Skip to main content
Genie9

GOVERN · EVIDENCE & CHAIN OF CUSTODY

Evidence that holds up later.

Export any event as a sealed pack with per-file and bundle hashes, build case files that require real signatures before anything leaves the room, and anchor every bundle to a tamper-evident chain — so the evidence stands up when it’s challenged.

Request Demo AccessTalk to Sales
Evidence pack manifest on dark chrome showing per-file SHA-256 hashes, the bundle hash highlighted, and a verified-against-anchor status rowClick to enlarge

Per-file and bundle hashes, with the anchor proof built in.

Per-file + bundle
Two-level integrity
tamper shows up at every level
Hourly
Anchor cadence
chain root written to write-once storage
N signatures
Case files
export gated until all required signers have signed
Held, not purged
Litigation holds
protected from retention deletion until released
Sealed Export

One event, sealed in a single file — with everything an investigator needs.

Sentinel assembles the full package — event record, video, crops, camera metadata, and audit trail — seals it with per-file and bundle hashes, so any later change is detectable.

  • Everything in one bundle — event record, video clip with pre-roll and post-roll, snapshot, face or plate crop, camera metadata
  • The whole story of who touched it — a full audit trail travels inside the pack
  • Sealed and stamped — every file carries its own fingerprint, and the bundle carries one too
  • Recipient on the record — export is itself an audited action: fingerprint, filename, and who it went to are all logged
Exploded view of an evidence pack showing event record, video clip, snapshot, face crop, camera record, audit trail, and manifest with hashesClick to enlarge

Everything the case needs, in one sealed bundle.

Tamper-Evident by Design

You don’t have to trust us. You can recompute it yourself.

Bundle fingerprints are written into a tamper-evident chain anchored to an external write-once record every hour — so anyone can recompute the chain themselves and prove nothing was altered after the fact.

  • Anchored externally — bundle and case fingerprints committed to a write-once external record, hourly
  • Independently verifiable — anyone can recompute the chain from the underlying records; a mismatch is proof of tampering
  • No quiet edits — the anchor is write-once and external, so no one inside the platform can alter sealed evidence undetected
  • Holds up later — verification doesn't depend on the original operator, session, or deployment still being around
WORM Chain of Custody
Verified
9f2a…c41b
Event sealed
7d3e…a90f
Pack hashed
b15c…2e88
Anchored
Each block hashes the one before it — recompute the chain to prove nothing changed after the fact.

The anchor lives outside the platform. Independent verification needs nothing from us.

Accountable Submission

A case isn’t one operator’s word. It takes real signatures.

Build a case file, attach the relevant events, and require a set number of signatures before anything leaves the room — each one a real, recorded act with biometric signing available where policy requires it.

  • Build the case — create a case file and attach the events that matter; reorder, add, or remove evidence before it's signed
  • Require N signatures — set how many signers a case needs; it can't be exported until the threshold is met
  • Real, attributable signing — every signature records who signed, when, and from where; biometric (WebAuthn / FIDO2) available where policy requires it
  • Sealed like any other pack — the submitted case is fingerprinted across all its evidence and anchored to the same chain
Case file detail showing attached events list, required vs completed signatures, a biometric Sign prompt, and a submit gate locked until threshold is metClick to enlarge

The submit gate stays locked until every required signer has signed.

Protected from Deletion

When something is under dispute, retention shouldn’t quietly erase it.

Pin what must be kept

Place a hold on a person, a camera, a time range, or a zone. Every affected event, video, and face crop is shielded from automatic purges until the hold is lifted.

Survives the retention clock

The daily retention process honors every active hold — nothing under dispute is deleted out from under a case, no matter how long it runs.

Lift on your terms

A hold runs until a set lift date or until you release it explicitly — no accidental early expiry. Placement, modification, and release are each audited.

How it works

From an event to evidence that proves itself.

1

Event

A detection becomes a structured event — a face match, a plate read, a zone crossing — with its video, its crop, its camera, and its full read/write trail already attached.

2

Pack

You export the event. Sentinel assembles the sealed bundle: the record, the video with pre- and post-roll, the crops, the camera record, the audit trail, and a manifest listing every file.

3

Hash

Each file gets its own fingerprint, and the whole bundle gets one — so any change to any part, at any level, becomes detectable.

4

Anchor

The bundle's fingerprint is written into a tamper-evident chain and committed to a write-once external record, so the proof of integrity lives outside the platform.

5

Sign

For a case, the required signers add real, attributable signatures — biometric where policy demands — and only a fully signed case can be exported or submitted.

6

Export

The sealed, signed, anchored bundle leaves as a single file, with the export logged: the fingerprint, the filename, and the recipient.

Under the hood

Specifications.

Pack contentsEvent record, video clip (configurable pre-roll / post-roll), snapshot, face or plate crop, camera metadata record, full event audit trail, manifest, operator signature
Per-file integritySHA-256 hash computed for every file in the bundle
Bundle integritySHA-256 hash over the sorted file list and their hashes (the manifest hash)
Tamper-evident chainMerkle-root anchor: bundle and case hashes folded into a chain, root computed and published hourly
External anchorRoot committed to a write-once (WORM) record, with optional external write to a blockchain or notary service
Independent verificationAnyone can recompute the merkle root from the audit rows and compare to the published anchor — no vendor access required
Case filesAttach multiple events; configurable required signers; status flow: open → awaiting signatures → signed → submitted → closed
SigningRecords signer identity, timestamp, IP, and user agent; biometric signing via WebAuthn / FIDO2 where available; export/submit gated on signature count
Litigation holdsScope by person, camera, time range, or zone; protects events, video, and face crops; lift date or "until released"; all actions audited
Export auditEvery export logged with bundle hash, filename, recipient, signers, and operator
DeploymentIdentical behavior in cloud-managed, on-premise, and air-gapped deployments

Underlying mechanisms (SHA-256, merkle anchoring, WORM, WebAuthn / FIDO2) are named so technical reviewers can evaluate the design directly. Every capability above maps to a shipped feature.

Govern & Investigate

Evidence sits inside a platform built to be accounted for.

Compliance & Privacy

Lawful basis on every watched subject, subject-access handling, and retention policies — the framework litigation holds and evidence packs operate within.

Learn more

Audit & Accountability

The same tamper-evident chain that anchors evidence logs every operator action, so you can show who saw what, when, and what they did.

Learn more

Security & Identity

SAML 2.0, OIDC, SCIM provisioning, WebAuthn / FIDO2 passkeys, and role-based access — the front door that decides who is permitted to export and sign.

Learn more

See the chain of custody, end to end.

Request demo access and we’ll walk it on live data: export an event as a sealed pack, build a case file and require multiple signatures, then recompute the bundle’s fingerprint against the anchor to prove nothing was changed after the fact.

Request Demo AccessTalk to Sales