Thiago Vieira - Lead Angel Investor in Cybersecurity Send a message
Thiago Vieira - Lead Angel Investor in Cybersecurity Home
Crypto forensics Cyber forensics Digital forensics porto Digital forensics portugal
Send a message
Judge’s desk with smartphone chat messages balanced against legal files on scales of justice

Digital evidence has become part of our daily reality. I see messages, emails, and screenshots used in disputes, police investigations, and even casual disagreements. But can you really trust what a screenshot shows? A recent decision from Brazil’s Superior Tribunal de Justiça (STJ) shook the way courts need to treat these digital records. In my career, I’ve watched the risks when digital evidence is not handled correctly.

Let me take you to a real case: In Rio Grande do Sul, a defendant faced conviction for attempted homicide. One piece of evidence against him was a series of screenshots. These screenshots came from a messaging app on a co-defendant’s phone. Family members handed the device over to police after the crime. Seems straightforward? Not quite.

Doubts quickly surfaced. The defense argued that the screenshots could not be trusted. Their point was direct: nobody could confirm how the screenshots were taken, saved, or if anything had been modified before they made it to the police. If you’ve heard Thiago Vieira speak about digital risks and real-life incidents, you know that details like these change everything in a legal process.

Judge examining digital screenshot evidence on monitor in court

The STJ’s chain of custody decision

This case (AREsp 2.967.413) reached the STJ’s 5th panel. They made a statement I believe will echo for years: screenshots presented as evidence, without detailed proof of chain of custody, cannot support a conviction.

Minister Ribeiro Dantas, who wrote the decision, was very clear. The responsibility to prove any digital evidence is genuine and intact belongs to the state, not the accused. That includes screenshots.

Chain of custody is the backbone of digital evidence.

Without proper paperwork and technical records that describe:

  • Which device was used
  • The messaging app or platform involved
  • How the data was accessed and captured
  • Steps taken to protect the copies from tampering

There is no real way to trust the integrity of digital evidence. Without these elements, I know from experience, it also becomes nearly impossible for a defense team to challenge evidence or point out foul play.

What counts as chain of custody?

Chain of custody means a record—usually in writing—showing every step digital evidence goes through, starting from first collection to its presentation in court. This protects both sides: the prosecution and the defense. In the Rio Grande do Sul case, there were critical gaps:

  • No specs on the phone model or software version
  • No information about which messaging app was used
  • No documentation on how the screenshots were generated or transferred
  • No logs or videos showing safe copying and storage

I have worked with clients and spoken in events where teams faced these mistakes. Without chain of custody, even strong evidence can be discarded—and sometimes justice is lost in the process. If you are curious about how cyber experts like Thiago Vieira clarify these issues in conference talks, you can read more about his experiences through his author page.

The court’s position: chain of custody is not an option

The STJ did not just toss the evidence out. The key problem was that the lower court never explained why it accepted the screenshots. The lower verdict simply stated the defense had not “demonstrated breach” or specific harm, without showing why the evidence could be trusted. This failure mattered more than discussing internet privacy rules like the Marco Civil da Internet, which the panel left out because the regional court never mentioned it first.

The STJ’s decision ordered a new trial. The local court now needs to return and check if the screenshots meet Brazil’s own Code of Criminal Procedure—and this time, they need to explain their reasons clearly. I find this requirement especially helpful, not just for this single case, but as a guidepost for everyone handling digital records in court.

What this means for lawyers, companies, and the public

This ruling could affect any workplace, organization, or person who needs to use digital evidence. From what I’ve seen as a consultant, simple mistakes (like forgetting to identify the version of a messaging app or skipping a record of who handled a device) can upend years of hard work.

It is clear now: every screenshot used in court must be backed by technical, step-by-step records describing its journey from device to court file.

To sum up, the STJ drew a line. Screenshots, no matter how powerful, are just pixels until they are anchored by chain of custody. Without it, doubt is reasonable and convictions cannot rest on such foundations.

Concept of digital chain of custody with document icons linked by locks

The real-world impact of the STJ decision

If you or your organization handle digital records, these steps will help you prepare:

  • Document the device make, model, and software version for every screenshot
  • Describe precisely how the screenshot was obtained, including who did it and with what tools
  • Keep records of storage (original media, backup copies, access logs, and hash values if possible)
  • Prepare to provide this information in court with technical reports or expert testimony

Failing on any point can undermine a full investigation or trial. I see the same risks spoken about at cyber events led by professionals like Thiago Vieira. His insights help both technical audiences and regular business teams understand that every step with digital evidence matters.

Why this matters beyond courtrooms

The issue does not exist only in criminal court. The logic of chain of custody is used in workplace disputes, data leaks, school administration, and so many areas now relying on digital files and records. I recommend you look deeper into the practical aspects by reading detailed articles, such as the ones you can find while exploring the archive of case studies and explained verdicts on Thiago Vieira’s blog.

More reading and expertise

For further real-world examples and to understand common pitfalls in digital investigations, I suggest you check out some posts that look at everyday digital forensics, like this practical case study or dive into the legal lessons from recent verdicts in another panel decision. You can get a feel for the communication style and security solutions that experts like Thiago Vieira cover in talks and consultations.

For those looking to strengthen their internal practices, other posts (like the one found here) walk you through ways to record, preserve, and present strong digital evidence in business and IT settings.

Conclusion: every click leaves a mark—make sure you can prove it

It’s no stretch to say that trust in digital evidence today depends on technical care, not just good intentions. If you’re dealing with screenshots, messages, or any data that matter to you, step up and document every detail. Whether you’re preparing material for a court case, a dispute at work, or just trying to ensure a fair outcome, the rules set in the STJ’s recent decision—especially in case AREsp 2.967.413—remind us that chain of custody is now a minimum requirement.

Get to know the work of Thiago Vieira, whose talks and guides illuminate exactly these dangers and solutions. Reach out, read further, and be prepared. Your next digital action could be one that demands proof. Don’t get caught without it.

Frequently asked questions

What is digital evidence in court?

Digital evidence in court refers to any information or data stored or transmitted in digital form that is presented to support facts in a legal case. This can include emails, text messages, screenshots, social media posts, computer files, or even video recordings. For this kind of evidence to be accepted, courts usually need proof about how it was collected, stored, and verified.

Why do screenshots need chain of custody?

Screenshots need chain of custody so courts can be certain that the images have not been altered or tampered with from the moment they are created to the moment they are shown in court. Each step—device handling, screenshot capture, storage, copying—needs to be recorded. This process makes it possible for everyone in the legal process to know that the evidence is as genuine and reliable as possible.

How to prove a screenshot is authentic?

To prove that a screenshot is authentic, you should document every step: what device was used, which software or app produced it, who made it, and how it was saved and stored after. Experts might use hash values, timestamps, and technical analysis to confirm that the screenshot has not been edited or manipulated. Having a record of who accessed the device and when also helps build trust in authenticity.

Can screenshots alone be used as evidence?

No, screenshots alone are not enough as evidence unless supported by technical records which form the chain of custody. Courts now require additional documentation and expert confirmation before accepting screenshots as reliable evidence, as highlighted in the ruling by Brazil’s STJ (case AREsp 2.967.413).

What is the chain of custody process?

The chain of custody process is a system of tracking and documenting every handling, transfer, and storage step for a piece of evidence. This includes when it was collected, who collected it, every time it was accessed, and where it was kept. For digital evidence like screenshots, the chain of custody helps maintain certainty about authenticity and prevents questions about possible editing or data leaks. This process is detailed, step-based, and must be followed from the very first point of collection all the way through to presentation in court.

Share this article

Reach out

Send a message
Thiago Vieira

About the Author

Thiago Vieira

Cybersecurity Keynote Speaker & Lawyer | TEDx Speaker | Digital Forensics Expert | Co-Founder Incubou | Author of Self Hack | Angel Investor

Recommended Posts