The Berkeley Protocol on Digital Open Source Investigations, published by the UC Berkeley Human Rights Center with the UN Human Rights Office (OHCHR), is the reference standard for collecting and verifying online photos, videos, and posts so the findings hold up to scrutiny. It is used by investigators, human-rights researchers, and journalists who need their verification to be defensible, not just convincing.

Provenance: where did this actually come from?

The first question is always origin. Is the account that posted it the original source, or a re-poster? When and where was it first published? Reverse-image and reverse-video searches help you find earlier copies and catch old footage being passed off as new — the single most common way online “evidence” misleads.

Content analysis: does what you see check out?

Then you corroborate the content itself. Geolocation matches landmarks, signage, terrain, and shadows against maps and satellite imagery. Chronolocation uses shadow angles, weather records, and visible clocks or events to pin down time. Cross-referencing independent uploads of the same scene strengthens — or quietly demolishes — the claim.

Documentation and chain of custody

A defensible verification is one someone else can re-trace. The Protocol stresses preserving the original file (not just a screenshot), recording hash values, and keeping a methodical log of how the material was obtained and analyzed. Done well, that record is court-ready — though a court, not the investigator, decides admissibility. The discipline is what separates verification from a hunch.

The honest limits

Open-source verification can establish a great deal, but it has edges. It rarely proves intent or authorship by itself, and the rise of convincing synthetic media means a clean-looking file is not automatically authentic. Treat verification as building a weight of corroborating evidence, not delivering a single silver bullet — and flag what you could not confirm as honestly as what you could.

Where forensics adds to OSINT

OSINT verification and digital forensics complement each other: open sources place and date the material, while forensic examination of an original file or device can authenticate it and detect manipulation. For the journalist-specific methods and the lawful line research must not cross, see OSINT for journalists.

Primary sources

OHCHR & UC Berkeley Human Rights Center, Berkeley Protocol on Digital Open Source Investigations — the methodology standard. https://www.ohchr.org/en/publications/policy-and-methodological-publications/berkeley-protocol-digital-open-source

UC Berkeley Human Rights Center, Human Rights Center — open-source investigation training and the Protocol. https://humanrights.berkeley.edu/

Bellingcat, Open-source verification resources and the online investigation toolkit. https://www.bellingcat.com/category/resources/

Quinnlan Varcoe

Founder & CEO

GIAC-certified · 15 industry certifications

With operational experience across Fortune 50 security programs and the defense industrial base, Quinnlan founded SleuthX in 2022 to provide clients with the caliber of expertise typically reserved for the largest enterprises. Her work in threat intelligence and digital forensics has earned the trust of 26,000+ cybersecurity professionals who follow her analysis.

“26,000 professionals follow my work because I say what others won't — and I can back it up technically.”

Fortune 50 BackgroundDefense IndustryThreat IntelligenceDigital PrivacyIncident Response