How chain-of-custody actually works

Chain-of-custody in software is a careful claim: it means every transformation of a piece of evidence is recorded, every actor is identified, and every step is independently verifiable.

At Verify, this is built on three primitives: a Merkle log of evidence-state transitions, a signed actor identity at every write, and an external timestamping anchor (RFC 3161) that prevents backdating.