C.E.R.T.O.
C.E.R.T.O.
Seal Telegram chats, groups and channels, preserving messages, media and metadata in a verifiable way.
C.E.R.T.O.'s Telegram module performs the forensic acquisition of Telegram chats, groups and channels operating from Telegram Web: once the account is linked, it captures the messages (with date, time and author), the media (photos, videos, audio, documents) and the session metadata, while recording a video of the whole session. It acquires private chats, groups, supergroups and channels. Everything is sealed as digital evidence with a per-element hash, a double RFC 3161 timestamp and an Ed25519 signature. On Telegram a message can be “deleted for everyone” at any time and a channel can vanish: it is the tool for court-appointed and party experts, lawyers and law enforcement who must freeze the content before it changes.
Telegram messages live in the service's cloud, but stay at the mercy of whoever wrote them: a message can be “deleted for everyone” at any time, a channel or group can vanish, and secret chats self-destruct. Acquiring them promptly fixes them while they exist.
Unlike other platforms, on Telegram a message can be deleted for all participants at any time, even years later. What has been acquired and sealed, however, stays in the bundle, with a certified date.
A public channel or a group can be wiped, made private or deleted by its admins. Freezing its content beforehand is often the only way to preserve it as evidence.
Secret chats are end-to-end encrypted, device-bound and have a self-destruct timer: content disappears on its own. If not acquired in time, the evidence vanishes.
The acquisition is recorded in full as a video: it transparently documents what the operator saw and did, from linking to chat capture, strengthening genuineness and repeatability.
C.E.R.T.O. operates via Telegram Web: you link the account — just like for normal use on the computer — while the software extracts the messages, media and metadata of the selected chats and records the entire session.
You link your account to Telegram Web, exactly as in everyday use on the computer.
From start to finish, the screen is recorded as a video: every operation performed during the acquisition is documented and repeatable.
Private chats, groups, supergroups and channels of the account are listed and you choose those to acquire, with the option to download media.
Extraction of messages (text, date, time, author) and download of media and attachments, before they can be removed.
Telegram is not only private messaging: channels with thousands of subscribers and large groups can hold hundreds of media. C.E.R.T.O. acquires them all at a flat rate, whatever the volume.
One-to-one conversations, with the messages, media and metadata of both parties, in their original order.
Group discussions, with each message attributed to its author and all the shared media.
Broadcast channels, even with thousands of subscribers: the published posts, the media and the metadata, frozen before they change.
5 slots (+2 with a qualified eIDAS InfoCert timestamp), independent of the number of messages and media: a channel with thousands of items costs the same as a short chat.
The bundle includes an interactive dashboard: the conversation is faithfully reconstructed (bubbles, dates, authors) and all the captured media are gathered in a gallery, each with its own hashes and clickable for preview.
Text, date, time and author of every message, in the original order of the conversation, for private chats, groups and channels.
Downloaded images, videos, audio and documents, gathered in a filterable gallery openable from the dashboard, each with its own hashes.
The account identifiers, the platform and the technical context of the web client at acquisition time.
Every step of the acquisition is recorded with a timestamp: a complete, verifiable trace of how it was carried out.
A repeatable, documented procedure: from synchronised time to the cryptographic seal, every message and every media item leaves a verifiable trace inside the bundle.
Multi-source NTP sync with documented offset: the acquisition window is anchored.
Linking the account to Telegram Web and starting the video recording of the whole session.
Capture of account and session metadata and of the web client state (cookies, storage) at acquisition time.
Extraction of the messages of the selected chats, groups and channels, with date, time, author and original order.
Download of the media and attachments and computation of MD5/SHA-1/SHA-256 for each item.
manifest.json signed with Ed25519 + double RFC 3161 timestamp, packaging into a BagIt 1.0 bundle with a CASE/UCO description and verify.sh / verify.bat verifiers.
Each acquisition produces a coordinated set of artefacts, each with a precise forensic role, organised into clearly-named folders inside data/.
The acquired chats, groups and channels in browsable HTML and structured JSON: text, date, time, author and media references, in their original order.
evidence/chats/
Photos, videos, audio and documents downloaded from the chats, preserved in their original format: the authoritative media of the bundle.
evidence/media/
The video of the entire acquisition session (.webm) and the extracted frames: the transparent proof of how the operation was carried out.
evidence/session/recording.webm
The account and session metadata and the web client state: cookies and storage at acquisition time, with the list of available chats.
evidence/session/ · network/
The hashes (MD5/SHA-1/SHA-256) of every media item and every artefact of the bundle: the fingerprint that proves their integrity.
hashes/media-hashes.json
The forensic report (PDF/TXT) with its own RFC 3161 timestamp and the detailed acquisition log, event by event, with timestamps.
reports/report.pdf · acquisition-log.txt
The bundle does not need C.E.R.T.O. to be validated: anyone, even years from now, can verify its authenticity with standard tools. The BagIt 1.0 structure and the interactive dashboard make it self-explanatory.
data/tsa.tsr and outer seal on tagmanifest-sha256.txt.tsr. Free cascade Sectigo→DigiCert→GlobalSign; optional qualified eIDAS InfoCert.Telegram acquisition from Telegram Web, channels and groups, message deletion, cost and bundle verification: the most common questions.
Register for free and download C.E.R.T.O. Desktop for Windows and macOS from your client area.