Knogin
[Developers]

Chain of Custody Domain

A defence barrister attempts to have digital evidence excluded by arguing it could have been altered between collection and courtroom presentation. The prosecution's response is immediate: every handling action on that e

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainsblockchain

Overview#

A defence barrister attempts to have digital evidence excluded by arguing it could have been altered between collection and courtroom presentation. The prosecution's response is immediate: every handling action on that evidence item is recorded with a cryptographic hash of the state before and after each action, linked in an unbroken chain, and signed by each handler. Tampering would require forging every link simultaneously, computationally infeasible and immediately detectable.

The Chain of Custody domain provides that level of evidentiary protection for every piece of digital evidence on the platform. It is the difference between evidence that survives a procedural challenge and evidence that does not.

Key Features#

  • Complete evidence lifecycle tracking with 10 action types (collected, transferred, stored, retrieved, analysed, copied, returned, destroyed, sealed, unsealed).
  • Cryptographic integrity verification with hash-before and hash-after state tracking.
  • Digital signature capture for non-repudiation of custody actions.
  • Independent verification system with third-party status tracking and dispute handling.
  • Chain linking for sequential verification across the evidence lifecycle.
  • Tamper detection alerting when integrity checks fail.
  • Export capability for legal documentation and court proceedings.
  • Chronological timeline view with entry counting.

Use Cases#

Law enforcement digital forensics units track digital evidence from collection through forensic analysis to court presentation, providing an unbroken chain of custody that satisfies admissibility requirements in both civil and criminal proceedings.

Prosecution teams verify evidence integrity with independent third-party hash checks before filing, confirming that no evidence item has been altered since collection, and that the verification itself is documented.

Regulatory investigators at financial regulators document custody transfers of seized digital assets with digital signatures, creating a legally defensible record of every handler and every action across the evidence lifecycle.

Court-appointed forensic examiners generate chain of custody reports for individual evidence items, presenting a complete chronological record of every person who handled the material and every action performed on it.

Integration#

Integrates with evidence management, investigation, audit, digital asset, and forensics domains for end-to-end evidence lifecycle tracking.

Open Standards#

  • RFC 3161 (Internet X.509 PKI Time-Stamp Protocol): Evidence export artefacts receive cryptographic timestamp tokens from an RFC 3161-compliant Timestamping Authority, providing legally admissible proof of the time at which a custody action occurred.
  • Ed25519 / RFC 8032 (Edwards-Curve Digital Signature Algorithm): Every chain-of-custody entry is signed with an Ed25519 private key, and each signature can be independently verified against the corresponding public key to establish non-repudiation for each handler action.
  • SHA-256 / FIPS 180-4 (Secure Hash Standard): Cryptographic SHA-256 digests are recorded before and after every custody action to detect any modification to evidence between handling steps, and SHA-256 is also used to hash signing payloads for the timestamp requests.
  • W3C Verifiable Credentials Data Model v2.0: EvidenceCollection and CustodyTransfer Verifiable Credentials are issued and verified in conformance with the W3C VC DM v2.0 recommendation, enabling independent verification of evidence provenance without relying on the platform database.
  • W3C DID:web (Decentralised Identifiers): The platform acts as a VC issuer identified by a did:web DID, following the W3C Credentials Community Group specification, so verifiers can resolve the issuer's public key via a standard DID document.
  • JSON Web Token (JWT) / RFC 7519: Verifiable Credentials are serialised as compact JWTs (header.payload.signature) with an EdDSA algorithm header, allowing any standards-compliant JWT library to decode and verify custody credentials.
  • GraphQL: All chain-of-custody queries and mutations are exposed through a typed GraphQL API, enabling strongly-typed, self-documenting access to custody records from any investigation or legal review tooling.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.