How Evident ICU preserves a traceable record.
Three questions every legal practitioner should be able to answer before submitting digital evidence to court — and how the system answers each one automatically.
What makes a digital record traceable.
Integrity at intake.
A SHA-256 hash is computed on every file the moment it arrives. That hash is written to an append-only log and cannot be changed. If the file is altered after upload — even by one byte — the hash mismatch is detectable, logged, and surfaced as a discrepancy. The original is never overwritten.
Chain of custody.
Every operation on a file — upload, processing, review, export — is recorded with a timestamp, an actor identifier, and the action taken. Each log entry references the hash of the previous entry. The log is append-only: entries cannot be modified or deleted after they are written. There is no mechanism in the system to do so.
Export traceability.
Each export packet includes the original file hash, the full chain-of-custody log, the processing transcript, and the timeline reconstruction. A court can verify that the exported file matches the file that was originally uploaded without trusting the platform — the hash is the proof.
What happens when you upload a file.
The pipeline runs automatically. Every stage is deterministic — the same file always produces the same output. Nothing is sampled, skipped, or approximated.
-
Hash SHA-256 computed. File written to immutable storage. Hash recorded in custody log.
-
Metadata EXIF, ID3, and container metadata extracted and stored. Creation timestamps preserved as-found.
-
Transcription Audio converted to timestamped transcript. Speaker diarization applied where signal permits.
-
OCR On-screen text extracted from video frames and document pages. Timestamps anchored to source.
-
Timeline reconstruction Events assembled chronologically from transcript, metadata, and detected cues. Confidence scores assigned per event.
-
Export packet generation Cover page, hash manifest, custody log, transcript, and timeline assembled into a sealed export packet.
What "chain of custody" means in this system.
The hash does not change between received and exported. That is the record.
| Event | File | SHA-256 (truncated) | Timestamp (UTC) | Actor |
|---|---|---|---|---|
| Received | bwc_clip_01.mp4 | a3f27c8d… |
2026-05-01 09:14:02 | system/intake |
| Processed | bwc_clip_01.mp4 | a3f27c8d… |
2026-05-01 09:17:44 | pipeline/v2 |
| Reviewed | bwc_clip_01.mp4 | a3f27c8d… |
2026-05-01 10:52:11 | user:dbarber |
| Exported | bwc_clip_01.mp4 | a3f27c8d… |
2026-05-01 11:03:29 | user:dbarber |
The hash is identical across all four entries. If it were not, the system would flag the discrepancy and halt the export. The platform's own attestation is secondary to the hash — the hash is independently verifiable.
What you submit to court.
Each export is a sealed packet. It does not require the platform to be accessible for verification — everything needed to authenticate the record is inside the packet.
- Cover page Matter name, case number, date of export, operator name, and platform version.
- Hash manifest Every file in the export listed with its SHA-256 hash and file size. A reviewer can compute the hash independently and compare.
- Chain-of-custody log Full append-only log from intake to export. Every entry includes timestamp, actor, action, and the hash of the previous entry.
- Transcription Timestamped, speaker-labeled transcript with confidence scores per segment.
- Timeline reconstruction Chronological event list assembled from all evidence in the matter. Each event cites its source file and timestamp.
- Discrepancy report Any flags raised during analysis — hash mismatches, timeline gaps, metadata anomalies — listed with severity and source. Included whether or not discrepancies were found.