Tamper-Evident Evidence

We capture attacker activity from SSH honeypots into tamper-evident records, hashed with SHA-256 and keccak256 so any later modification is detectable. This is early-stage tooling for evidence integrity, not a legal certification or a claim of court admissibility.

Evidence Integrity by Design

Our evidence capture is built around tamper-evident hashing, EU-region hosting, and GDPR- and NIS2-aware handling. These describe our design intent, not achieved certifications.

EU Data Residency

By design

EU-region hosting

Honeypot and evidence data hosted in EU-region infrastructure

Data Protection

GDPR-aware

GDPR

Designed to align with GDPR principles for handling captured activity data

Network Security

NIS2-aware

NIS2 Directive

Designed to align with NIS2 expectations for detection and incident records

Evidence Integrity

Tamper-evident

SHA-256 / keccak256 hashing

Each record is hashed so any later modification becomes detectable

Evidence Integrity Features

Tamper Detection

Tamper-evident SHA-256 hashing makes any later change to a record detectable

Temporal Integrity

Hashed timestamps record when each event was captured

Authentication

Multi-factor verification validates evidence authenticity

Explore Tamper-Evident Evidence Capture

PHANTAQSM is an early-stage, Brussels-based SSH honeypot platform that captures attacker activity into SHA-256 / keccak256 hashed, tamper-evident records. We are pilot-ready and would welcome a conversation.