How Evident ICU preserves a traceable record.

Three questions every legal practitioner should be able to answer before submitting digital evidence to court — and how the system answers each one automatically.

What makes a digital record traceable.

Integrity at intake.

A SHA-256 hash is computed on every file the moment it arrives. That hash is written to an append-only log and cannot be changed. If the file is altered after upload — even by one byte — the hash mismatch is detectable, logged, and surfaced as a discrepancy. The original is never overwritten.

Chain of custody.

Every operation on a file — upload, processing, review, export — is recorded with a timestamp, an actor identifier, and the action taken. Each log entry references the hash of the previous entry. The log is append-only: entries cannot be modified or deleted after they are written. There is no mechanism in the system to do so.

Export traceability.

Each export packet includes the original file hash, the full chain-of-custody log, the processing transcript, and the timeline reconstruction. A reviewer can verify that the exported file matches the file that was originally uploaded without trusting the platform — the hash is the proof.

What happens when you upload a file.

The pipeline runs automatically. Every stage is reproducible — the same file always produces the same output. Nothing is sampled, skipped, or approximated.

  1. Hash SHA-256 computed. File written to immutable storage. Hash recorded in custody log.
  2. Metadata EXIF, ID3, and container metadata extracted and stored. Creation timestamps preserved as-found.
  3. Transcription Audio converted to timestamped transcript. Speaker diarization applied where signal permits.
  4. OCR On-screen text extracted from video frames and document pages. Timestamps anchored to source.
  5. Timeline reconstruction Events assembled chronologically from transcript, metadata, and detected cues. Confidence scores assigned per event.
  6. Export packet generation Cover page, hash manifest, custody log, transcript, and timeline assembled into a sealed export packet.

What "chain of custody" means in this system.

The hash does not change between received and exported. That is the record.

Sample chain-of-custody log — append-only, read-only after write
Event File SHA-256 (truncated) Timestamp (UTC) Actor
Received bwc_clip_01.mp4 a3f27c8d… 2026-05-01 09:14:02 system/intake
Processed bwc_clip_01.mp4 a3f27c8d… 2026-05-01 09:17:44 pipeline/v2
Reviewed bwc_clip_01.mp4 a3f27c8d… 2026-05-01 10:52:11 user:dbarber
Exported bwc_clip_01.mp4 a3f27c8d… 2026-05-01 11:03:29 user:dbarber

The hash is identical across all four entries. If it were not, the system would flag the discrepancy and halt the export. The platform's own attestation is secondary to the hash — the hash is independently verifiable.

What an export packet contains.

Each export is a sealed packet. It does not require the platform to be accessible for verification — everything needed to authenticate the record is inside the packet.

  • Cover page Matter name, case number, date of export, operator name, and platform version.
  • Hash manifest Every file in the export listed with its SHA-256 hash and file size. A reviewer can compute the hash independently and compare.
  • Chain-of-custody log Full append-only log from intake to export. Every entry includes timestamp, actor, action, and the hash of the previous entry.
  • Transcription Timestamped, speaker-labeled transcript with confidence scores per segment.
  • Timeline reconstruction Chronological event list assembled from all evidence in the matter. Each event cites its source file and timestamp.
  • Discrepancy report Any flags raised during analysis — hash mismatches, timeline gaps, metadata anomalies — listed with severity and source. Included whether or not discrepancies were found.

What the system does when it finds a discrepancy.

The system is designed to surface problems, not to conceal them in order to complete an export. Any discrepancy is designed to be logged to the custody record and surfaced for review.

  • Hash mismatch If a recomputed hash differs from the recorded hash, the mismatch is designed to be logged to the custody record. A discrepancy that cannot be explained should not be included in a submitted export.
  • Metadata anomaly If extracted metadata contradicts the file's container properties — for example, if the reported duration differs from the encoded duration — the anomaly is designed to be logged and noted in the discrepancy report.
  • Timeline gap If the reconstructed timeline contains a gap, an abrupt cut, or a timestamp discontinuity, it is designed to be logged and listed in the discrepancy report with the gap window and the source file and timestamp range.
  • Discrepancy report Every export packet is designed to include a discrepancy report section whether or not discrepancies were found. A clean report is as significant as a flagged one — it documents that the system checked.

Verify the record yourself.

The following methods do not require platform access or trust in this service.

Hash the file yourself

Run sha256sum ORIGINAL_FILE on any file from your export packet and compare the result against the hash manifest included in that packet. If the values match, the file is unchanged from what was recorded at intake. No platform access required.

Read the custody log offline

Every export packet includes the custody log as a plain-text file. You can read the full sequence of recorded actions without platform access. The log is a copy of the append-only record — it is not generated at export time.

Reproduce from the source

Given the original file and the pipeline version recorded in the export, the reproducible outputs can be verified independently. The export is a derivation of the source file — not an artifact that requires this service to interpret.

These methods apply to reproducible record data: hash values, file size, source metadata fields, timestamps, and custody log entries. Machine-assisted signals — transcription, object detection, speaker attribution, classification, and analysis summaries — carry confidence scores and require human review. They are not reproducible in the same reproducible sense.