Trust

Methodology

How CanonProof evaluates integrity and authenticity signals — using indicators, explainable scoring, and a signed certificate snapshot.

Indicators → Score → Status Explainable by design Signed certificate output
How it works under the hood

A repeatable, explainable assessment of a file

SHA-256 anchor Forensic indicators Weighted scoring Signed certificate Public verification
Verification pipeline

From file → to certificate snapshot

01

Ingest & identify

We sniff the media type (image/audio/video/PDF), read metadata, and compute SHA-256 for integrity anchoring.

02

Extract indicators

Type-specific extractors output structured indicators: flags, numeric measurements, and metadata values.

03

Score & classify

A weighted scoring layer converts indicators into a score, confidence, and one of four statuses.

04

Issue & sign certificate

We record a certificate snapshot and sign it (ES256) so the result is tamper-evident and externally verifiable.

Status taxonomy

CanonProof outputs one of four statuses. The status is based on measurable indicators and weighted scoring — not “gut feel”.

  • AUTHENTIC Strong indicators consistent with real/original capture.
  • LIKELY_AUTHENTIC Mostly consistent signals, minor anomalies, or reduced confidence.
  • INDETERMINATE Insufficient evidence either way, missing indicators, or low confidence.
  • MANIPULATED Strong indicators of tampering or synthetic generation patterns.

Important: authenticity vs truth

CanonProof certifies integrity signals and authenticity indicators for a file and signs that assessment. It does not determine the truth of events or claims — it provides a verifiable technical result.

Indicators

What we measure

Images

  • Metadata consistency (EXIF/ICC/timestamps where present)
  • Compression and re-encode patterns
  • Noise/resampling characteristics
  • Copy-move / splice artifacts (where detectable)
  • AI advisory indicators (when available)

Audio

  • Decode attempted/success + codec/container indicators
  • Spectrum features (flatness, band-limit ratio, HF cutoff estimate)
  • Discontinuity and clipping rates
  • Duration/sample rate/channel consistency

Video

  • Container/codec and timeline integrity
  • Keyframe / GOP structure patterns
  • Re-encode / transcode signals
  • Frame-level anomalies (where measurable)

PDFs

  • Incremental update chains and document revision patterns
  • Object structure anomalies and repair flags
  • Embedded image re-save ladders (where detectable)
  • Metadata and producer/tooling fingerprints

Explainable outputs

Every verification produces structured indicators. Your certificate includes these indicators and an explanation layer so a human can understand the result.

Limitations

What methodology can and can’t prove

No. CanonProof evaluates the integrity/authenticity signals of a file and signs that result. It does not determine factual truth of events.

AI analysis is advisory-only. When available, it becomes indicators (probabilities/confidence). It is never the sole decisive factor.

We record extractor attempts and errors as indicators. When evidence is insufficient, the status becomes INDETERMINATE rather than forcing a confident label.

Yes. Re-encoding, resizing, screenshotting, editing, or platform compression can change indicators and reduce confidence—even if the “scene” looks similar.

Need a methodology summary for a client?

We can provide a short “methodology + limitations” brief suitable for PI reports, legal bundles, and insurer workflows.

Contact How it works