Why it's important to preserve the chain of custody for digital evidence

Chain of custody is the record of preservation of evidence from collection to presentation in court.

Last Updated March 2024

Chain of custody is the record of preservation of evidence from collection to presentation in court. The goal of properly maintaining and documenting chain of custody is to show that the evidence presented to the court is the same as what was originally collected, and that the evidence was preserved without tampering or alteration. Web content is easily changed or deleted, and web evidence is difficult to subpoena. When evidence appears on the web, an accurate record of that evidence at that point in time should be made.

How do you establish chain of custody?

Properly documented chain of custody establishes that:

  1. when the record was originally produced, it accurately recorded the webpage in question, and
  2. the record was not subject to alteration from the point of collection until presentation in court.

Page Vault’s captures include key metadata that documents circumstances of collection and storage.

Are “print-screen” captures admissible?

Generally, web captures made on typical browsers compromise chain of custody—and therefore can be ruled inadmissible.

As was ruled in Toytrackerz LLC v. Koehler in 2009, a capture which “… fails to identify who retrieved the website printout, when and how the pages were printed, or on what basis the printouts accurately reflect the contents of the website on a certain date,” can be deemed inadmissible.

When an internet page is viewed on a standard browser, the code for that page is downloaded to the user’s machine, and resides on that machine. There are many points at which the record of the page can be compromised:

  • the user (or malware on the user’s machine) can alter the code before it is loaded into the browser
  • the user can change the code in the browser before making a screenshot of the page
  • the user can alter the resulting capture with a photo editing tool after making the capture

Establishing chain of custody may require having attorneys or staff who made the captures to take the stand and testify to the accuracy of the captures. This procedure adds unnecessary risk to your case.

How Page Vault preserves the digital chain of custody

Page Vault’s unique, patented architecture removes the user from the chain of custody entirely, all the while allowing them to surf and capture evidence in “real-time.”


The Page Vault Browser is hosted on Page Vault’s own secure server. Users who use our software remotely view and control the browser from their own desktop. Page Vault’s browser is engineered to allow users to remotely control their surfing and captures, but also to prevent them from altering the page in any way. Thus, there is no opportunity for the user to alter the page.

Every webpage goes from the Web directly to Page Vault’s server, and never crosses the user’s desktop. Captured material is immediately time-stamped and digitally signed by Page Vault, and vaulted on Page Vault’s secure servers. The securely hosted browser architecture allows Page Vault to offer affidavits to back up the authentication of webpage evidence captured by it in accord with Fed. Rules Evid. 901(b)(9). Because the user is not part of the chain of custody, there is no need for the user to take the stand.