Archiving Digital Evidence for 10 Years: Method, Formats, and Mistakes to Avoid
A timestamp proof loses all value if the original file becomes unreadable in 5 years. A practical method to preserve digital evidence for the long term.
You timestamp your creations, archive the proofs, and sleep peacefully. Three years later, a dispute breaks out. You open the file: the source no longer opens, the cloud service shut down, and the timestamp proof alone cannot rebuild the work.
Long-term archiving is the weakest link in most digital evidence strategies. Here's a robust method to preserve your proofs over 10 years and beyond.
A timestamp proof in isolation proves nothing. It is the combination original file + proof + context, preserved over time, that constitutes admissible evidence.
Why 10 years, not more or less?
Retention durations follow legal limitation periods. While exact numbers vary by jurisdiction, here are common reference points:
| Action type | Typical duration | Reference |
|---|---|---|
| General civil claim (FR) | 5 years | French Civil Code art. 2224 |
| Commercial obligation (FR) | 10 years | French Commercial Code L. 110-4 |
| Real estate (FR) | 30 years | French Civil Code art. 2227 |
| US contract claims (state-dependent) | 4-6 years | UCC ยง2-725 / state codes |
| UK simple contract | 6 years | Limitation Act 1980 s.5 |
| US copyright infringement | 3 years from discovery | 17 USC ยง507(b) |
Practical rule: keeping evidence for 10 years covers most B2B and B2C cases. For strategic items (works, patents, founding contracts), 30 years is safer.
Your retention period should match the longest plausible limitation period for any potential dispute. When in doubt, keep longer: a few-MB file costs almost nothing to store.
The 4 threats to long-term archiving
1. Format obsolescence
Software formats evolve. A .doc file from 2005 may struggle in 2030. Proprietary formats are most exposed.
2. Media obsolescence Hard drives (5-10 years), SSDs (10 years depending on use), burned CDs/DVDs (5-15 years before degradation). No medium lasts forever.
3. Provider disappearance Cloud service that closes, timestamping provider that ceases activity, private registry that vanishes. Institutional risk is real.
4. Loss of context The file survives, but no one remembers why it was timestamped, by whom, in which project. The proof loses its readability.
The method: 5 pillars for 10 quiet years
- 1Choose durable formatsPrefer PDF/A (ISO 19005), uncompressed TIFF for images, TXT/UTF-8 or Markdown for text, FLAC for audio, Matroska/H.264 for video. Avoid undocumented proprietary formats.
- 2Apply the 3-2-1 ruleAt least 3 copies, on 2 different media types, with 1 off-site. Example: local disk + cloud + external drive stored elsewhere (or in a vault).
- 3Document the contextAttach a context sheet to each file: author, creation date, project, recipients, external reference (contract number, ticket, case ID). Without context, the proof is orphaned.
- 4Verify integrity periodicallyRecompute file hashes at least once a year and compare them to the timestamped hash. This catches silent corruption (bit rot) before it becomes fatal.
- 5Anchor on an independent systemTimestamp the hash on a public blockchain (Bitcoin via OpenTimestamps) or via an eIDAS QTSP (qualified trust service provider). The proof remains verifiable even if your infrastructure disappears.
Formats to favor vs avoid
Robust formats for archiving
| Type | Recommended format | Why |
|---|---|---|
| Document | PDF/A-2 or A-3 | ISO 19005 standard, self-contained |
| Plain text | TXT UTF-8, Markdown | Readable without specific software |
| Still image | TIFF (uncompressed) or PNG | Lossless, stable formats |
| Editable image | DNG (digital negative) | Open standard for RAW |
| Audio | FLAC | Lossless, open source |
| Video | Matroska (MKV) with H.264 or AV1 | Widely supported containers and codecs |
| Structured data | CSV UTF-8, JSON | Human and machine readable |
| Source code | Plain text + Git bundle | Versionable, self-contained |
Formats to avoid (or duplicate)
.doc, older.docx- Proprietary
.xls,.xlsx(export to CSV in parallel) .psd,.ai(proprietary Adobe formats)- Proprietary video formats (older
.mov, exotic codecs) - Binary databases without text export
If the only way to open your evidence is one specific commercial software, you depend on that software's longevity. Always duplicate with an export in an open format.
The 3-2-1 rule in practice
Origin: Peter Krogh's recommendation in The DAM Book (2005), now adopted by US-CERT and most archiving guides.
3 copies, 2 media, 1 off-site:
- Primary copy: on your workstation or business server.
- Secondary copy: on an external disk or local NAS.
- Remote copy: on a cloud service, digital vault, or physically with a third party (notary, bank vault).
For critical evidence, escalate to 4-3-2: 4 copies, 3 media, 2 remote sites.
Concrete example for a photographer
- Memory card emptied to local NAS (RAID 1).
- Daily backup to USB drive stored at the studio.
- Sync to encrypted cloud (BackBlaze, iDrive, OVHcloud).
- Selection of key works timestamped on LegalStamp/Bitcoin.
Integrity verification: the annual ritual
Bit rot (silent bit degradation on storage) is real: Microsoft Research estimated in 2010 between 0.01% and 0.1% bit corruption per year on consumer drives. Over 10 years, on multi-GB files, the risk becomes significant.
Simple procedure:
# Recompute SHA-256 hash of a file
shasum -a 256 my_file.pdf
# Compare to timestamped hash (stored alongside)
diff my_file.sha256 my_file.sha256.original
If hashes match, the file is intact. Otherwise, restore from another copy and investigate the failing medium.
On Linux/macOS, a monthly cron script is enough. On Windows, PowerShell
(Get-FileHash) does the job. Keep a verification log: it's a strong element
if the proof is ever challenged.
ISO 14721 (OAIS) and NF Z42-013
For organizations needing a formal framework, two references stand out:
- ISO 14721 (OAIS - Open Archival Information System): international reference model for long-term digital preservation, originally developed by NASA for space mission data archives. Defines roles, processes and information packages (SIP, AIP, DIP).
- NF Z42-013 (AFNOR, France): technical and organizational requirements for evidentiary Electronic Archiving Systems (SAE). Covers integrity, traceability, format durability, security, verification and migration procedures.
- NF 461 certification: third-party certification of SAE compliance with NF Z42-013 and NF Z42-020 (digital safe component).
Independent creators don't need to deploy a certified SAE โ but borrowing the principles (logging, verification, redundancy) remains highly relevant.
The role of blockchain timestamping over time
Blockchain anchoring changes the long-term game: the proof becomes verifiable independently of your infrastructure and even of the timestamping service provider.
With OpenTimestamps (Bitcoin anchoring): the proof remains verifiable as long as the Bitcoin blockchain exists. No third party to query, just an .ots file to keep alongside the original.
With an eIDAS QTSP: the proof benefits from a legal presumption in Europe, but its verification depends on service availability or a depositary authority for the certificates.
Hybrid strategy: double the anchoring (qualified for immediate legal weight, public for long-term resilience).
Common mistakes to avoid
Keeping the proof without the original file โ A timestamp proof alone cannot reconstitute the file. Without the file, the proof is inoperative.
Storing everything in one place โ A disaster (fire, ransomware, RAID failure) can destroy all copies at once.
Never testing backups โ An untested backup is not a backup. Restore a sample at least once a year.
Choosing a cloud without checking its longevity โ How many cloud services have shut down in 10 years? Check export and portability conditions before committing.
Forgetting the context
โ A file named deliverable_v3_final_FINAL.pdf without a context note is unusable 5 years later. Document as you go.
Relying on a single proprietary format โ Always export in an open format in parallel, especially for critical pieces.
7-step action plan
- Inventory your digital proofs (files, timestamps, context).
- Migrate fragile formats to durable formats (PDF/A, TIFF, FLAC).
- Set up 3-2-1: 3 copies, 2 media, 1 off-site.
- Document context (sheet per case or project).
- Anchor hashes on blockchain or via eIDAS QTSP.
- Schedule annual integrity check (cron, script, calendar reminder).
- Keep a log of verifications and migrations.
FAQ
Conclusion
A digital proof is only as good as its preservation. Over 10 years, the issues are not the timestamp or the hash โ they are the formats that evolve, the media that die, the providers that close, and the context that gets lost.
The method fits in five words: durable formats, redundancy, verification, independent anchoring, documented context. Set up once, maintained a few minutes a year, it secures your evidentiary heritage for the next decade.
One question remains: who will actually track all of this for 10 years? The 3-2-1 rule, annual integrity checks, format migration when PDF/A becomes PDF/A-3, the verification log, the GDPR erasure procedure... It's a part-time project.
LegalStamp handles this machinery for you: blockchain anchoring + eIDAS qualified timestamping, NF Z42-compliant archiving, automated integrity verification, audit log, documented GDPR procedure. You drop the file, we take care of the decade.
Disclaimer (general information): this article is provided for educational purposes and does not constitute legal advice. Limitation periods vary by jurisdiction and the exact nature of the dispute. When needed, consult a lawyer or a professional archivist.
