TraceProof maintains a continuous screen buffer and seals a cryptographically-signed clip the moment something happens — before anyone can alter it.
DXGI Desktop Duplication captures a rolling pre-trigger buffer. No gaps, no missed frames — including DirectX overlays invisible to conventional tools.
Hotkey, OCR pattern match, rage-click detection, or mic activity. The trigger is configurable. The response is immediate.
Dual SHA-256 hash (capture stream + export), HMAC-SHA256 package signing under DPAPI or TPM, timestamps from 3 NTP servers and DNS SOA cross-check.
Each incident is linked to the previous by hash — blockchain-style. Deletion or modification of any entry is immediately detectable during verification.
The sealed package is automatically uploaded to your Evidence Vault before it can be tampered with locally. Server-side hash verification on receipt.
Captures the DWM-composited frame including DirectX overlays, HDR content, and hardware-accelerated windows. GDI BitBlt cannot see any of this.
CoreWindows.Media.Ocr (native, no Tesseract) scans per-monitor pattern sets. Fires on "margin call", "connection lost", "rejected" — whatever matters to your workflow.
CoreSystem time, Windows FILETIME, 3 parallel NTP servers, and DNS SOA serial as an independent source. Skew detection is logged and included in every incident package.
ForensicEvery incident extends a hash-linked chain. The standalone verifier produces JSON output that integrates directly into SIEM pipelines and investigation workflows.
ForensicNVENC (NVIDIA), AMF (AMD), and QSV (Intel) with CPU fallback. Full 1080p60 capture with near-zero performance impact on the monitored workstation.
CoreSigning keys are protected by Windows DPAPI (CurrentUser) or hardware TPM on Enterprise+. The key never leaves the machine in plaintext.
ForensicGroup Policy (ADMX templates), registry policy, Windows Event Log integration for SIEM, MSI silent deployment. No UI required on managed endpoints.
EnterpriseSelf-hosted Node.js vault with SQLite index, timeline view, chain integrity browser, ZIP export, and auto-generated PDF incident reports. Webhook on every new incident for Slack/Teams.
EnterpriseMachine-bound license activation without internet. Designed for air-gapped trading environments and high-security compliance deployments.
EnterpriseCapture execution errors, margin calls, and disputed orders with a forensic record that holds up to regulatory scrutiny.
Replace "he said / she said" with cryptographically-signed, tamper-evident video records.
Multi-machine Evidence Vault with per-user incident filtering. Real-time webhook to Slack or Teams on every trigger.
Rage-click and hotkey triggers catch behavior that rule-based monitoring misses entirely.
Annual billing saves up to 30%. All plans include the standalone forensic verifier and lifetime access to updates within the tier.
Single workstation. One investigator. Full forensic capability.
On-premise deployment. GPO management. Up to 3–5 monitors per seat.
Unlimited scale. Dedicated support. Custom deployment and SLA.
Request access or book a 30-minute technical demo. We'll walk through a live capture, chain verification, and Evidence Vault setup for your environment.