ADT-4 Pro Model Release:The definitive threat intelligence for the AI eraRead the research paper

ADT Evidence Layer

Every action sealed.
Tamper-proof forever.

The ADT Evidence Layer cryptographically seals every detection, action, and response the platform takes. Regulators, courts, and auditors get forensically admissible evidence packages on demand - in minutes, not days.

Start free trial Full platform overview
100%
Action coverage
<1s
Tamper detection
<3min
Evidence export
PulseADT · Evidence Layer · Cryptographic Mode
SEALED
ACT
Engine
Autonomous action: lateral movement blocked · asset: SRV-PAYROLL-01
SEAL
Evidence
Action sealed · SHA-256: 3f9a1b2d...e4c7 · timestamp: 2026-03-12T14:22:07.441Z
CHAIN
Custody
Chain-of-custody entry appended · immutable ledger · entry #1,047,382
AUDIT
Log
Operator review available · 0 modifications permitted post-seal
QUERY
CBN Auditor
Export request: Q1 2026 incident evidence · format: ISO 27037
EXPRT
Evidence
Full evidence package exported · 1,184 sealed entries · forensically admissible
evidence integritytamper-evident · forensically admissible
100%
Action coverage
Every detection and response cryptographically sealed
< 1s
Tamper detection
Continuous hash chain verification
< 3min
Evidence export
Full package, any date range, on demand
ISO 27037
Forensic standard
Court-admissible digital evidence structure

Cryptographic Chain-of-Custody

Every action sealed. Every change detected.

The ADT Evidence Layer cryptographically seals every automated action PulseADT takes - containment, isolation, remediation, and detection - using SHA-256 hashing with RFC 3161-compliant trusted timestamps. The moment evidence is sealed, it is immutable. Any tampering is immediately detectable by any party with the hash.

RFC 3161 trusted timestamps on every action and detection event
SHA-256 cryptographic sealing - tamper detection is mathematically verifiable
Immutable append-only ledger - no post-seal modifications permitted by any role
Chain-of-custody entry for every automated action, with full context
Evidence integrity dashboard - continuous verification of the full chain
100%Of automated actions and detection events are cryptographically sealed at the moment of occurrenceZero post-hoc modifications permitted

Tamper Detection

Know immediately if evidence has been touched.

Regulatory admissibility depends on demonstrating evidence integrity throughout the entire chain. PulseADT's evidence layer continuously verifies the hash chain from the first entry to the most recent. Any modification - at any point in the chain - is immediately surfaced to security administrators and auditors.

Continuous hash chain verification from first entry to present
Real-time alerting if any entry in the evidence chain mismatches its stored hash
Multi-party verification - auditors can independently verify without PulseADT access
Segregated evidence storage - isolated from the operational security platform
Role-based access: view-only permissions for auditors with full hash verification capability
<1sTime to detect evidence tampering anywhere in the full historical chainContinuous background verification

Regulator-Ready Export

Evidence packages formatted for any authority.

When regulators, auditors, or courts request evidence, PulseADT generates formatted packages on demand. Exports include structured incident timelines, all sealed action records, detection context, analyst notes, and a cryptographic integrity attestation - formatted to ISO 27037, CBN, NDPR, and court submission standards.

On-demand evidence package export across any date range
ISO 27037 digital forensics structure for any exported package
CBN and NCC incident report formatting with evidence appendices
Cryptographic integrity attestation document included with every export
Redacted exports available for cross-party disclosure with verified integrity
< 3minTo generate a full, formatted evidence package for any regulatory authority or court submissionAny incident, any date range, on demand

Legal Admissibility

Evidence that stands in court - and before regulators.

Digital evidence has been challenged and discarded in Nigerian and international proceedings due to chain-of-custody failures and lack of cryptographic integrity. PulseADT's evidence layer is designed from the ground up to satisfy civil and criminal court evidentiary standards, as well as regulatory admissibility requirements for CBN, NDPR enforcement, and EFCC proceedings.

Evidence structure compliant with Nigerian Evidence Act requirements for digital records
Independent expert verification capability - no PulseADT involvement required post-export
Witness statement support: structured narrative with hash-verified exhibit attachments
Cross-border admissibility: GDPR, Schrems II, and mutual legal assistance frameworks
Preservation order support: evidence freeze capability on regulatory request
Court-readyEvidence packages validated against Nigerian Evidence Act and international forensic standardsCivil, criminal, and regulatory proceedings

The difference

Log files are not
forensic evidence.

Traditional SIEM and EDR log files are modifiable by any administrator. They have no cryptographic integrity proof, no independent tamper detection, and no chain-of-custody documentation. Courts and regulators increasingly reject them. The ADT Evidence Layer is built for the standard they require.

See full comparisons
Traditional Logs
ADT Evidence Layer
Log files modifiable by administrators - no tamper detection
Cryptographic sealing - any modification mathematically verifiable by any party
Evidence assembled manually from disparate systems over days
Formatted evidence package generated in under 3 minutes on demand
Chain-of-custody documented in spreadsheets or paper logs
Immutable append-only digital ledger with continuous hash chain verification
Evidence challenged in court due to integrity failures
ISO 27037 and Nigerian Evidence Act“compliant digital forensics structure
No framework for preserving evidence on regulatory request
Evidence freeze capability: legal hold mode locks package on regulator order
100%
Action coverage
<1s
Tamper detection
<3min
Evidence export
ISO 27037
Forensic standard

Evidence that holds
when it matters most.

Deploy PulseADT and get cryptographically sealed, court-admissible evidence for every security action - without any additional tooling or manual documentation.

Start free trial Talk to sales