Download and seal a file published online, documenting its origin, network path and bit-for-bit integrity.
C.E.R.T.O.'s Files module performs the forensic download of remote files: it downloads the exact byte-stream delivered by the server — a PDF, an image, an Office document, audio, video, an archive — and seals it as digital evidence with cryptographic hashes, HTTP headers, TLS certificates and a double RFC 3161 timestamp. It is designed for court-appointed and party experts, lawyers and law enforcement who need to freeze a file published online — a photo, a price list, a contract, a document — with a full chain of custody and verifiable integrity.
A repeatable, documented procedure: from synchronised time to the cryptographic seal, every step on the downloaded file leaves a verifiable trace inside the bundle.
Multi-source NTP sync (Google/Cloudflare/pool) with documented offset and roundtrip: the moment of download is anchored.
DNS resolution of the host, WHOIS query, server IP and capture of the TLS certificate chain: the file's origin is documented.
Download of the file exactly as delivered by the server, without alterations. With CDN/anti-bot in place (Cloudflare, Akamai…) C.E.R.T.O. solves the challenge and discloses it in the report.
Recording of the request and response HTTP headers (Content-Type, Content-Length, ETag, Last-Modified, server): the transfer context is preserved.
Single-pass streaming computation of MD5 + SHA-1 + SHA-256 + SHA-512 (FIPS 180-4): four fingerprints that uniquely identify the file.
Extraction of embedded metadata: EXIF/XMP/IPTC for images, properties and any signatures for documents, with GPS and creation/modification dates.
Generation of the forensic report (PDF + TXT) and RFC 3161 timestamp on the report — free cascade Sectigo→DigiCert→GlobalSign, optional qualified eIDAS InfoCert.
manifest.json signed with Ed25519 (RFC 8032) bound to the device + double RFC 3161 timestamp (inner anchor on the manifest, outer seal on the tag-manifest).
Everything is packaged into a BagIt 1.0 bundle (RFC 8493) with a CASE/UCO description and verify.sh / verify.bat verifiers.
Each file acquisition produces a coordinated set of artefacts, each with a precise forensic role, organised into clearly-named folders inside data/.
The exact byte-stream delivered by the server, kept under its original name — it is the sealed media of the bundle, authoritative and not re-processed.
evidence/<file>
The MD5/SHA-1/SHA-256/SHA-512 quadruple of cryptographic hashes for the file and every artefact: the basis for an integrity check repeatable by anyone.
hashes/file-hashes.json
The request and response HTTP headers of the transfer: Content-Type, Content-Length, ETag, Last-Modified, server and cache — the technical context of the download.
network/http-headers.txt
The full X.509 chain (leaf + intermediates + root, in PEM and human-readable) of the host the file was downloaded from, with certificate details.
tls/certificates/
The embedded metadata extracted from the file: EXIF/XMP/IPTC for images (camera, GPS, dates), properties and any digital signatures for documents.
reports/metadata-report.txt
DNS resolution, WHOIS registry query (domain owner and registration data) and a map of the network hops from client to host.
network/dns-lookup.txt · whois.txt · traceroute.txt
The report in PDF and TXT (operator, URL, IP, NTP, SSL, size, hashes, forensic statements) with its own RFC 3161 timestamp (report.tsr).
reports/report.pdf · report.txt · report.tsr
A snapshot of the operating environment at acquisition time and the chronological log of every step of the procedure, for full traceability.
reports/system-information.txt · logs/acquisition-log.txt
The bundle does not need C.E.R.T.O. to be validated: anyone, even years from now, can verify its authenticity with standard tools. The BagIt 1.0 structure and the interactive dashboard make it self-explanatory.
data/tsa.tsr and outer seal on tagmanifest-sha256.txt.tsr. Free cascade Sectigo→DigiCert→GlobalSign; optional qualified eIDAS InfoCert.Forensic file download, evidence validity, supported file types and bundle verification: the most common questions.
Register for free and download C.E.R.T.O. Desktop for Windows and macOS from your client area.