Certification & Online Trace Collection · service active
WACZ · ISO 28500/ eIDAS timestamping/ Client area
C.E.R.T.O.
Sign in Register free
IT EN
C.E.R.T.O. / How it works

How a piece of digital evidence is built.

Beneath every acquisition lies the same architecture: first each module collects the content and its metadata read-only and computes its fingerprints, then everything is sealed into a BagIt bundle signed with Ed25519, anchored in time by a double RFC 3161 timestamp and described in CASE/UCO. Here we explain it step by step, with the diagrams and the reference standards.

Architecture

Three phases, one chain.

From per-module collection to the cryptographic seal, down to a verification anyone can reproduce — even offline and without C.E.R.T.O.

1ACQUISITION9 forensic modulesread-only accessNTP · IP · environmentMD5·SHA-1·256·5122FORENSIC SEALBagIt 1.0 · RFC 8493Ed25519 sig · RFC 8032double RFC 3161 stampCASE 1.3 / UCO 1.43VERIFICATIONverify.sh / verify.batinteractive.htmlrecompute hash + signatureoffline, no C.E.R.T.O.
Phase 1 is module-specific (what is accessed and captured differs between a web page and a chat); phases 2 and 3 are identical for all: the same bundle, the same seal, the same verification. This uniformity is what makes every exhibit comparable and admissible.
Phase 1 · Acquisition

How each module builds the acquisition.

All modules share the same forensic skeleton; only the way they access the source and the captured artefacts change.

01NTPmulti-source sync02Public IP+ operator env03Source accessread-only04Captureartefacts + metadata05Hash ×4MD5·SHA-1·256·51206Stagingready for BagItCOMMON SKELETON ACROSS ALL 9 MODULES
Time is anchored via multi-source NTP with a documented offset; source access is always non-altering (read-only, copy-only); every artefact gets four MD5/SHA-1/SHA-256/SHA-512 fingerprints (FIPS 180-4). Only steps 03 and 04 — highlighted — change from module to module.
Module How it accesses (03) What it captures (04) Module-specific standards & formats
Web pages Instrumented forensic browser; navigation confined to the declared scope Rendered HTML, DOM snapshot, WACZ archive, viewport/full-page screenshots, video, HAR traffic, DNS/WHOIS/traceroute, TLS certificates, cookies WACZ · WARC (ISO 28500) · HAR · RFC 8446 (TLS 1.3)
Files Download of the exact byte-stream delivered by the server (HTTP/HTTPS) Original file, HTTP headers, server IP, TLS certificates, EXIF/XMP/IPTC metadata and document properties RFC 9110 (HTTP) · FIPS 180-4 · EXIF · XMP (ISO 16684)
Email / PEC IMAP read-only: EXAMINE + BODY.PEEK (flags unchanged) Original EML (headers, body, attachments), DKIM/SPF/DMARC check; for PEC the envelope, daticert.xml and the provider S/MIME signature RFC 3501 (IMAP) · RFC 5322 · RFC 6376 (DKIM) · S/MIME · AgID PEC
WhatsApp WhatsApp Web: account linked via QR, instrumented web client Messages, media and attachments, account/session metadata (cookies, localStorage, IndexedDB), video of the whole session RFC 6455 (WebSocket) · FIPS 180-4
Telegram Telegram Web: linked account; private chats, groups, supergroups and channels Messages (text, date, author), media, session metadata and video of the whole session FIPS 180-4 · instrumented web client
Images Image file supplied by the operator (no alteration of the file) EXIF/IPTC/XMP and GPS metadata, perceptual hashes, histogram, ELA, Luminance Gradient, Level Sweep, JPEG quantization tables, C2PA provenance EXIF · XMP (ISO 16684) · C2PA · perceptual hashes
Screenshot System-level screen capture: the operator does not interact with the image Image (full screen or region, multi-monitor), PC and display state, cryptographic and perceptual hashes FIPS 180-4 · perceptual hashes
FTP / SFTP Read-only access to FTP/FTPS/SFTP; recursive copy of the remote filesystem Copied files with folder structure, server tree map, connection and protocol info RFC 959 (FTP) · RFC 4253 (SSH/SFTP) · TLS
Cloud Authenticated OAuth access to Google Drive, Dropbox, OneDrive (no password stored) Files with provider-side hash reconciliation, sharing/exposure, revisions, trash, API log RFC 6749 (OAuth 2.0) · provider content-hash · FIPS 180-4
Phase 2 · Bundle

The BagIt bundle, brick by brick.

The acquired artefacts become the payload of a BagIt 1.0 bundle (RFC 8493): a structure of files and manifests that fixes what the exhibit contains and guarantees its fixity.

data/ — payload (the exhibits) evidence/ · acquired contentreports/ · PDF/TXT reportshashes/ · hash inventorynetwork/ · logs/ · metadata/manifest.json · Ed25519-signedinteractive.html · tsa.tsr control (tag) files bagit.txt · version + encodingbag-info.txt · Payload-Oxummanifest-sha256.txt → payload fixitytagmanifest-sha256.txt → tag fixitytsa-ca.pem · verify.sh / .bat SHA-256 BagIt 1.0 · RFC 8493 — the manifest lists the hash of every payload file; the tagmanifest does the same for the control files
bagit.txt declares the version and encoding; bag-info.txt carries the Payload-Oxum (byte sum and file count, a completeness check). The manifest-sha256.txt holds the SHA-256 hash of every file in data/: regenerating it reveals any addition, removal or change. The tagmanifest-sha256.txt extends the same guarantee to the control files.
Seal · Identity

Ed25519 signature bound to the device.

The exhibit manifest is signed with an Ed25519 key generated on the device and registered at first launch: it binds the acquisition to a verifiable identity.

DEVICE KEY Ed25519 · registered at 1st launch RFC 8032 / RFC 8410 manifest.json exhibit digest (SHA-256) Ed25519 sign private key × digest 64-byte signature embedded in the manifest
Ed25519 (RFC 8032, Edwards Curve25519) produces a compact 64-byte signature, fast to verify and resistant to implementation pitfalls. The device public key — enrolled at first launch (RFC 8410) — lets one ascertain which C.E.R.T.O. installation sealed the exhibit, without depending on an external PKI.
Seal · Time

Double RFC 3161 timestamp.

Two independent timestamps anchor the exhibit in time: one inner on the payload and one outer on the whole bundle, each issued by a Time-Stamping Authority (TSA).

INNER STAMP hash(manifest / payload) → data/tsa.tsr OUTER SEAL hash(tagmanifest-sha256.txt) tagmanifest-sha256.txt.tsr TSA RFC 3161 · token Free cascade Sectigo → DigiCert → GlobalSign automatic fallback if a TSA is down Qualified option InfoCert · qualified eIDAS timestamp
An RFC 3161 stamp is a TSA-signed token attesting “this digest existed at this instant”. The inner stamp gives the payload a certified date even outside the bundle; the outer seal locks the overall BagIt composition. The free cascade ensures robustness; with the InfoCert option the stamp is qualified eIDAS (EU Reg. 910/2014, ETSI EN 319 422), with strengthened evidentiary effect in the EU.
Seal · Semantics

CASE / UCO description.

Beyond the files, the exhibit is described in a standard semantic graph (JSON-LD): what was acquired, with which tool, by whom, when and with what fingerprints.

Traceuco:File / TraceHashuco:Hash (SHA-256)ToolC.E.R.T.O. · uco:ToolActioncase:InvestigativeActionIdentityuco:Identity (operator)Provenancecase:ProvenanceRecord
CASE (Cyber-investigation Analysis Standard Expression, v1.3) and UCO (Unified Cyber Ontology, v1.4) are JSON-LD ontologies shared by the forensic community (and aligned with NIST work). The metadata/evidence.case.jsonld file makes the exhibit interoperable: other tools can read, correlate and validate it unambiguously, linking file, hash, tool, operator, action and provenance into a single graph.
Phase 3 · Verification

Evidence anyone can re-check.

The bundle proves itself: the included verifiers redo the maths and declare whether the exhibit is intact — without C.E.R.T.O. and without the internet.

verify.sh / .bat interactive.html Recompute hash== manifestEd25519 signaturevalidRFC 3161 stampverified (.tsr) VALID BUNDLE intact and time-anchored
The verifiers recompute the hashes and compare them with the manifests, check the Ed25519 signature and validate the RFC 3161 stamps with the bundled tsa-ca.pem (so even offline). If everything matches, they declare “VALID BUNDLE”; if even a single byte changed, verification fails and flags it. The same check can be reproduced by hand with openssl and standard BagIt tools: no lock-in.
References

The standards it rests on.

No proprietary invention: every component of the bundle relies on a public, verifiable standard.

RFC 8493

BagIt 1.0 — bundle structure and fixity manifests

FIPS 180-4

Secure Hash Standard — SHA-1/256/512 (+ MD5, RFC 1321)

RFC 8032 / 8410

EdDSA Ed25519 signature and key identity

RFC 3161

Time-Stamp Protocol — TSA timestamp

eIDAS · ETSI EN 319 422

EU qualified timestamp (Reg. 910/2014) — InfoCert option

CASE 1.3 · UCO 1.4

JSON-LD forensic ontologies for exhibit description

ISO/IEC 27037

Guidelines for identification, collection and preservation of digital evidence

ISO 28500 · WACZ

WARC and Web Archive (WACZ) for web page acquisition

RFC 3501 · 6376

IMAP (read-only) and DKIM for email/PEC acquisition

RFC 6749

OAuth 2.0 for authenticated access to cloud accounts

EXIF · XMP (ISO 16684) · C2PA

Image and document metadata and provenance

NTP (RFC 5905)

Multi-source time synchronisation with documented offset

Evidence that holds up in court.

Register for free and apply the same forensic architecture to every acquisition, on Windows and macOS.

Register free All modules