AC
Anasayfa Makaleler Delil Hukuku ve Emsal Kararlar

Digital Evidence Chain: Hash, Timestamp and Forensic Analysis

23 Şubat 2026 Delil Hukuku ve Emsal Kararlar 2 dk okuma 13 görüntülenme Son güncelleme: 8 Mayıs 2026

Digital evidence (e-mail, log, video, message, file) forms the backbone of modern files. However, the easy interchangeability of digital content makes preserving the "chain of evidence" critical.

Types of Digital Evidence

  • E-mail (including header information).
  • Messaging (WhatsApp, Telegram, SMS).
  • Social media posts.
  • Website content (web archive).
  • Server logs.
  • Device forensics examination (phone, computer).
  • Camera recordings.
  • Cloud service records.
  • Blockchain transaction records.

Chain of Evidence Stages

  • Detection: Determining where the evidence is located.
  • Collection: Retrieval while preserving its integrity.
  • Protecting: Seal, hash calculation.
  • Transfer: Delivery to the laboratory/prosecutor's office
  • Analysis: Forensic expert review.
  • Submission: Original/copy evaluation in court.

    • Hash Calculation (Integrity)

    • The "fingerprint" of the file is extracted with algorithms such as SHA-256 and MD5.
    • If a single bit changes, the hash will be different.
    • The hash at the time of collection is compared to the hash at court.
    • Hash mismatch = evidence changed = loss of credibility.

    Timestamp

    • By the Authorized Electronic Certificate Service Provider (EHSS).
    • Proves that the documents "existed at that time".
    • Strong evidence in court.
    • Within the framework of the Electronic Signature Law No. 5070.

    Forensics Examination

    • Authorized expert (registered with Turkpatent or Ministry of Justice).
    • Write-blocker device.
    • "Image" import — disk-to-direct copy.
    • Recovery of lost/deleted files.
    • Metadata (creation date, modification) analysis.
    • Password cracking (within authorized scope).

    Supreme Court 12th CD and Chambers — Established Approach

    12. CD and other agencies look for proof of "chain of evidence" and "hash integrity" in digital evidence; In case of seal violation, hash incompatibility or lack of forensic procedure, the evidence loses its value.

    WhatsApp and Messaging Evidence

    • Mere screenshot is open to manipulation; low reliability.
    • Confirmation with device forensics is recommended.
    • Phone line records (BTK + prosecutor's office request).
    • "Withdrawn" messages can be detected through technical analysis
    • Access of encrypted (E2E) messages via device inspection.

    Practical Advice — Victim

  • Keep the evidence "as is"; Do not edit.
  • Perform hash calculation (if possible).
  • Screenshot certification via notary.
  • Preserve the device for expert examination.
  • Web archive (Wayback Machine) for web content.

    • Practical Advice — Defendant

  • Meticulously examine the chain of evidence presented by the other party.
  • Request hash, seal, transport records.
  • Counter expert review.
  • Manipulation allegations on technical grounds.

    • Digital evidence files require technical experts. IT and criminal law lawyer recommended.

    Telif bildirimi This content and all related Q&A texts are protected under Turkish Copyright Law No. 5846. Unauthorized copying, reproduction, publication, adaptation, bulk extraction, or commercial use is prohibited; legal and criminal remedies are reserved in case of infringement.

    Hukuki destek arıyorsanız

    Bu konuda profesyonel hukuki destek için Aycan Ceylan Avukatlık Bürosu olarak yanınızdayız.

    Görüşme Planla