
At session end, all data is packaged in a structured ZIP archive, digitally signed with an installation-specific RSA-2048 key, and uploaded to the TrueScreen platform. The report is sealed and timestamped by a QTSP under the eIDAS regulation, with full legal and evidentiary value across all EU Member States. The final package contains the original evidence, PDF and JSON reports, and the qualified electronic seal with timestamp.
Comparison table: Page Vault vs TrueScreen
| Criteria | Page Vault | TrueScreen |
|---|---|---|
| Evidentiary standard | SHA-256 hash + affidavit (FRE 901(b)(9)) | eIDAS qualified timestamp (Art. 42) + QTSP seal |
| Legal presumption | No: admissibility subject to judge's assessment | Yes: presumption of accuracy across all EU Member States |
| Forensic metadata | URL, IP, timestamp, browser version | Live/original HTML, MHTML, cookies, DNS, PCAP, TLS certificates, geolocation, VPN detection |
| Video recording | Yes (social media capture) | Yes: 16 fps with audio, continuous audit trail, dual NTP timestamp |
| Data residency | USA (subject to CLOUD Act) | EU (TrueScreen S.r.l., European infrastructure) |
| Architecture | Cloud-based browser + managed service | Standalone desktop application (macOS/Windows) |
| Indicative pricing | From $195/month (software) or $149/capture (on demand) | Certification credit model, custom plans by volume |