Blog Details

Introduction

If you produce business records in US litigation, you have almost certainly run into the question of how do we get these in without dragging a live witness to the stand just to say "yes, these are our records"? For records custodians, in-house teams, litigation paralegals and e-discovery vendors, the usual answer is a written custodian of records certificate — a signed declaration that lets a set of business records authenticate themselves. When the records are electronic, that certification increasingly leans on a cryptographic hash to prove the produced copies match the originals. This article explains, in plain terms, what a custodian certificate is, what goes inside it, and how e-Dex (formerly Hash Calculator) builds one offline on your own machine. It is general information, not legal advice.

What Is a Custodian of Records Certificate?

A custodian of records certificate is a written statement by a qualified custodian — or another qualified person — that describes a set of records and certifies the facts a court needs to treat them as authentic business records. The US Federal Rules of Evidence provide for this through the self-authentication rules. FRE 902(11) lets certified domestic records of a regularly conducted activity be self-authenticating; FRE 902(13) extends that to records generated by an electronic process or system shown to produce an accurate result; and FRE 902(14) covers data copied from an electronic device, storage medium or file, authenticated by a process of digital identification. In plain terms: instead of calling a witness purely to lay the foundation, a qualified person signs a certification, and the records can come in on that basis. We are attributing this framework to the rules themselves — we are not advising you on which rule fits your matter. That judgement belongs to the custodian and their attorney.

What's Inside the Certificate

A useful custodian certificate is more than a signature. The e-Dex Custodian Certification template captures the fields that make the declaration meaningful and verifiable:

• Custodian name and qualification — for example, "Jane Roe, Records Manager", the person who is qualified to certify.
• Organisation — the entity that holds the records, such as "Contoso Inc."
• Records described — a plain description of what is being certified, e.g. an email export plus system access logs.
• Files and hashes annexure — each produced file listed with its size, verification status and its SHA-256 value (for instance two evidence images, both marked "Verified").
• Integrity SHA-256 seal — a single hash computed over the certificate's sealed content, so the document itself is tamper-evident; recomputing the seal over the sealed lines must reproduce the stated value.
• Declaration — the operative language in which the custodian certifies the records were made at or near the time of the events by a person with knowledge, kept in the course of a regularly conducted activity and made as a regular practice, and that the copies in the annexure, with the hash values shown, are true and accurate copies of those records.

How a Hash-Based Certificate Supports FRE 902(14)

FRE 902(14) is the rule that speaks most directly to copied electronic data. It allows data copied from an electronic device, storage medium or file to be authenticated by a process of digital identification. A cryptographic hash is precisely such a process. SHA-256 produces a fixed-length fingerprint of a file's exact bytes; change one byte and the fingerprint changes completely. So when the hash on a produced copy equals the hash recorded for the source, that match is strong, objective evidence the copy is a true and accurate duplicate of the original. By listing each file with its hash in the annexure, the custodian certificate gives a qualified person a concrete, reproducible basis to certify the copies — the kind of digital identification the rule contemplates. The certificate documents the integrity values; it does not, by itself, decide admissibility.

How e-Dex Generates the Certificate

In e-Dex, you open the Certificate Generator and pick the Custodian Certification (US business records) template. You then fill in the fields — custodian name and title, organisation, a description of the records, and the basis (for example FRE 902(14)) — and add the files you are certifying. e-Dex hashes each file, verifies it and builds the annexure automatically, then computes the overall SHA-256 integrity seal across the sealed content. When you are ready, you can apply a PAdES digital signature and an RFC-3161 trusted timestamp, then export the finished PDF. The whole flow runs on your own Windows machine, so the records never leave your control.

Verifying the Certificate Offline

The certificate is built to be checked, not just trusted. Anyone reviewing it can recompute the SHA-256 hash of each annexed file and compare it against the value printed in the annexure, and can recompute the integrity seal over the sealed lines to confirm the certificate text itself is unchanged. If the certificate was signed and timestamped, the PAdES signature and RFC-3161 timestamp can be validated too. All of this works offline — no portal, no account, no upload. For a step-by-step walkthrough, see our guide to verify a digital evidence certificate offline, and for the underlying concept of a one-page integrity proof see the evidence integrity certificate. Readers comparing jurisdictions may also find our guide to electronic evidence certificates in India useful.

Frequently Asked Questions

What is a custodian of records certificate?
It is a written declaration by a qualified custodian or other qualified person that describes a set of records and certifies that they were made at or near the time of the events by someone with knowledge, kept in the course of a regularly conducted activity, and made as a regular practice. Under the US Federal Rules of Evidence 902(11), (13) and (14), such a certification can let business records and certified electronic records be self-authenticating, so a live witness is not needed simply to lay the foundation. This is general information, not legal advice.

What is the difference between FRE 902(11), 902(13) and 902(14)?
FRE 902(11) covers certified domestic records of a regularly conducted activity, the classic business-records certification. FRE 902(13) covers records generated by an electronic process or system shown to produce an accurate result, certified by a qualified person. FRE 902(14) covers data copied from an electronic device, storage medium or file, where authenticity is established by a process of digital identification such as a hash value. e-Dex helps document the integrity values these certifications rely on; which rule applies is for the custodian and counsel to decide.

How does a hash value support FRE 902(14)?
FRE 902(14) allows data copied from an electronic source to be authenticated by a process of digital identification. A cryptographic hash such as SHA-256 is exactly such a process: it produces a unique fixed-length fingerprint of the copied data, and an identical hash on the copy and the source shows the copy is a true and accurate duplicate. The e-Dex certificate lists each file with its hash in an annexure so a qualified person can certify the copies match the originals.

Does e-Dex need an internet connection to create the certificate?
No. e-Dex runs fully offline on your own Windows machine. Hashing the records, building the annexure and generating the custodian certificate all happen locally, so your records never leave your computer. An internet connection is only used if you choose to apply an RFC-3161 trusted timestamp from a Time-Stamping Authority when signing the PDF.

Is a custodian certificate from e-Dex legal advice or a guarantee of admissibility?
No. e-Dex is a tool that helps you produce a structured, integrity-backed certificate; it does not give legal advice and does not guarantee that any record will be admitted. The custodian or qualified person who signs, together with their attorney, is responsible for the accuracy and sufficiency of the certificate and for meeting the requirements of the rule and the court. Always confirm the current text of the rule and seek advice where the stakes warrant it.

Conclusion

A custodian of records certificate is the practical way to let business records — including electronic ones — authenticate themselves under FRE 902(11), (13) and (14), without putting a witness on the stand just to lay the foundation. e-Dex makes the integrity backbone of that certificate concrete: a clear records description, a hash-sealed annexure of every file, an overall SHA-256 seal, and an optional signature and timestamp — all produced offline. Remember that this is general information, not legal advice, and that the signing custodian and their attorney remain responsible for the certificate's sufficiency. You can build one in minutes on a single Windows machine with e-Dex — the Digital Evidence Integrity Suite. Download it free and start producing defensible, integrity-backed custodian certificates today.