How to Authenticate Web Evidence That Survives Cross-Examination
Screenshots get challenged. Evidence packages with SHA-256 hashes, blockchain timestamps, and independently verifiable chain of custody don't. Here's how to capture web evidence that holds up under FRE 901 and eIDAS 910/2014.
KEY FACTS Web Evidence Authentication — What Courts Require
- Plain screenshot admissible?
- Increasingly challenged
- US standard
- FRE 901(b)(9)
- EU standard
- eIDAS 910/2014
- International standard
- ISO/IEC 27037:2012
- Hash algorithm required
- SHA-256
- ProofSnap vs Page Vault
- $8.99/mo vs $195/mo
- Open-source verification
- ProofSnap only
- Key case law
- US v. Vayner (2d Cir.)
In This Article
To authenticate web evidence that survives cross-examination, capture a forensic evidence package containing SHA-256 hashes, an RSA-4096 digital signature, an independent blockchain or eIDAS timestamp, and ISO/IEC 27037 chain of custody documentation — then verify it with an open-source tool.
You captured a web page for a case. Maybe it was a defamatory post, a listing with false claims, a social media threat, or terms of service that changed overnight. You took a screenshot.
Then opposing counsel stood up and said: "Your Honor, this is just a JPEG file. There is no way to verify when it was taken, whether it has been altered, or that it accurately represents the web page as it appeared at that time."
If that scenario sounds familiar, you are not alone. Courts are increasingly skeptical of plain screenshots as evidence — and for good reason.
Why Screenshots Fail Under FRE 901
Under Federal Rules of Evidence 901(b)(9), digital evidence must be authenticated by "evidence describing a process or system and showing that it produces an accurate result." A screenshot fails this standard on four counts:
- No timestamp verification. Your device clock can be changed before taking a screenshot. There is no independent proof of when the capture occurred.
- No integrity proof. A screenshot is a pixel array — it can be edited in any image editor with zero forensic trace. There is no way to prove it has not been altered.
- No metadata. A screenshot contains no information about who captured it, from what device, what URL was visited, or what the TLS certificate of the site was.
- No chain of custody. There is no documentation of how the evidence was handled between capture and presentation in court.
Courts have repeatedly excluded or questioned screenshot evidence:
- United States v. Vayner (2d Cir. 2014) — Printout of a social media page excluded because "the proponent failed to show that the page accurately reflected the defendant's page at the relevant time."
- Griffin v. State (Md. 2011) — Maryland Court of Appeals warned that courts should be "particularly cautious in admitting evidence from modern communication technologies, which can be easily fabricated."
- Lorraine v. Markel (D. Md. 2007) — Landmark ruling establishing a five-part framework for authenticating digital evidence, including requiring evidence of the system's accuracy and reliability.
- Laughner v. State (Ind. 2015) — Court held that simply printing a web page is insufficient without testimony about the reliability of the capture process.
The trend is clear: as deepfakes and AI-generated content become more sophisticated, courts are raising the bar for digital evidence authentication. A screenshot with no metadata, no hash, and no chain of custody is no longer sufficient for contested matters.
See exactly what a court receives
Download a real evidence package — the same ZIP that gets submitted as proof. Or send any URL to support@getproofsnap.com and we'll capture it for you free.
Download Sample PackageWhat Courts Actually Want
The solution is not a better screenshot. It is a forensic evidence package — a bundle of files that together prove what a web page contained, when it was captured, and that nothing has been altered since.
| Authentication Requirement | Screenshot | ProofSnap Evidence Package |
|---|---|---|
| Timestamp verification | Device clock (changeable) | Bitcoin blockchain + eIDAS QTSP |
| Integrity proof | None (editable pixels) | SHA-256 hash + RSA-4096 signature |
| Source metadata | None | URL, TLS cert, HTTP headers, DNS |
| Chain of custody | None | ISO/IEC 27037 forensic log |
| HTML source preserved | No | Yes (full page source) |
| Independent verification | Impossible | Open-source tool (MIT) |
What's in the Evidence Package
Every ProofSnap capture produces a ZIP containing 13 files:
The Weak Link: Who Verifies the Verifier?
Evidence tools like Page Vault ($195/month) and Hunchly ($130/year) create evidence packages. But they all share the same vulnerability: verification depends on the vendor.
When opposing counsel asks "How do we know this evidence package is valid?", the answer with proprietary tools is: "The vendor's software says so." That is a circular argument. You are asking the court to trust a commercial entity that has a financial interest in its product working correctly.
This is why we open-sourced our verification tool.
Independent Verification: Anyone Can Check, No One Has to Trust
proofsnap-verify is a standalone, open-source tool (MIT license) that independently verifies every ProofSnap evidence package. It runs five cryptographic checks:
- Digital signature — RSA-4096 signature verification of the manifest
- File integrity — SHA-256 hash recomputation for every file in the package
- Forensic log integrity — hash chain validation per ISO/IEC 27037
- Bitcoin blockchain timestamp — OpenTimestamps proof verified against calendar servers
- EU qualified timestamp — eIDAS RFC 3161 timestamp with offline certificate chain validation
The tool has no connection to ProofSnap. It does not contact our servers. It uses only standard cryptographic algorithms (SHA-256, RSA) that any forensic expert can audit. The source code is publicly available and MIT-licensed.
"Your Honor, the verification tool is open source. Opposing counsel's forensic expert can inspect every line of code, run the verification independently, and confirm the results. No trust in ProofSnap is required."
That is a fundamentally stronger position than "the vendor says it works."
How Your Paralegal Uses It (Two Options)
Option 1: Drag and Drop (30 Seconds)
Open the online verifier in any browser. Drag the evidence ZIP onto the page. Results appear immediately. The file never leaves the browser — everything runs client-side.
This is ideal for quick verification before filing or during deposition preparation.
Option 2: Command Line (For Forensic Experts)
For full Bitcoin blockchain verification, forensic experts can run the open-source CLI tool:
git clone https://github.com/proofsnap/proofsnap-verify.git
cd proofsnap-verify
npm install && npm run build
node dist/index.js evidence.zipThe output lists each check with PASS or FAIL, including the specific Bitcoin block number and eIDAS timestamp. This output can be included in forensic reports or expert witness declarations.
Cost Comparison
| Page Vault | Hunchly | ProofSnap | |
|---|---|---|---|
| Price | ~$195/month | $130/year | From $8.99/month |
| Blockchain timestamp | No | No | Yes (Bitcoin) |
| eIDAS qualified timestamp | No | No | Yes (EU Regulation 910/2014) |
| ISO 27037 chain of custody | Partial | Partial | Full (forensic log + hash chain) |
| Open-source verification | No | No | Yes (MIT license) |
| WhatsApp / Telegram capture | No | No | Yes (dedicated logic) |
| Data leaves your device | Yes (their servers) | No | No (100% local) |
For a solo practitioner or small firm handling 10–20 evidence captures per month, ProofSnap costs roughly what Page Vault charges for a single capture session. And the evidence package is stronger — because it includes independent timestamps and open-source verification that Page Vault does not offer.
Tax tip: ProofSnap is a deductible business expense for law firms and professional services — making it effectively free for tax purposes. Consult your accountant for details specific to your jurisdiction.
Practice Areas Where This Matters Most
- Family law — Social media posts, dating profiles, and messages that get deleted once litigation begins
- Employment law — Internal communications, policy pages, and job postings that change after a complaint is filed
- IP and trademark — Infringing product listings, counterfeit websites, and brand abuse on marketplaces
- Insurance defense — Claimant social media activity contradicting injury claims
- Defamation — Online posts, reviews, and comments that get edited or deleted
- Real estate disputes — Property listings with misrepresentations, Airbnb disputes, HOA violations
- Compliance — Website terms, cookie banners, and privacy policies that need to be documented at a specific point in time
Frequently Asked Questions
Are screenshots admissible as evidence in court?
Screenshots are increasingly challenged. Under FRE 901(b)(9), digital evidence must be authenticated through a verifiable process. A plain screenshot has no timestamp verification, no integrity proof, no metadata, and no chain of custody. Courts in US v. Vayner, Griffin v. State, and Lorraine v. Markel have excluded or questioned screenshot evidence for failing authentication standards.
What makes digital evidence admissible in court?
Admissible digital evidence requires: a cryptographic hash proving integrity (SHA-256), an independent timestamp (blockchain or eIDAS qualified), chain of custody documentation per ISO/IEC 27037, and a verification process that can be independently audited. ProofSnap creates evidence packages meeting all of these requirements, with open-source verification.
Can opposing counsel verify ProofSnap evidence independently?
Yes. The verification tool is open source (MIT license). Opposing counsel's forensic expert can download the code, audit every line, and run verification independently without any connection to ProofSnap. This eliminates the "trust the vendor" objection entirely.
Does ProofSnap work for WhatsApp and social media evidence?
Yes. ProofSnap has dedicated capture logic for WhatsApp Web, Telegram Web, Discord, Slack, and Facebook Messenger. Using the web version of these apps (rather than phone screenshots) captures full HTML, metadata, and TLS certificate information — producing a significantly stronger evidence package than a phone screenshot.
How does ProofSnap compare to Page Vault?
Page Vault costs approximately $195/month and sends your data to their servers. ProofSnap starts at $8.99/month, processes everything locally in your browser, and includes blockchain timestamps, eIDAS qualified timestamps, and open-source verification — features Page Vault does not offer. See the full comparison table above.
Is the evidence valid in the EU?
Yes. ProofSnap includes eIDAS qualified timestamps issued by an EU-accredited Trust Service Provider under Regulation 910/2014. These timestamps are legally valid across all 27 EU member states. The evidence package also complies with ISO/IEC 27037:2012 for chain of custody.
Related Articles
The Bottom Line
If you are still using screenshots as evidence, you are one objection away from having critical evidence excluded. The standard has moved beyond "print screen and pray."
A proper evidence package — with cryptographic hashes, independent timestamps, chain of custody, and verification that anyone can run independently — is what courts expect in 2026. It is also what protects your client and your credibility as counsel.
The verification tool is open source because evidence integrity should not depend on trusting a vendor. It should be provable.