Authentication of Screenshot Evidence

Screenshots of messages, photos, call logs, or CCTV images are a simple process; one could be excused for thinking it's the perfect evidence in a court case. Can you take these images at face value?
5 mins read

Screenshots of messages, photos, call logs, or CCTV images are a simple process; one could be excused for thinking it's the perfect evidence in a court case. A screenshot of a CCTV image showing the defendant outside a victim's house in a breach of bail case, or of text messages produced by a victim of harassment or location history to support a questionable alibi, the possibilities are endless. Can you take these images at face value, or is there more to them than meets the eye? 

1. Screenshot Explained

We have all taken a screenshot to share a location, website content, or error message, it is simply an image captured by your device that shows the exact content of the digital display of the device you are using, whether that be a phone, computer or tablet.

2. Screenshots as Evidence

Screenshots are commonly produced as evidence as they are a straightforward way of sharing an exact copy of the information. However, there are pitfalls with any digital file; they can be corrupted, manipulated, and edited to twist the facts.    

3. Faking a Screenshot

Take a look at a screenshot of a string of text messages; all the expected symbols like wifi, service provider, battery life, and time are at the top along with the name of the sender, looks legitimate, right? Maybe it is a bona fide screenshot; however, how do you know that a digital artist hasn't entirely constructed it? After all, it is essentially just a computer image and a relatively simple one at that. Even when we assume that the screenshot has been established as genuine and not a work of art, what does it prove and how could you or I fake it? 

The time is a simple enough fact; however, it is not backed up by a date. The absence of a date means we could send a constructed set of fake messages 24, 48, even 72 hours or longer after the originals, and the time at the top would be the same. The name at the top of the messages is who we believe to be the sender; however, it doesn't show their phone number. In this instance, by simply changing the name in the phone's contacts, we can attribute whatever name we want to an alternate phone number. And, if we can change the name of the sender, we can use a second phone to send whatever messages we want. The service provider can be manipulated with a bit of careful planning leaving just the battery life, which can be run down or charged up as necessary before taking our perfect fake screenshot!

Because of the demonstrated ease by which we can manipulate screenshots, proving authenticity has become crucial to establishing their credibility. 

4. Screenshot vs. Original Digital Evidence

When collected correctly, original digital evidence is always going to be more valuable than a screenshot. Using the example above of the faked screenshot, imagine if officers had seized the phones involved in the string of messages when the victim reported the offense. The text messages and additional data linked to those messages known as metadata could be downloaded and produced as irrefutable evidence. As we discuss below, this process of producing evidence has its issues even when conducted by digital forensic experts. 

5. Digital Evidence Chain of Custody

Sticking with the mobile phones involved in the string of text messages, in order to use them to provide irrefutable evidence in court it is essential to prove that what is presented is exactly the same as what was originally collected. 

Those involved in identifying, collecting, and acquiring electronic evidence must preserve its integrity at all stages. To maintain integrity a detailed log is kept of the transportation, handling, and examination of the evidence including who, when, where, and why possession was taken. Each person involved including first responders, investigators, crime scene technicians, and digital forensics experts could be required to provide evidence in court to support the continuity of the evidence. This record of continuity is often referred to as the chain of custody. It almost goes without saying that any gaps in this chain can lead to corruption claims and loss of evidence. 

6. Authentication of Screenshot Evidence

For a screenshot to be effective as a piece of evidence, it is essential it can be authenticated by the testimony of a witness who has seen the original subject matter and can therefore verify the content of the screenshot.  

7. Authenticating Screenshots using blockchain

The main benefit of using blockchain to prove the authenticity of a screenshot is that it is immutable, meaning no one can change it at a later stage. The immutable nature of blockchain, along with the time/date stamp of the block, proves that the content of the screenshot could not have changed since the time it was committed to the blockchain. 

In addition, all data on a blockchain is owned by the individual who submitted it, so they can prove its authenticity on demand without relying on a third party. 

Blockchain-Based Evidence Approved in a Court

A Chinese court first recognised Blockchain evidence as proof in 2018 during a copyright dispute. A newspaper employee took screenshots of the defendant's website where the newspapers article had been published without a license and committed the screenshots to a blockchain. When the plaintiff produced the screenshots as evidence the court checked the encryption hash values stored on the blockchain. The court found the hash values were numerically identical, and the timestamps matched the time the newspaper employee recorded the screenshots, source code, and the call log of the article. 

8. Authenticate Screenshots with LifeHash (blockchain solution)

Thanks to a personal blockchain, like LifeHash, you can safely keep screenshots in a way that it can’t be altered. Moreover, it doesn’t simply save the screenshot immutably, it also combines it with other information that helps prove that the screenshot is authentic. This includes the following data:    

  • Screenshots
  • Text
  • Metadata
  • Timestamp
  • Geolocation

You could take a screenshot of a text message or email and then secure it in a way that proves that it really happened. Thanks to the accompanying data, like timestamp and geolocation you can prove that the information hasn’t been edited or tampered with, which makes it much more valuable to use as evidence.

The p2p personal blockchain, based on Bitcoin and DigiByte, ensures that the data can not be edited by anyone. It gets this quality from the way a blockchain works to create data that can’t be edited. This process ensures that it becomes much more difficult to provide fake screenshots in a court case and it allows you to use the data as irrefutable proof and evidence.


Are texts hearsay and inadmissible in court?

It all depends on who the text messages are between, a text conversation between parties involved in a court case discussing a relevant fact of the case is likely to always be admissible. However, a text discussion between a party involved in the case and someone who isn’t is likely to be considered hearsay. 

How do I know if a screenshot is real?

It is very difficult to know that a screenshot is real without the original subject matter and the guarantee of the person who created it.  

Is it illegal to post screenshots of conversations?

The answer to this common question is highly dependent on the content of the screenshot and whether it contains names, private information or detail of an explicit nature. Should the screenshot contain nothing identifiable and no way to link it to a person then it is unlikely to be of an illegal nature. In all cases, it is advisable to seek professional advice. 


Electronic Evidence

Related Posts