Threat & Failure Model.
What the method defends against, and what it explicitly does not. Courts and regulators expect clarity on both protections and limits — this section defines both.
Threats addressed by Digital Witness.
The method is designed to detect and prevent:
Visual — tampering detection.
Original File ─▶ Hash A ─▶ Witness ✓ Modified File ─▶ Hash B ✖ Verification fails
Even a single-byte change produces a completely different hash, making any modification immediately detectable.
Threats outside the scope.
Digital Witness does not attempt to solve:
- ×False input at the moment of capture.
- ×Physical-world manipulation before capture.
- ×Human intent, motive, or interpretation.
Compliance perspective.
Courts and regulators appreciate transparency about what a system does and does not claim to prove.
Court-facing summary.
The Digital Witness method is designed to detect and prevent post-capture manipulation of digital evidence. It reliably detects file modification, silent substitution, timestamp manipulation, and unauthorised alteration by system operators or administrators. Any such action results in verification failure.
The method does not address threats outside its intended scope, including false or misleading input at the moment of capture, physical-world manipulation prior to capture, or questions of human intent or interpretation. These limitations are consistent with traditional evidence handling, where integrity of the record is distinct from assessment of meaning or intent.
By clearly defining both its protections and its boundaries, the method aligns with established evidentiary principles and avoids overstatement of its capabilities.
Want this in front of a regulator or court?