Certification & Online Trace Collection · service active
WACZ · ISO 28500/ eIDAS timestamping/ Client area
C.E.R.T.O.
Sign in Register free
IT EN
C.E.R.T.O. / Guides / Web pages

Capturing a web page as evidence

Web pages · 29 June 2026 · C.E.R.T.O.

A listing, a post, a price, a review: a web page can be decisive in a case. The trouble is that it is also the most volatile evidence there is — whoever published it can edit or delete it in seconds, and what you wanted to prove disappears with it.

Online there is no paper original to lock in a safe. If you don't freeze the page at the right moment, and in the right way, it simply ceases to exist.

Why "saving" or printing the page is not enough

The common shortcuts — saving with the browser, printing to PDF, a screenshot — all produce the same weak result: a file you created, editable, with no certain date and no proof of origin. They share the same fragility as a screenshot: they show what you saw, not when, where from, and that nobody touched them.

What capturing a page forensically actually means

Capturing a page is not photographing its visible surface, but also capturing the technical substructure that produces it: the page code, the loaded resources, the network data and proof of which server served it. That is the set that makes the exhibit defensible.

What the C.E.R.T.O. Web module captures

With the Web pages module, besides full-page screenshots and an optional navigation video, C.E.R.T.O. saves:

  • a WACZ web archive — an offline, browsable copy of the page, not a flat picture: you can reopen and inspect it as if it were the live site;
  • the HAR, i.e. a recording of the HTTP traffic (every request and response exchanged with the server): the technical proof of what the server actually sent;
  • the provenance data: the DNS record (which IP the domain answers from), the WHOIS (who registered the domain) and the site's TLS certificate (the HTTPS "padlock" that ties that content to that domain at that moment).

The three pillars that make it disputable-proof

Everything captured is then sealed with three technical elements:

  • a battery of hashes (several digital fingerprints computed with different algorithms — MD5, SHA-1, SHA-256, SHA-512): if even one bit changes, the fingerprints no longer match and tampering becomes obvious;
  • an RFC 3161 timestamp (a date certified by an independent third party, not your PC's clock), with the option of a qualified eIDAS timestamp for full legal weight in the EU;
  • a chain of custody described in the CASE/UCO standard: who captured it, with which tool and when.

The result: an exhibit anyone can verify

It is all packaged into a BagIt bundle (an international standard for digital exhibits) that includes a verification script: anyone — including the opposing party — can independently re-check its integrity, offline. If the page disappears tomorrow, your exhibit stays valid and verifiable by anyone.

Read more: what a chain of custody is and why evidence fails without it.

Keep reading