Here's How To Verify That A Digital Document Is Authentic

31 October 2023 by Ross eDiscovery digital-document verification

Takeaway: Use the following to verify your documents are authentic: (1) Digital signatures, (2) Metadata, (3) Hash values, and (4) chains of custody.

Digital documents are part of our daily lives. But how do we know they’re authentic?

Most documents we encounter in our daily lives are in a digital format. And while digital documents make life more flexible, they also raise questions about authenticity. For instance, is that PDF an original or a cleverly disguised fake? Or has that email been altered before reaching you? These questions are particularly important in legal contexts but have broader implications for anyone handling digital data. Fortunately, there are multiple methods to authenticate digital documents.

1. Start by checking a document’s digital signature.

Digital signatures act as electronic fingerprints that verify the integrity of a digital document. Employing mathematical algorithms, they’re far more secure than a manual signature on paper. Protocols such as PKCS#7, X.509, and the Digital Signature Algorithm (DSA) are commonly used standards for creating digital signatures.

It all begins with a key pairing.

At the core of the digital signature is a pair of cryptographic keys (i.e., number strings): a public key and a private key. The private key is confidential and only known to the signer, while the public key is available openly. (Note that if the private key is leaked, you can’t trust the signature anymore.)

Then there’s the signing process.

On signing a digital document, a unique cryptographic hash (i.e., an identifying string of numbers and letters) is generated based on its content. This hash is then encrypted using the signers private key, forming the digital signature.

Finally, there’s the verification.

When a recipient receives a digitally signed document, they can decrypt the signature using the publicly available key of the signer. By generating a new hash from the received document and comparing it to the decrypted hash, you can confirm the documents authenticity.

2. File metadata can prove authenticity, too.

Metadata is often defined as “data about data.” It provides vital information about the origins, characteristics, and contextual aspects of a document. Types of metadata include administrative metadata with details like when and by whom the document was created, and structural metadata that provides insights into the arrangement of content in documents, such as chapters in a book. By examining a documents metadata, you can learn about its history and changes over time – which could help you verify it’s authentic. Learn more about metadata.

3. You could use hash values directly.

Earlier, we mentioned hash values in the context of digital signatures. But you can use hashes on their own, too. A hash value is a fixed-size alphanumeric string produced from input data via a hash function. I.e., your software uses maths equations to convert the contents of an entire document into a unique string of letters and numbers. This string (i.e., hash) is a documents fingerprint and will change dramatically if even a single comma or full stop is changed in the parent document. This makes hash values ideal for verifying the integrity of documents.

4. You can inspect a documents chain of custody.

The chain of custody concept originated in legal contexts but can be applied to verifying a documents history. The chain of custody records every instance a document is accessed, altered, transferred, or engaged with.

This means tracking and recording the following.

  • Collection: Initial collection and labeling of digital evidence, ensuring the original data remains unaltered.
  • Transportation: Secure and documented movement of the digital document to prevent unauthorized alterations.
  • Storage: Keeping the document in secure digital storage containers or drives, often encrypted to prevent unauthorized access.
  • Analysis: You’ll need to document how/when the file was examined or analyzed. Often, this means using hash values to confirm there weren’t any alterations.
  • Transfer: Documenting every transfer between individuals or locations, noting the date, time, and parties involved.
  • Disposition: Establishing the final status of the evidence – whether it was deleted, archived, or returned to the owner.

Once you’ve authenticated a document, ensure you’re careful while reviewing it, too.

You can alter a document’s metadata simply by opening it incorrectly. So, if you’re reviewing important files, consider doing it via an eDiscovery subscription service. These are set up to protect a document’s integrity while offering you essential document review tools at an affordable price. Take GoldFynch, for example.

  • It costs just $27 a month for a 3 GB case: That’s significantly less than most comparable software. With GoldFynch, you know exactly what you’re paying for: its pricing is simple and readily available on the website.
  • It’s easy to budget for. GoldFynch charges only for storage (processing files is free). So, choose from a range of plans (3 GB to 150+ GB) and know up-front how much you’ll be paying. You can upload and cull as much data as you want as long as you stay below your storage limit. And even if you do cross the limit, you can upgrade your plan with just a few clicks. Also, billing is prorated – so you’ll pay only for the time you spend on any given plan. With legacy software, pricing is much less predictable.
  • It takes just minutes to get going. GoldFynch runs in the Cloud, so you use it through your web browser (Google Chrome recommended). No installation. No sales calls or emails. Plus, you get a free trial case (0.5 GB of data and a processing cap of 1 GB) without adding a credit card.
  • It’s simple to use. Many eDiscovery applications take hours to master. GoldFynch takes minutes. It handles a lot of complex processing in the background, but what you see is minimal and intuitive. Just drag-and-drop your files into GoldFynch, and you’re good to go. Plus, you get prompt and reliable tech support (our average response time is 30 minutes).
  • Access it from anywhere, and 24/7. All your files are backed up and secure in the Cloud.

Want to find out more about GoldFynch?