Digital Evidence Toolkit

January 28, 2026 · View on GitHub

A curated collection of freely available tools and guides to assist individuals in gathering, preserving, and authenticating digital evidence.

Last Updated: January 28, 2025

Disclaimer: This repository is for informational purposes only and does not constitute legal advice. Adapt these methods to your own needs and consult legal counsel regarding evidence admissibility in your jurisdiction.

AI Disclosure: This documentation was developed with the assistance of Claude Code, an AI coding assistant by Anthropic. All content has been reviewed for accuracy, but users should verify information independently for their specific use cases.

Note on Tool Listings: The tools documented here represent a curated selection, not an exhaustive catalogue. Many categories (cloud storage, blockchain timestamping, metadata tools, etc.) have numerous additional providers and alternatives beyond those listed. We focus on well-established, accessible options to illustrate workflows rather than provide comprehensive market coverage.

How It All Connects

The diagram below shows how different components of digital evidence management work together:

flowchart TB
    subgraph CAPTURE["📷 Evidence Capture"]
        direction TB
        A1[Audio Recording]
        A2[Photo/Video]
        A3[Web Pages]
        A4[Email]
        A5[Messaging]
        A6[Social Media]
    end

    subgraph VERIFY["🔍 Verification & Integrity"]
        direction TB
        V1[Checksums/Hashes]
        V2[Metadata Inspection]
        V3[Timestamps]
        V4[Blockchain Anchoring]
    end

    subgraph STORE["💾 Secure Storage"]
        direction TB
        S1[WORM Media]
        S2[Cloud Storage]
        S3[IPFS/Decentralised]
        S4[Evidence Bundling]
        S5[DEM Platforms]
    end

    subgraph PROTECT["🔒 Security & Privacy"]
        direction TB
        P1[Device Security]
        P2[Secure Comms]
        P3[OPSEC/VPN/Tor]
        P4[Redaction Tools]
    end

    subgraph ANALYSE["🔬 Analysis & Investigation"]
        direction TB
        I1[OSINT Tools]
        I2[Digital Forensics]
        I3[AI/ML Tools]
    end

    subgraph LEGAL["⚖️ Legal Framework"]
        direction TB
        L1[Chain of Custody]
        L2[Legal Considerations]
        L3[Best Practices]
    end

    CAPTURE --> VERIFY
    VERIFY --> STORE
    STORE --> ANALYSE
    PROTECT -.-> CAPTURE
    PROTECT -.-> STORE
    PROTECT -.-> ANALYSE
    LEGAL -.-> CAPTURE
    LEGAL -.-> VERIFY
    LEGAL -.-> STORE

Quick Reference Index

Category	Description	Key Tools
Guides	Foundation documents	Chain of custody, legal, best practices
Evidence Capture	Recording & collection	ProofMode, ASR, SingleFile, eEvid
Evidence Storage	Preservation & integrity	S3 Object Lock, OpenTimestamps, BagIt
Verification	Integrity & authenticity	ExifTool, MediaInfo, checksums
Investigations	OSINT & forensics	Maltego, Hunchly, Timesketch
Redaction	Privacy & PII removal	Video/audio/document redaction
OPSEC	Investigator protection	VPNs, Tor, secure comms
Apps	Platform-specific	Android, iOS, desktop

Important Reading

Start here to understand the foundational concepts:

Chain of Custody - Understanding evidence integrity and the capture-to-storage workflow
Legal Considerations - Consent laws and legal requirements before capturing evidence
Best Practices - Suggested workflows for evidence management

Evidence Capture

Tools and methods for capturing different types of digital evidence.

Audio

ASR (Android Smart Recorder) - Android audio capture app
Sony ICD Series - Physical digital voice recorders
PR200 Bluetooth Recorder - Discrete Bluetooth recording device

Email

eEvid - Certified email delivery with proof

Photo & Video

Content Authenticity Initiative - Hardware-level image certification (Leica, Pixel, etc.)

Web Pages

Browser Extensions - SingleFile and other extensions for saving web pages

Messaging

Extracting and preserving chat/messaging evidence.

Preserving posts, profiles, and social media content.

Evidence Storage

Secure storage and preservation methods.

WORM Media - Write Once, Read Many

AWS S3 Object Lock - Cloud-based immutable storage
Physical WORM Media - Optical discs, tape

Timestamps & Blockchain

OpenTimestamps - Blockchain-anchored timestamps
Blockchain-Based Evidence - Timestamping, notarisation, and immutable records

Decentralised Storage

IPFS - Content-addressed peer-to-peer storage with built-in integrity verification

Checksums

Checksum Utilities - File integrity verification

Cloud Storage

Tresorit - End-to-end encrypted cloud storage
Prodatix - Immutable cloud storage with retention
Rclone - Sync tool for 70+ cloud providers (with GUI option)

Note: Many cloud providers offer immutable storage options (Azure Blob Immutable Storage, Google Cloud Storage retention policies, Backblaze B2, Wasabi, etc.). The tools listed above are representative examples.

Specialist Hardware

Object First Ootbi - Immutable backup appliance

Evidence Bundling

BagIt & Packaging Tools - Tools for packaging evidence with integrity verification

Digital Evidence Management

Enterprise DEM platforms (Axon Evidence, FileOnQ) - Note: Many are law enforcement only

Metadata Inspection

Tools for examining file metadata and detecting manipulation.

ExifTool - Industry-standard metadata reader/writer
MediaInfo - Video/audio technical metadata
Additional Tools - Metadata Extractor, Diffusion Toolkit, Dataset Tools (including AI image metadata)

Redaction & Anonymisation

Tools for removing PII and anonymising evidence before sharing.

Overview - Principles and best practices
Image Redaction - Photo/image anonymisation tools
Video Redaction - Video anonymisation and face blurring
Document Redaction - PDF and document redaction
Audio Redaction - Audio censoring and anonymisation
PII Detection Tools - Automated PII scanning and masking
Anonymisation Tools - Database and dataset anonymisation

Investigations

OSINT and data gathering tools for research and investigations.

Maltego - Link analysis and OSINT platform
Hunchly - Web capture tool for investigations

Digital Forensics

Forensics Tools & Guides - Timesketch, Kuiper, and forensic artifact resources

Operational Security (OPSEC)

Protecting yourself during evidence gathering and investigations.

Operational Security Guide - OPSEC principles and checklist
VPNs - Privacy-focused VPN recommendations
Tor Browser - Anonymous browsing for sensitive research

Information Security (InfoSec)

Securing your devices and communications.

Device Security - Securing devices that handle evidence
Secure Communications - Encrypted messaging and file sharing

AI Tools

AI and machine learning tools for evidence-related tasks.

AI Tools Overview - LLM tools and considerations for evidence work

Apps by Platform

Quick reference for apps organized by operating system.

Platform	Apps Available
Android	ProofMode, Capture Cam, ASR, FolderSync Pro
iOS	Capture Cam (limited options)
Windows	Desktop tools
macOS	Desktop tools
Linux	Desktop tools

Other repositories that may assist with evidence handling:

Proofmode-Unpacker - Tool for processing and extracting ProofMode evidence exports
Claude-Evidence-Assistant - AI-assisted evidence analysis and documentation
WhatsApp-Export-Unpacker - Extract and organize WhatsApp chat exports

Contributing

Contributions welcome. Please submit issues or pull requests for:

New tools or resources
Corrections or updates
Platform-specific guides
Regional legal considerations