Active Incident? 24/7 Response →
SleuthX

Verification

Verify Online Evidence: The Berkeley Protocol

A viral video proves nothing until you can show where it came from and that it wasn't altered. The Berkeley Protocol is the recognized method for doing open-source verification rigorously — here's how it works in practice.

The Berkeley Protocol on Digital Open Source Investigations, published by the UC Berkeley Human Rights Center with the UN Human Rights Office (OHCHR), is the reference standard for collecting and verifying online photos, videos, and posts so the findings hold up to scrutiny. It is used by investigators, human-rights researchers, and journalists who need their verification to be defensible, not just convincing.

Provenance: where did this actually come from?

The first question is always origin. Is the account that posted it the original source, or a re-poster? When and where was it first published? Reverse-image and reverse-video searches help you find earlier copies and catch old footage being passed off as new — the single most common way online “evidence” misleads.

Content analysis: does what you see check out?

Then you corroborate the content itself. Geolocation matches landmarks, signage, terrain, and shadows against maps and satellite imagery. Chronolocation uses shadow angles, weather records, and visible clocks or events to pin down time. Cross-referencing independent uploads of the same scene strengthens — or quietly demolishes — the claim.

Documentation and chain of custody

A defensible verification is one someone else can re-trace. The Protocol stresses preserving the original file (not just a screenshot), recording hash values, and keeping a methodical log of how the material was obtained and analyzed. Done well, that record is court-ready — though a court, not the investigator, decides admissibility. The discipline is what separates verification from a hunch.

The honest limits

Open-source verification can establish a great deal, but it has edges. It rarely proves intent or authorship by itself, and the rise of convincing synthetic media means a clean-looking file is not automatically authentic. Treat verification as building a weight of corroborating evidence, not delivering a single silver bullet — and flag what you could not confirm as honestly as what you could.

Where forensics adds to OSINT

OSINT verification and digital forensics complement each other: open sources place and date the material, while forensic examination of an original file or device can authenticate it and detect manipulation. For the journalist-specific methods and the lawful line research must not cross, see OSINT for journalists.

Primary sources

  1. OHCHR & UC Berkeley Human Rights Center, Berkeley Protocol on Digital Open Source Investigations — the methodology standard. https://www.ohchr.org/en/publications/policy-and-methodological-publications/berkeley-protocol-digital-open-source
  2. UC Berkeley Human Rights Center, Human Rights Center — open-source investigation training and the Protocol. https://humanrights.berkeley.edu/
  3. Bellingcat, Open-source verification resources and the online investigation toolkit. https://www.bellingcat.com/category/resources/

Meet Your Practitioner

Quinnlan Varcoe

Founder & CEO

GIAC-certified · 15 industry certifications

With operational experience across Fortune 50 security programs and the defense industrial base, Quinnlan founded SleuthX in 2022 to provide clients with the caliber of expertise typically reserved for the largest enterprises. Her work in threat intelligence and digital forensics has earned the trust of 26,000+ cybersecurity professionals who follow her analysis.

“26,000 professionals follow my work because I say what others won't — and I can back it up technically.”

Fortune 50 BackgroundDefense IndustryThreat IntelligenceDigital PrivacyIncident Response
Quinnlan Varcoe, Founder & CEO

Certified Expertise

GIAC · AWS · Splunk · CompTIA

Quinnlan Varcoe, Founder & CEO

Schedule Your Session

Schedule a confidential consultation

A direct conversation with Quinn, the founder and CEO who oversees every engagement. NDA-protected. No sales process. Most engagements begin within 48 hours.

Transparent pricing

Trusted by partners across the practice

DAS Health
Exhibit A Cyber
Ally Security
KIRO Group
Black Mirage
Kalles Group
Gridware
CQR
Archstone Security
Cyvergence
Sentinel Cyber
Cloud Underground
Seron Security
Hexen
Koru Risk Management
DAS Health
Exhibit A Cyber
Ally Security
KIRO Group
Black Mirage
Kalles Group
Gridware
CQR
Archstone Security
Cyvergence
Sentinel Cyber
Cloud Underground
Seron Security
Hexen
Koru Risk Management