How the opposing party can verify digital evidence
The real strength of digital evidence is not that you declare it genuine. It is that anyone — including someone hostile to you — can verify it independently, without trusting you. This is the exact opposite of how most digital evidence works.
The "trust" problem
Much digital evidence ultimately asks you to trust whoever presents it. In court that is precisely the other side's foothold: "who says the file is genuine and was not altered?". If the answer is "trust us", the evidence is already in trouble.
Independent verification flips the burden
A C.E.R.T.O. bundle verifies itself. Along with the evidence you hand over the tools to check it: the BagIt bundle contains a verification script (verify.sh for Mac/Linux, verify.bat for Windows) and the certificates it needs (tsa-ca.pem). Anyone, on their own computer and with no internet connection, can run it.
What the verification checks
- the battery of hashes: it recomputes each file's fingerprints and compares them with the sealed ones — if even one bit changed, it shows;
- the double RFC 3161 timestamp: it confirms the capture date (inner anchor) and the sealing date (outer seal) are genuine and certified by a third party;
- the Ed25519 signature: it confirms the bundle was created by that specific device and was not reworked;
- the consistency of the CASE/UCO description: the chain of custody matches the actual files.
At the end, the verification returns a clear result: "BUNDLE VALID" or not valid. No shades to interpret.
Why it changes everything in court
The other side's technical expert does not have to believe your bundle: they re-check it, and either confirm it is genuine or find the tampering. And because the formats are open and standard (BagIt, CASE/UCO, RFC 3161), there is no proprietary black box to attack. The technical debate simply ends.
This is why well-captured evidence cannot be torn down: it does not ask for trust, it proves it. Read more on the chain of custody and why a screenshot alone is not enough.