Every investigative journalist has felt the tension: a promising piece of evidence lands in your inbox, but the deadline is hours away. You need to verify its authenticity without spending days on forensic analysis. We wrote this checklist for those moments. It won't replace a full digital forensics lab, but it will help you catch the most common fakes, inconsistencies, and red flags before you publish.
The five steps below are ordered by priority. Start with step one and move down the list as time allows. If you hit a serious red flag early, stop and reassess. This is not a linear script—it's a triage framework.
Why Verification Fails Under Pressure
The biggest threat to verification isn't technical complexity—it's cognitive bias. When a piece of evidence confirms what we already suspect, we tend to accept it faster and question it less. This is called confirmation bias, and it's especially dangerous in investigative reporting where the stakes are high and the narrative is compelling.
Another common failure is the 'scoop panic'—the fear that if we pause to verify, another outlet will publish first. This leads to shortcuts like accepting a single source's claim without independent corroboration, or trusting a document just because it looks official. We've seen teams publish leaked emails that later turned out to be doctored, simply because the content aligned with their working hypothesis.
The third pitfall is over-reliance on digital tools. A metadata checker or reverse image search can give false confidence if used without understanding their limitations. For example, a photo's EXIF data can be stripped or altered with free software, and a clean result from a reverse image search doesn't mean the image is authentic—it might just mean the fake hasn't been indexed yet.
Finally, there's the 'too many hands' problem. When evidence passes through multiple people—a source, an editor, a fact-checker—each handoff creates an opportunity for error or misinterpretation. Without a clear chain of custody, you can't be sure the evidence you're looking at is the same as what the source provided.
Our checklist is designed to counter these failures. It forces you to slow down at critical decision points, provides concrete checks that don't require specialized equipment, and builds a record you can defend later.
Before You Start: What You Need in Place
Verification doesn't begin when the evidence arrives. It begins with preparation. Here are the prerequisites every journalist should have before a story breaks.
Establish a Source Verification Protocol
Before you accept any material from a source, have a standard set of questions ready: How did you obtain this? Can you describe the original context? Are there others who can corroborate? This doesn't have to be a formal interview—it can be a quick encrypted message exchange. The key is to document the answers immediately.
Set Up Your Digital Toolkit
You don't need expensive software. A few free or low-cost tools can cover most verification needs. At minimum, keep bookmarks for: a reverse image search engine (like TinEye or Google Images), a metadata viewer (like ExifTool or online viewers), a video analysis tool (like YouTube DataViewer or InVID), and a domain WHOIS lookup service. Test these tools before you need them. Know what they can and cannot detect.
Define Your Team's Chain of Custody
If you work with editors or fact-checkers, agree on a simple file-naming convention and a shared log for tracking evidence. For example: 'source-initials_date_description_version'. Each person who handles the evidence should add an entry to the log with the date, time, and what they did (e.g., 'downloaded from encrypted channel', 'extracted metadata', 'compared with archive copy'). This log is your best defense if the story is challenged.
Know Your Legal and Ethical Boundaries
Verification is not just about accuracy—it's also about legality. In some jurisdictions, accessing certain metadata or analyzing encrypted files without authorization can violate privacy laws. Make sure you understand the rules where you operate. When in doubt, consult your newsroom's legal counsel or a media law expert. This guide provides general information only; for specific legal advice, consult a qualified professional.
Prepare for the 'What If' Scenarios
Think ahead about what you will do if the evidence turns out to be fake. Do you have a backup story? A fallback source? A contingency plan for retraction? Having these conversations before the crisis hits saves time and reduces panic.
Step-by-Step Verification Workflow
Here is the core five-step process. Each step includes specific actions and decision points.
Step 1: Assess the Source and Provenance
Start by evaluating who is giving you the evidence and how they obtained it. Ask: Is this source directly involved in the events described, or are they a secondary conduit? Do they have a known track record? What is their possible motive? Even if the evidence looks perfect, a source with a clear bias or a history of spreading misinformation should raise your skepticism level.
Next, trace the provenance. If it's a document, ask for the original file, not a screenshot or a forwarded email. If it's a video, ask for the original recording device or platform link. The closer you are to the original source, the harder it is for the evidence to have been altered without detection.
Step 2: Cross-Check with Independent Sources
Never rely on a single piece of evidence. Look for at least one independent source that confirms the key facts. This could be a public record, a different witness, or a dataset from an unrelated organization. The corroboration doesn't have to match every detail—in fact, slight variations in peripheral details can be a sign of authenticity (real witnesses rarely remember everything identically).
If the evidence is a document or data dump, search for other copies or references online. Has this been reported elsewhere? Do official records (court filings, regulatory databases, government websites) contain matching information? If the evidence is unique and cannot be cross-checked, flag it clearly in your reporting and explain the limitations.
Step 3: Validate Digital Metadata
For digital files, metadata can reveal creation dates, device models, software used, and edit history. Use a metadata viewer to inspect the file. Look for inconsistencies: a photo claiming to be from a protest in 2023 but created with a camera model that wasn't released until 2024 is a red flag. A document with a last-modified date after the event it describes may have been tampered with.
Be aware that metadata can be stripped or forged. Some file formats (like PDFs) can have their metadata edited with simple tools. If the metadata seems too clean—no editing history, no location data, no software signatures—that can also be suspicious. Compare the metadata with what the source told you. If the source says the video was shot on an iPhone but the metadata shows a Canon DSLR, investigate further.
Step 4: Test for Manipulation
This step focuses on visual and audio evidence. For images, use error level analysis (ELA) to look for compression artifacts that indicate editing. Tools like FotoForensics can run ELA for free. Look for inconsistent lighting, shadows, or perspective that don't match the scene geometry. For videos, check for frame-rate anomalies, abrupt cuts, or audio that doesn't sync with lip movements.
For audio recordings, examine the waveform for abrupt changes in background noise or frequency patterns. Free audio analysis tools like Audacity can help you spot splicing. If the recording includes a timestamp, verify it against known events (e.g., news broadcasts, weather reports) that would have been happening at that time.
For documents, compare the font, layout, and logos with known authentic examples. Check for spelling errors that are common in forgeries (e.g., wrong date format, inconsistent official seals). If the document purports to be from a government agency, search for publicly available templates to compare.
Step 5: Document Your Chain of Custody
This is the step most journalists skip, but it's crucial for defending your work. Create a simple log that records: when you received the evidence, from whom, in what format, what checks you performed, and what you concluded. Include screenshots of metadata views and tool outputs. Save all communication with the source. This log doesn't need to be published, but it should be available if the story is challenged in court or by a subject of the investigation.
If you work with an editor, share your chain of custody early. They may spot gaps you missed. And if you ever need to retract or correct a story, a clear log will help you identify where the verification broke down.
Tools and Setup for the Time-Pressed Journalist
You don't need a forensic lab to verify evidence. Here are the tools we recommend for each step, along with their limitations.
Source Assessment Tools
For checking a source's digital identity, use: WHOIS lookup for domain registration (e.g., whois.icann.org), social media profile analysis (check account age, posting frequency, network connections), and reverse email search (try Hunter.io or Epieos). These won't prove a source is trustworthy, but they can reveal inconsistencies—like a 'local activist' whose account was created last week.
Metadata Viewers
ExifTool is the gold standard for image and video metadata, but it requires command-line comfort. For a GUI alternative, try Jeffrey's Image Metadata Viewer (online). For PDFs, use the built-in document properties in Adobe Acrobat or the free pdfinfo command. Remember: metadata can be faked. Use it as one signal among many.
Manipulation Detection
For images: FotoForensics (ELA), JPEGsnoop (for JPEG compression analysis), and Forensically (a suite of tools including clone detection and level sweep). For videos: InVID-WeVerify browser extension (checks video source, keyframes, and metadata) and YouTube DataViewer (retrieves upload date and thumbnail history). For audio: Audacity (spectrogram view can reveal edits).
Cross-Reference Databases
Maintain a list of reliable datasets for your beat. For example: government contracts databases, court records (PACER in the US, BAILII in the UK), corporate registries (OpenCorporates), and leaked document archives (like the OCCRP's Aleph). Always verify the data against official sources when possible.
Workflow Integration
Consider using a dedicated verification platform like Hunchly (which captures web pages and preserves evidence) or the open-source project Verifact. These tools automate some of the logging and metadata extraction, saving you time. However, no tool replaces human judgment. Always review the output critically.
Adapting the Checklist for Different Scenarios
The five-step workflow works for most situations, but you may need to adjust based on the type of evidence and your constraints.
Leaked Documents
When you receive a large document dump, start with a sample. Pick a few documents that are most central to your story and verify them thoroughly using all five steps before moving to the rest. Look for internal consistency—do the dates, names, and figures match across documents? If the leak is from a known source (like WikiLeaks or a whistleblower platform), check the platform's own verification history. Some platforms have been compromised in the past.
Social Media Video
Video from platforms like TikTok or X (formerly Twitter) is often compressed, stripping metadata. Focus on step 4 (manipulation detection) and step 2 (cross-checking). Use the InVID-WeVerify extension to extract keyframes and reverse image search them. Check the uploader's history—have they posted similar content? Look for geolocation clues in the video (street signs, landmarks, weather) and verify them against maps or weather data. A video claiming to be from a specific city but showing wrong license plates or language on signs is a red flag.
Anonymous Tips via Encrypted Channels
When the source is anonymous, provenance is harder to assess. Instead of rejecting the evidence outright, use it as a lead for further investigation. Look for patterns: does the tip align with other information you have? Can you find a second source who can confirm without revealing the first? Document the encrypted channel used (Signal, Telegram, etc.) and the date of receipt. If the source provides a means of verification—like a unique detail only someone with inside knowledge would know—use that as a starting point.
Breaking News with Tight Deadline
When you have minutes, not hours, prioritize steps 1 and 2. Assess the source quickly (do they have a track record?) and cross-check with at least one other independent source. If both checks pass, you can publish with a caveat that the evidence is preliminary and you are continuing to verify. Avoid making definitive claims based on a single source. Use conditional language ('appears to', 'according to documents that we have not fully verified') to protect your credibility if the evidence later proves false.
Collaborative Investigations
When working with a team across different newsrooms, establish a shared verification protocol upfront. Agree on which tools to use, how to label evidence, and who is responsible for each step. Use a collaborative platform like Signal for communication and a shared drive with access controls for evidence. Regular check-ins can catch inconsistencies early.
Common Pitfalls and How to Recover
Even with a checklist, mistakes happen. Here are the most common pitfalls we've seen and how to handle them.
The 'Too Good to Be True' Trap
If a piece of evidence perfectly confirms your hypothesis and comes with no obvious red flags, be suspicious. Falsifiers often include just enough detail to seem credible. Our advice: deliberately try to disprove the evidence. What would have to be true for this to be a fake? If you can't find a plausible forgery scenario, that's a good sign—but don't let your guard down.
Overlooking the Obvious
Sometimes the simplest check is the most effective. A document that claims to be from a government agency but uses the wrong letterhead, or a photo with a date stamp that doesn't match the season, can be caught by basic observation. Train yourself to look at the big picture before diving into technical analysis.
Confirmation Bias in Tool Use
When you run a reverse image search and get no results, it's tempting to conclude the image is original. But it could also mean the image is new and hasn't been indexed, or that the search engine failed. Always interpret tool outputs with the question: 'What else could explain this result?'
Chain of Custody Gaps
If you realize later that you didn't log who handled the evidence, you can try to reconstruct the timeline from email timestamps, chat logs, and file system metadata. But any gap weakens your case. The fix is to build the logging habit from the start—even a quick note in a text file is better than nothing.
When the Evidence Is Fake
If you discover evidence is fabricated after you've already published, issue a correction promptly and transparently. Explain what you found and how you verified it (or failed to). A swift, honest correction builds more trust than a defensive silence. Use the incident to update your verification protocol—what check missed this? Should you add a new step or tool?
Legal and Safety Risks
Some evidence, especially in criminal or national security investigations, may be illegal to possess or share. If you suspect the evidence was obtained through hacking or other unlawful means, consult your newsroom's legal team before proceeding. Your safety and the safety of your sources come before any story.
This checklist is a starting point, not a substitute for professional legal or forensic advice. Each investigation is unique, and the context matters. Use your judgment, and when in doubt, ask for help from colleagues or experts in your network.
Comments (0)
Please sign in to post a comment.
Don't have an account? Create one
No comments yet. Be the first to comment!