GetProofAnchor logo
GetProofAnchor
Verifiable web evidence
Dashboard
Solutions · Investigators · Chain-of-custody web evidence

Capture volatile online evidence — with a defensible chain of custody.

Listings get edited, profiles get cleaned, scam pages vanish, dashboards change between sessions. GetProofAnchor lets you preserve what you saw — including content behind login — as a portable Evidence ZIP and shareable Proof ID, anchored in four independent integrity layers — ready to hand to counsel or a forensic expert with a deterministic verifier outcome: Match / Modified.

Behind-login capture

Banking dashboards, broker portals, internal admin views — captured exactly as your real browser shows them.

Documented chain of custody

Capture metadata + global hash chain + Bitcoin anchor + eIDAS qualified timestamp — all bundled, all offline-verifiable.

Counsel-ready handoff

Self-contained Evidence ZIP + bilingual README. Forensic expert reproduces the verification independently.

Install browser extension → Create evidence → Verify a Proof ID / ZIP

What this is: an evidence-preservation workflow for investigative work — fast field capture (public + behind-login), four-layer cryptographic integrity, EU-qualified timestamp, Bitcoin anchor, and a documented chain of custody ready for handoff to counsel or a forensic expert.

What this is not: an investigative tool that bypasses authentication, a covert capture device, or legal advice. Capture only what you are lawfully entitled to access. Admissibility depends on jurisdiction and circumstances.

Investigator workflow
3-minute workflow

Designed for volatile sources, behind-login views, and clean handoff to counsel or forensic expert.

Step 1 — Capture in the field

Browser extension for behind-login views (banking, broker, internal admin) or socials/marketplaces in your real session. Dashboard for public URLs. Single click; capture is signed and chained automatically.

https://example.com/profile-or-listing
Step 2 — Export Evidence ZIP

Self-contained, offline-verifiable bundle: full-page screenshot + captured DOM + extracted text + capture metadata + SHA-256 manifest + hash chain entries + Bitcoin OpenTimestamps receipt + eIDAS qualified-timestamp kit + bilingual verification README.

Step 3 — Hand off to counsel or expert
Proof ID: 70352d57-d6bc-4873-87f2-d052b1bef548

Send the ZIP to counsel; share the Proof ID URL with the client or expert. Verification is deterministic and reproducible: Match (intact) or Modified (per-layer report). Fully offline if needed.

Open verifier View sample proof →
Works for: marketplace listings, classifieds, scam pages, fake-shop checkouts, dark-pattern flows, OSINT subjects, social profiles, banking & broker dashboards, internal admin, regulator notices, court filings.

What investigators capture with GetProofAnchor

Built for the volatile end of the web — sources that change, vanish, or sanitize themselves the moment they sense scrutiny.

Marketplace listings & classifieds

Bazoš, Marketplace, eBay, Amazon, Vinted, OLX, Sbazar — listings that get edited, taken down, or relisted under a new ID the moment a complaint lands.

Scam pages & fake shops

Phishing portals, fake e-shops, fake-bank login pages, romance-scam profiles — captured before takedown so the trail does not end.

Behind-login dashboards

Banking, broker, escrow, payment-processor, exchange, internal admin — exactly the views the user actually saw, captured from your real session.

OSINT subject preservation

Profiles, posts, comments, group memberships, follower lists — captured at the moment of observation, before the subject sanitizes the trail.

Dark-pattern UI & checkout flows

Pre-checked boxes, hidden auto-renewals, misleading buttons, fake countdowns — preserved as the user actually encountered them, including DOM and capture metadata.

Public records & regulator notices

Court filings, sanctions lists, regulator publications, beneficial-ownership registers, public companies registers — preserved at URL and exact moment of access.

Why this evidence holds up as chain of custody

Field screenshots and ad-hoc PDF print-outs do not survive a determined challenge. GetProofAnchor wraps every capture in four independent integrity layers, each with its own files in the Evidence ZIP, each independently verifiable by a third party. Defeating any single layer doesn't break the others.

Layer 1
SHA-256 file manifest

Every file in the Evidence ZIP has its hash recorded in manifest.json. Editing a single byte — even reformatting whitespace — fails the integrity check.

Layer 2
Append-only hash chain

Each capture is part of a global SHA-256 chain. Each entry contains the hash of the previous one, so inserting or modifying any past entry breaks the chain mathematically — providing a verifiable sequence of all your work.

Layer 3
Bitcoin OpenTimestamps anchor

The chain head is anchored to the Bitcoin blockchain. Once confirmed, the timestamp is preserved by the entire Bitcoin network — independent of GetProofAnchor and of any platform involved in the case.

Layer 4
eIDAS qualified timestamp

RFC 3161 timestamp from an EU-qualified Trust Service Provider (currently SK ID Solutions, Estonia). Recognized as legal-grade proof of existence at a point in time under Regulation (EU) 910/2014.

All four layers PASS → the chain of custody is cryptographically intact, not just credible. Any layer FAILS → modification is detected, with a per-layer report showing exactly which one was tampered with — turning a vague tampering accusation into a deterministic technical question.

Why field screenshots aren't enough anymore

Investigative work increasingly hinges on volatile online sources — marketplace listings, scam pages, behind-login dashboards, OSINT subjects who sanitize trails the moment they sense surveillance. A screenshot is a single point of trust: yours. Without an integrity mechanism and an independent time anchor, the opposing side can argue it was edited, taken at a different time, or fabricated. A four-layer cryptographic chain replaces credibility with verifiability.

Cryptographic integrity verification

Evidence ZIP includes a SHA-256 manifest of every file. Subsequent edits — text, screenshot pixels, file replacement, even JSON whitespace reformatting — become mathematically detectable. The chain of custody does not depend on your sworn statement.

Independent time anchors

Each proof gets two independent time anchors: an eIDAS qualified timestamp (legally recognized in EU/EEA) and a Bitcoin OpenTimestamps anchor (preserved by the Bitcoin network). Backdating, both accusing and defending, becomes a cryptographic fact-check rather than a credibility contest.

What's inside the Evidence ZIP

A standardized, self-contained bundle of around 24 files (format: getproofanchor-evidence-1). Designed to live in a case file, be sent to counsel or a forensic expert, attached to a regulatory complaint, or referenced in a sworn report — and to verify independently of GetProofAnchor.

  • manifest.json — the integrity baseline — SHA-256 hash of every other file in the package
  • proof.json — main record — Proof ID, source URL, final URL, capture time, SHA-256 fingerprints, eIDAS status, Bitcoin anchor info
  • screenshot.png — full-page screenshot at capture time (the visible state of the page as you saw it in the field)
  • page.html + content.txt — captured DOM/HTML and extracted plain-text content — the underlying source for behind-the-pixels analysis
  • capture/capture_meta.json — forensic capture metadata — engine, viewport, scroll, consent dialogs auto-handled — the chain-of-custody backbone
  • chain/* — append-only hash chain entries linking this proof to the global chain of all captures
  • anchor/anchor_receipt.ots — binary OpenTimestamps receipt with the Bitcoin merkle path — verifiable against any Bitcoin node
  • timestamp/* — complete eIDAS qualified-timestamp kit — RFC 3161 token, TSA certificate chain, frozen EU Trusted List snapshot, verification report
  • report.pdf — human-readable Evidence Report PDF — formatted summary suitable for the case file or sworn submission
  • README.md — bilingual (EN + CS) verification guide with copy-paste commands using python3, openssl, ots — counsel or expert reproduces the verification independently
Verifier outcome: Match / Modified.

For a file-by-file walkthrough see the Evidence ZIP — every file inside tutorial.

eIDAS qualified timestamp — what it adds to chain of custody

Every GetProofAnchor proof receives an RFC 3161 timestamp from an EU-qualified Trust Service Provider. This is not a marketing label — it has specific legal meaning under Regulation (EU) 910/2014 (eIDAS) and gives the chain of custody a defensible time anchor in the EU and EEA, recognized independently of you, your firm, and GetProofAnchor.

Qualified provider

Currently SK ID Solutions AS (Estonia), listed on the EU Trusted List as a Qualified Trust Service Provider.

Legal recognition

Recognized in EU/EEA courts and regulatory proceedings as proof of existence at the timestamped moment, with no need for the court to trust the investigator, the firm, or GetProofAnchor.

Independence over time

The full TSA certificate chain and a frozen snapshot of the EU Trusted List are inside the ZIP — verification works offline, even years after the case closes, even if the TSA later ceases operation.

Combined with the Bitcoin OpenTimestamps anchor, your evidence carries two independent time anchors — one legally recognized, one cryptographically global — backing the moment of capture with no reliance on any single party.

Common questions from investigators

Direct answers to the questions we hear most often. Tap to expand.

How fast can I capture in the field?
The browser extension captures in seconds — it's a single click on the page you're already looking at. The dashboard captures public URLs in roughly 30–60 seconds depending on the page. The Evidence ZIP, including the eIDAS qualified timestamp and Bitcoin anchor, is generated automatically and ready to download or hand off shortly after. Speed matters for volatile sources like classified ads, scam pages, and rapidly changing profiles — capture early, capture often.
Can I capture content behind login (banking dashboards, broker portals, internal admin)?
Yes — that is the primary investigator workflow. Available on Enterprise and Business plans, the Chrome extension captures exactly what your real browser is showing, including content that requires login, 2FA, paid subscription, or a specific session. Public URLs can also be captured server-side via the dashboard. Cookies, passwords, and browsing history never leave your machine — only the captured page artifacts are uploaded.
Does this provide chain of custody?
Yes — chain of custody is a core design goal. Every Evidence ZIP includes (1) capture metadata (engine, viewport, scroll, automatically handled consent dialogs), (2) the global append-only hash chain entries linking the proof to all preceding captures, (3) a Bitcoin OpenTimestamps receipt independent of GetProofAnchor, and (4) an eIDAS qualified timestamp from an EU-qualified TSA. A forensic expert can independently verify the entire stack offline. The bilingual README documents each step. The chain is mathematical — there is no signed affidavit to attack.
Can I hand the Evidence ZIP directly to counsel or a forensic expert?
Yes — that is exactly the intended handoff. The Evidence ZIP is a self-contained, offline-verifiable bundle of around 24 files (format: getproofanchor-evidence-1) plus a bilingual EN+CS verification README. No GetProofAnchor account, no service dependency, no internet connection needed for the integrity check (Bitcoin verification is the only optional online step). Counsel attaches the ZIP to the case file; the forensic expert runs the verification using python3, openssl, and ots — independently of GetProofAnchor.
What about OSINT subject pages, dark-pattern checkout flows, or rapidly changing scam sites?
These are exactly the volatile sources the workflow is built around. Marketplace listings get edited, scam pages disappear under takedown pressure, dark-pattern UIs change between sessions, and OSINT subjects clean up profiles the moment they sense surveillance. Capture at the moment of observation. The eIDAS qualified timestamp and Bitcoin anchor independently fix the “when”; the four-layer integrity stack independently fixes the “what”. Subsequent edits to the live page do not affect your captured evidence.
Will the Evidence ZIP still verify if my client is in a different country, or years later?
Yes. The package is fully self-contained and designed for long-term offline verification. The TSA certificate chain and a frozen snapshot of the EU Trusted List are bundled inside the ZIP at capture time, so eIDAS verification works without internet, even years later, even if the TSA later ceases operation. The Bitcoin anchor is preserved by the Bitcoin network itself. The hash manifest works with any standard SHA-256 tooling. The bilingual README gives copy-paste verification commands that any forensic professional can run, regardless of jurisdiction.

Reference material

Deeper reading for investigators, counsel, and forensic experts on the receiving end of the Evidence ZIP:

Concept

How GetProofAnchor works — capture, trust stack, Evidence ZIP, verification

Open →
Workflow

How to create a proof from a URL — Dashboard + Browser Widget

Open →
Reference

Evidence ZIP — every file inside, offline-verifiable

Open →
Verification

How to verify evidence — Proof ID, ZIP, online & offline

Open →

Capture before the trail goes cold

Volatile online evidence with cryptographic chain of custody, EU-qualified timestamp, and a Bitcoin anchor. Counsel-ready, forensic-grade, offline-verifiable.

Create evidence → Install extension → Verify