Witnium logo
WITNIUM. Chain.
Back to Evidence Provenance
For technical teams

Technical Explanation.

How the integrity link between an original file and its Digital Witness Certificate is technically enforced — and how that integrity is later demonstrated in legal or regulatory proceedings.

01

Relationship between the original file and the certificate.

A Digital Witness Certificate does not replace the original file. It establishes a cryptographic reference to the file as it existed at a specific moment in time. The certificate records a mathematical fingerprint of the file, together with a timestamp and system context, that uniquely represents the file's exact content at the moment of capture or ingestion.

02

Creation of the file fingerprint (hash).

When a file enters the system:

  • A cryptographic hash (SHA-256) is computed directly from the file's content.
  • The hash is a deterministic mathematical value derived from the file's bytes.
  • Any modification — including a single pixel change, character edit, or metadata alteration — produces a completely different hash.

The hash therefore functions as a content identity, not a filename or label.

03

Sealing of the fingerprint in the witness record.

The file's hash is included in the Digital Witness record and sealed at the time of capture. The witness record is then recorded in an immutable system log, creating a fixed reference point in time.

  • The witness record cannot be altered without detection.
  • The recorded hash permanently represents the state of the file at capture time.
The certificate thus states: "At this time, a file with this exact fingerprint existed."
04

Evidence Binders and collections.

When multiple files are assembled into an Evidence Binder, each file retains its individual Digital Witness Certificate, and the entire Binder (the collection and structure) is itself sealed as a whole. This creates integrity at two levels: individual file integrity and integrity of the evidence collection. The original files remain unchanged; the Binder documents their verified relationship.

05

Demonstrating integrity at a later point in time.

At any later stage — including litigation or regulatory review — integrity is demonstrated as follows:

  • 01The original file is presented.
  • 02A SHA-256 hash is recomputed from that file.
  • 03The resulting hash is compared to the hash recorded in the Digital Witness Certificate.
Hashes match — the file is proven identical to the original.
Hashes differ — the file was altered, replaced, or tampered with.

The comparison is objective, repeatable, and does not rely on trust in any party.

06

Independence from custody and systems.

The method does not depend on who stored the file, how it was transmitted, or which system currently holds it. Integrity is verified solely by comparing the file's current fingerprint to the fingerprint sealed at witness time.

Verification can be performed independently of the original system that issued the certificate.
07

Comparison to traditional chain-of-custody methods.

Traditional digital evidence handling relies on manual chain-of-custody records, process documentation, and witness testimony. Digital Witness Certificates complement these methods by adding content-level verification, where the integrity of the file itself is mathematically provable.

08

Summary.

  • The original file and the certificate are linked through a cryptographic fingerprint.
  • The fingerprint is sealed at a known point in time.
  • Any later file can be proven identical — or not — by recomputing and comparing the fingerprint.
  • Alteration, substitution, or tampering cannot occur without detection.
Related
Independent Verification Certificate Glossary Expert Explanation

Want this in front of a regulator or court?

Get access now Talk to compliance