C.E.R.T.O.
C.E.R.T.O.
Capture a forensic desktop screenshot — full screen or region — with anti-tampering shielding, a system-environment snapshot and a timestamp, sealed into a verifiable bundle.
C.E.R.T.O.'s Screenshot module captures the computer screen as digital evidence — full screen or region, on any connected monitor. It is not a simple screenshot: the operator only selects the source and triggers the capture, but does not interact with the acquired image, nor can they modify it; together with the image the PC state is acquired (environment, system, monitors) and everything is immediately sealed with hashes, analysis and a double RFC 3161 timestamp. It is the tool for court-appointed and party experts, lawyers and law enforcement who must fix what appears on screen with evidentiary value.
A hand-saved screenshot is an editable file, with no context and no guarantees. Here the image is produced by the system and sealed at once, together with the state of the computer: evidence, not a mere capture.
They only select the monitor or region and trigger the capture: they do not open, retouch or modify the acquired image. There is no manual editing or saving step.
Together with the image, C.E.R.T.O. records the operator environment, the system information and the list of connected monitors with their resolution: the context in which the screen was captured.
The image is produced by the operating system's capture APIs, at each screen's native resolution (e.g. 3840×2160), full screen or by region, on any of the monitors.
Cryptographic and perceptual hashes, forensic analysis, double RFC 3161 timestamp and Ed25519 signature are applied at once: the image is not an editable file, but a closed, verifiable exhibit.
A repeatable, documented procedure: from selecting the source to the cryptographic seal, every step leaves a verifiable trace inside the bundle.
Multi-source NTP sync with documented offset and roundtrip: the moment of capture is anchored.
The operator chooses the monitor (with preview and resolution) or a region; the list of connected displays is detected and documented.
The image is produced by the system's capture APIs at native resolution: no operator interaction with the result.
Snapshot of the operator environment and system information (user, hostname, monitors, OS): the context of the capture.
Cryptographic MD5/SHA-1/SHA-256/SHA-512 hashes and perceptual hashes (aHash/dHash/pHash/wHash) of the captured image.
Forensic image analysis (ELA, histogram, statistics) and generation of a watermarked version alongside the authoritative original.
manifest.json signed with Ed25519 + double RFC 3161 timestamp, packaging into a BagIt 1.0 bundle with a CASE/UCO description and verify.sh / verify.bat verifiers.
Each capture produces a coordinated set of artefacts, each with a precise forensic role, organised into clearly-named folders inside data/.
The screenshot produced by the system, kept as is with its own hash: it is the authoritative media of the bundle, never modified by hand.
evidence/<screenshot>
A C.E.R.T.O.-watermarked copy for review and sharing, with its own hash distinct from the original's.
evidence/<screenshot>_watermarked
The list of connected monitors with resolution and scale factor at capture time: the hardware context of the screen.
metadata/displays.json
The snapshot of the environment and system information (user, hostname, operating system): who performed the capture and where.
reports/system-information.txt
The forensic image analysis (ELA, histogram, statistics) and the perceptual hashes, to document its state and find any modified versions.
reports/analysis/ · hashes/perceptual-hashes.json
The report in PDF and TXT with its own RFC 3161 timestamp and the complete hash inventory (MD5/SHA-1/SHA-256/SHA-512) of all artefacts.
reports/report.pdf · hashes/file-hashes.json
The bundle does not need C.E.R.T.O. to be validated: anyone, even years from now, can verify its authenticity with standard tools. The BagIt 1.0 structure and the interactive dashboard make it self-explanatory.
data/tsa.tsr and outer seal on tagmanifest-sha256.txt.tsr. Free cascade Sectigo→DigiCert→GlobalSign; optional qualified eIDAS InfoCert.Forensic desktop screenshot, non-interactive capture, PC state and bundle verification: the most common questions.
Register for free and download C.E.R.T.O. Desktop for Windows and macOS from your client area.