Digital Evidence FAQ: Authentication, Chain of Custody, and Spoliation
Answers to the most common questions about digital evidence in court: authentication, chain of custody, FRE 902(13), spoliation, and how to prove evidence has not been tampered with. For deeper treatment of any topic, follow the links to our full guides and case law analyses.
Questions on This Page
Is video footage considered physical evidence?
Video footage is generally classified as digital or electronic evidence rather than physical evidence in the traditional sense, though courts sometimes use the terms interchangeably. Physical evidence refers to tangible objects: a weapon, a document, a piece of clothing. Video footage exists as a digital file and is subject to the rules governing electronic evidence, including authentication requirements under FRE 901 and 902. The practical distinction matters because digital evidence has unique authentication requirements: it can be copied perfectly, it can be altered without visible signs of tampering, and it requires chain of custody documentation that accounts for its digital nature. A video file that cannot be authenticated through its hash value, chain of custody, or other means may be excludable even if its contents are genuine.
Can you beat a case with video evidence?
Video evidence can be highly persuasive in court, but it is not automatically case-dispositive. The effectiveness of video evidence depends on its quality, its chain of custody, its authentication, and the context in which it is offered. Defense attorneys can challenge video evidence on several grounds: authentication (is the video what it purports to be?), chain of custody (was the video properly preserved from collection through trial?), completeness (does the video capture the full context of the event?), and methodology (was the forensic process used to collect or analyze the video reliable?). Prosecutors and civil litigants relying on video evidence must be prepared to authenticate it under FRE 901 or 902(13), demonstrate an unbroken chain of custody, and establish that the video has not been altered. See our guide on body camera chain of custody for a practical overview.
Can you use video recordings as evidence in court?
Yes, video recordings are admissible as evidence in both civil and criminal proceedings, subject to the same authentication and foundation requirements as any other form of evidence. To admit a video recording, the proponent must typically establish: (1) that the video accurately represents what it purports to depict, (2) that it was created by a reliable process, (3) that it has not been altered since creation, and (4) that its chain of custody is documented. Under FRE 902(13), a video recorded by an electronic system can be self-authenticated through a written certification from a qualified person describing the system and attesting to its accuracy. This eliminates the need for a live foundation witness. Courts have admitted body camera footage, surveillance video, smartphone video, and dashcam recordings, all subject to proper authentication. The authentication process is the critical step.
Is video footage direct evidence?
Whether video footage is considered direct or circumstantial evidence depends on what it depicts and how it is used. Direct evidence is evidence that, if believed, directly proves a fact in issue without requiring an inference. If a video shows a defendant committing the alleged act, it is direct evidence of that act. If a video shows the defendant near the scene of a crime but not committing it, it is circumstantial evidence that requires the factfinder to draw an inference. In practice, the direct/circumstantial distinction matters less than the authentication question: a video that is direct evidence of the core fact in dispute is only useful if it can be authenticated and admitted. A video that cannot be authenticated because its chain of custody is broken, or that is excluded because no one properly certified the recording system, provides no evidentiary value regardless of what it shows.
How do you authenticate video evidence in court?
Video evidence can be authenticated under several provisions of the Federal Rules of Evidence. Under FRE 901(b)(1), a witness with personal knowledge can authenticate by testifying that the video accurately depicts what it purports to show. Under FRE 901(b)(9), evidence describing the process or system that produced the video, and showing that it produces accurate results, can authenticate the recording. Under FRE 902(13), video evidence generated by an electronic process or system can be self-authenticated through a written certification from a qualified person, provided to all parties in advance. This is the most efficient method because it eliminates the need for a live foundation witness. The certification must describe the system, attest to its accuracy, and be made under penalty of perjury pursuant to 28 U.S.C. § 1746. A SHA-256 hash computed at collection and verified at the time of authentication provides mathematical proof that the video has not been altered. See our detailed guide on FRE 902(13) authentication for the complete workflow.
What is the chain of custody for digital evidence?
Chain of custody for digital evidence is the documented record of every person who has accessed, handled, or interacted with the evidence from collection through trial. For digital evidence specifically, chain of custody requires: identification of the evidence at collection (filename, file size, hash value, timestamp), a log of every access with the accessor's identity and timestamp, documentation of any transfers between custodians, verification that the evidence has not been altered (through hash comparison), and a record of storage conditions. Unlike physical evidence, digital evidence can be copied perfectly and can be altered without visible signs, which is why cryptographic hash verification is essential. A SHA-256 hash computed at the time of collection provides a mathematical baseline. Any subsequent access or transfer that produces the same hash confirms the evidence is unaltered. The chain of custody record supports both the authentication of the evidence (FRE 901, 902) and, in civil litigation, demonstrates compliance with preservation obligations under FRCP 37(e). See our guide on body camera chain of custody for a practical framework.
What are the consequences of breaking chain of custody?
A broken chain of custody can result in evidence exclusion, authentication challenges, adverse inference instructions, and in severe cases, sanctions or case-dispositive remedies. When the chain of custody for digital evidence is broken, meaning there are gaps in the documentation of who accessed the evidence and when, opposing counsel can challenge the evidence's authenticity and argue it may have been altered during the undocumented period. Courts have excluded digital evidence entirely when chain of custody gaps are severe enough that the evidence cannot be reliably authenticated. Even when evidence is admitted despite chain of custody issues, the gaps provide fertile ground for impeachment of the proponent's witnesses and the evidence itself. In criminal cases, a broken chain of custody can create reasonable doubt about whether the evidence represents what the prosecution claims. In civil litigation, chain of custody failures can trigger spoliation motions under FRCP 37(e) if relevant evidence was lost during the undocumented period. See our discussion of the Casey Anthony case for an example of how chain of custody challenges affected a high-profile trial.
What is a self-authenticating document?
A self-authenticating document is one that is admissible in evidence without extrinsic proof of authenticity; in other words, it authenticates itself without requiring a foundation witness or additional testimony. Federal Rule of Evidence 902 enumerates the categories of self-authenticating evidence. These include official publications, certified public records, official government publications, trade inscriptions, certified copies of business records, and since 2017, certified data from electronic processes or systems (Rule 902(13)) and certified copies of data from electronic devices (Rule 902(14)). For digital evidence specifically, self-authentication under Rules 902(13) or 902(14) requires a written certification from a qualified person describing the system and attesting to its accuracy, provided to all parties with advance notice. The certification must be made under penalty of perjury pursuant to 28 U.S.C. § 1746. Self-authentication under 902(13) eliminates the need to call a live foundation witness, often saving $3,000 to $5,000 in expert costs per appearance.
What is FRE 902(13)?
Federal Rule of Evidence 902(13), added to the Federal Rules of Evidence in 2017, provides that records generated by an electronic process or system are self-authenticating if the proponent submits a written certification from a qualified person. The certification must: (1) describe the process or system used to generate the record and show that it produces an accurate result, (2) be provided to all parties with the advance notice required by Rule 902(11), and (3) be made under penalty of perjury consistent with 28 U.S.C. § 1746. Rule 902(14) is the companion provision for copies of data from electronic devices, authenticated through hash verification. Together, these rules allow attorneys to authenticate digital evidence: video files, emails, electronic documents, log files, through written certification rather than live testimony. The 'qualified person' who signs the certification does not need to be a forensic expert; it can be the attorney, paralegal, or system administrator who manages the evidence and can describe how the system works. Our full guide on FRE 902(13) authentication walks through the complete certification process.
What is evidence spoliation?
Evidence spoliation is the destruction, alteration, or failure to preserve evidence that is relevant to pending or reasonably anticipated litigation. Spoliation includes intentional destruction (deleting emails before a lawsuit), negligent loss (allowing backup tapes to be recycled without implementing a litigation hold), and alteration (modifying a photograph or document that has been produced in discovery). In federal civil litigation, FRCP 37(e) governs spoliation of electronically stored information. Under 37(e)(1), courts may impose curative measures when ESI is lost due to a party's failure to take reasonable steps to preserve it. Under 37(e)(2), courts may impose severe sanctions, including adverse inference instructions, dismissal, or default judgment, if the spoliating party acted with intent to deprive the opposing party of the information. Spoliation is not limited to intentional destruction. Negligent or even accidental loss of evidence that should have been preserved can trigger sanctions if the party failed to implement a litigation hold or take other reasonable preservation steps. See our analysis of spoliation sanctions case law for the financial consequences.
How do you prove evidence has not been tampered with?
The most reliable method for proving digital evidence has not been tampered with is cryptographic hash verification. A SHA-256 hash is a mathematical fingerprint of a file at a specific point in time. When a hash is computed at collection and then recomputed before trial, matching hashes mathematically prove the file is identical, not similar, not approximately the same, but bit-for-bit identical. SHA-256 produces a 256-bit output with 2^256 possible values. The probability of two different files producing the same hash is effectively zero. This means that any modification to the file, whether changing a single pixel in a video or altering a timestamp in an email, will produce a completely different hash. In addition to hash verification, chain of custody documentation (logging every access with identity and timestamp) establishes that no unauthorized person had the opportunity to tamper with the evidence. Combined with a written FRE 902(13) certification describing the system and attesting to its integrity, hash verification creates a tamper-proof record that courts consistently accept as proof of evidence integrity. See our guide on digital evidence authentication for the full workflow.
What is a litigation hold?
A litigation hold (also called a legal hold or evidence preservation order) is a directive to suspend routine deletion policies and preserve all potentially relevant evidence when litigation is reasonably anticipated. The duty to implement a litigation hold arises as soon as a party has notice of a potential claim, before any lawsuit is filed. Under FRCP 37(e), failure to take reasonable steps to preserve electronically stored information can result in sanctions ranging from adverse inference instructions to case-dispositive remedies. An effective litigation hold must be written (not just a verbal instruction), distributed to all relevant custodians who have possession or control over potentially relevant evidence, and enforced at the system level to prevent routine deletion policies from overriding it. Courts have consistently held that verbal instructions to 'not delete anything' are insufficient. The hold must be implemented in the systems that store the evidence. After the hold is issued, counsel must monitor compliance and follow up with custodians. The duty continues until the litigation concludes or the hold is formally released. See our analysis of Zubulake v. UBS Warburg for the case that established these requirements, and Allied Concrete v. Lester for what happens when they are violated.
Practical Tools for Digital Evidence Management
FileSworn provides SHA-256 hashing, chain of custody logging, FRE 902(13) certification, and litigation hold enforcement: the tools attorneys need to manage digital evidence from collection through trial.