Who Held the File Before You Saw It?

Introduction

When evaluating alleged UFO evidence obtained through hacking, one question often matters more than the content of the claim itself: who held the file before you saw it? In digital forensics, this is known as the chain of custody—the documented history of how evidence was collected, copied, stored, transferred, and examined. Without that history, even a genuinely unusual file can become impossible to authenticate. [NIST Publications]nvlpubs.nist.govDigital files are very easy to change, so maintaining the integrity of the data is a critical concern. (See also Section…Read more…

This issue is especially important in cases associated with hackers such as Gary McKinnon. McKinnon publicly described seeing unusual NASA imagery and a file listing “Non-Terrestrial Officers”, but the public has never been able to inspect original preserved copies of those materials. What remains is primarily testimony about what was seen rather than artefacts that can be independently verified. [WIRED]wired.comufo hacker tells what he foundWIRED'UFO Hacker' Tells What He FoundJun 21, 2006 — The search for proof of the existence of UFOs landed Gary McKinnon in a world of trou…

For UFO researchers, chain-of-custody failures are often the dividing line between a potentially testable digital artefact and an anecdote that cannot be reconstructed years later.

What Chain of Custody Means for Digital Files

A chain of custody is the documented record showing where evidence came from, who handled it, when it changed hands, and how its integrity was protected. In digital investigations, the goal is to demonstrate that a file examined today is the same file originally collected. [PMC+2SWGDE - SWGDE]pmc.ncbi.nlm.nih.govPMCThe Chain of Custody in the Era of Modern ForensicsThe latest guidelines regarding the establishment of digital evidence…

For digital evidence, that normally includes:

Digital files are unusually fragile from an evidential perspective because they can be duplicated perfectly, edited invisibly, stripped of metadata, recompressed, renamed, or partially copied. As NIST notes, maintaining integrity is a central concern precisely because digital data is easy to alter. [NIST Publications]nvlpubs.nist.govDigital files are very easy to change, so maintaining the integrity of the data is a critical concern. (See also Section…Read more…

In UFO hacker cases, the chain frequently begins to break before evidence ever reaches the public.

Why Hacked Evidence Is Especially Fragile

The normal forensic process assumes evidence is collected deliberately and preserved immediately. Hacker-discovered material often follows the opposite path.

A typical UFO hacker narrative involves a person accessing a system, observing something unusual, leaving the system, and only later describing what was seen. By that point, several critical pieces of evidence may already be missing:

• The original file.

The result is a custody gap. Investigators know a claim exists, but cannot establish an evidential trail back to the source system. [NIST Publications+2PMC]nvlpubs.nist.govDigital files are very easy to change, so maintaining the integrity of the data is a critical concern. (See also Section…Read more…

This problem becomes even more severe when years pass between the alleged discovery and public discussion. Servers are replaced, logs expire, archives are reorganised, and witnesses’ memories evolve. What remains may be sincere recollection, but not necessarily verifiable evidence.

The Gary McKinnon Example

Gary McKinnon is one of the most frequently cited examples in UFO hacking discussions because he claimed to have encountered unusual material while accessing NASA and US military systems. He described seeing a high-resolution image of a non-human-looking craft and reported finding references to “Non-Terrestrial Officers” in a spreadsheet-like file. [WIRED+2WIRED]wired.comufo hacker tells what he foundWIRED'UFO Hacker' Tells What He FoundJun 21, 2006 — The search for proof of the existence of UFOs landed Gary McKinnon in a world of trou…

From a chain-of-custody perspective, however, several problems immediately arise.

No Public Original File

The alleged image was not preserved in a publicly available original format. McKinnon has stated that he did not capture the image before losing access. As a result, researchers cannot examine the file itself, calculate hashes, inspect metadata, or compare it against known NASA imagery. [Wikipedia]WikipediaGary Mc KinnonGary Mc Kinnon

Without the artefact, authentication becomes impossible.

No Preserved Acquisition Record

A forensic acquisition normally documents exactly where evidence came from. In this case, there is no publicly available forensic record identifying the original file path, storage location, system configuration, or acquisition procedure. [WIRED]wired.comufo hacker tells what he foundWIRED'UFO Hacker' Tells What He FoundJun 21, 2006 — The search for proof of the existence of UFOs landed Gary McKinnon in a world of trou…

Even if a copy later emerged, investigators would struggle to prove that it was the same file allegedly viewed during the intrusion.

Missing Transfer History

Chain-of-custody documentation requires tracking every transfer and custodian. In the McKinnon case, no public record establishes how the alleged materials moved from source system to preserved evidence because no preserved evidence has been produced. [PMC]pmc.ncbi.nlm.nih.govPMCThe Chain of Custody in the Era of Modern ForensicsThe latest guidelines regarding the establishment of digital evidence…

The practical consequence is that the claim cannot be independently reconstructed from available evidence.

The Difference Between a Story and an Artefact

A common misunderstanding in UFO discussions is that a witness account and a digital artefact carry similar evidential weight. They do not.

An artefact can be examined repeatedly by different analysts. A story about an artefact cannot.

For example, a preserved file allows investigators to ask:

A remembered observation allows none of these tests. [NIST Publications+2SWGDE - SWGDE]nvlpubs.nist.govDigital files are very easy to change, so maintaining the integrity of the data is a critical concern. (See also Section…Read more…

This distinction explains why many UFO hacker claims remain unresolved. The debate often centres on what someone reported seeing rather than on evidence available for inspection.

How Custody Failures Create Alternative Explanations

Once custody is broken, alternative explanations multiply.

A researcher cannot confidently determine whether a file was:

Even honest witnesses can misidentify technical information when viewing unfamiliar systems under unusual circumstances. Missing custody records make it difficult to separate misinterpretation from genuine discovery. [NIST]nist.govprovenience based cross verification digital forensic artifacts applied ntfsProvenience-based cross-verification of digital forensic…by A Nelson · 2024 — The results of this general workflow form comprise a…

This does not prove a UFO claim is false. Rather, it means the available evidence cannot reliably distinguish among competing explanations.

A Practical Custody Checklist for UFO Claims

When evaluating alleged hacker-discovered UFO evidence, a useful first step is to ignore the extraordinary content and examine the custody trail.

Ask the following questions:

1. Is the original file available? Not a screenshot of a screenshot, but the earliest preserved version.
2. Was a hash generated close to acquisition? Hashes provide a way to detect later modification. [SWGDE - SWGDE]swgde.orgWhen a file is hashed, a “digital fingerprint” of a file is created, which is unique to…
3. Can the source system be identified? Server, archive, database, directory, or storage location.
4. Is there documentation of transfers? Who copied the file and when? [SWGDE - SWGDE]swgde.orgSWGDESWGDE Best Practices for Digital Evidence CollectionThe chain of custody documentation should be contemporaneous to the coll…
5. Does metadata survive? Creation dates, software signatures, embedded properties, and file history.
6. Can independent analysts inspect the same artefact? Verification requires more than a single witness.
7. Is there corroborating system context? Logs, neighbouring files, archived references, or institutional records.

The more “no” answers a claim receives, the more it shifts from evidence evaluation toward witness evaluation.

Why Custody Matters More Than Sensational Content

The most dramatic UFO-related file imaginable would still require provenance. A document titled “Non-Terrestrial Officers”, a photograph of an unknown craft, or a secret database entry does not become trustworthy merely because it appears extraordinary.

In digital forensics, provenance often matters more than content. A mundane file with a documented acquisition path, preserved metadata, verified hashes, and an unbroken chain of custody can be stronger evidence than a spectacular claim with no surviving artefact. [NIST Publications+2NIST]nvlpubs.nist.govDigital files are very easy to change, so maintaining the integrity of the data is a critical concern. (See also Section…Read more…

For UFO hacker cases, that principle provides a practical rule: before asking what a file supposedly shows, establish whether anyone can demonstrate where it came from and who controlled it at every stage. Without that foundation, investigators are not examining evidence—they are examining a story about evidence.

Amazon book picks

Further Reading

Books and field guides related to Who Held the File Before You Saw It?. Use these as the next step if you want deeper reading beyond the article.

Book

Digital Evidence and Computer Crime

By Eoghan Casey

Directly addresses chain of custody and integrity.

See on Amazon

Book

Incident Response & Computer Forensics, Third Edition

By Kevin Mandia, Matthew Pepe et al.

Explains evidence collection and preservation.

See on Amazon

Book

Guide to Computer Forensics and Investigations

By Bill Nelson, Amelia Phillips et al.

Strong coverage of custody procedures.

See on Amazon

Book

Practical Forensic Imaging

By Bruce Nikkel

Focuses on preserving evidence integrity.

See on Amazon

Browse more on Amazon: Digital Evidence Computer Crime Incident Response & Computer Forensics, Third Edition to Computer Forensics and Investigations books

As an Amazon Associate I earn from qualifying purchases.

eBay marketplace picks

Marketplace Samples

Example marketplace items related to this page. Use the search link to explore similar finds on eBay.

Shop location

Using USA USA USAUKCanadaAustraliaIreland

Example eBay listing

I Want To Believe Ufo Television Series - Canvas - Framed or Poster Available

Search eBay.co.uk: UFO poster

Browse similar on eBay.co.uk

Example eBay listing

VINTAGE UFO FLYING SAUCERS COMIC ADVERTISING A2 POSTER PRINT

Search eBay.co.uk: UFO poster

Browse similar on eBay.co.uk

Example eBay listing

Large A0 A1 UFO UAP Close Encounter Abduction Alien Saucer Craft Wall Art Poster

Search eBay.co.uk: UFO poster

Browse similar on eBay.co.uk

Example eBay listing

I Believe Alien UFO Poster A3 - Sci-Fi Space Wall Art - Extra-terrestrial Abduct

Search eBay.co.uk: UFO poster

Browse similar on eBay.co.uk

Browse more on eBay.co.uk

Example items shown for inspiration; availability and pricing can change. Branchoria may earn a commission if you purchase through outbound eBay links.

Endnotes

1. Source: nvlpubs.nist.gov
   Link: https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8387.pdf
   Source snippet

   Digital files are very easy to change, so maintaining the integrity of the data is a critical concern. (See also Section...Read more...

2. Source: nist.gov
   Link: https://www.nist.gov/forensic-science/interdisciplinary-topics/evidence-management
   Source snippet

   d that its chain of custody is tracked. The...

3. Source: wired.com
   Title: ufo hacker tells what he found
   Link: https://www.wired.com/2006/06/ufo-hacker-tells-what-he-found/
   Source snippet

   WIRED'UFO Hacker' Tells What He FoundJun 21, 2006 — The search for proof of the existence of UFOs landed Gary McKinnon in a world of trou...

4. Source: Wikipedia
   Title: Gary [Mc Kinnon]({{ ‘mc-kinnon/’ | relative_url }})
   Link: https://en.wikipedia.org/wiki/Gary_McKinnon

5. Source: pmc.ncbi.nlm.nih.gov
   Title: PMCThe Chain of Custody in the Era of Modern Forensics
   Link: https://pmc.ncbi.nlm.nih.gov/articles/PMC10000967/
   Source snippet

   The latest guidelines regarding the establishment of digital evidence...

6. Source: swgde.org
   Link: https://www.swgde.org/documents/published-complete-listing/18-f-002-swgde-best-practices-for-digital-evidence-collection/
   Source snippet

   SWGDESWGDE Best Practices for Digital Evidence CollectionThe chain of custody documentation should be contemporaneous to the coll...

7. Source: swgde.org
   Link: https://www.swgde.org/documents/published-complete-listing/18-f-002-best-practices-for-digital-evidence-collection/
   Source snippet

   SWGDEBest Practices for Digital Evidence Collection - SWGDEAt a minimum, this documentation should include a chain of custody and...

8. Source: swgde.org
   Link: https://www.swgde.org/documents/published-complete-listing/swgde-position-on-the-use-of-md5-and-sha1-hash-algorithms-in-digital-and-multimedia-forensics/
   Source snippet

   When a file is hashed, a “digital fingerprint” of a file is created, which is unique to...

9. Source: wired.com
   Title: terrorist or ufo truth seeker
   Link: https://www.wired.com/2006/04/terrorist-or-ufo-truth-seeker/
   Source snippet

   ?Apr 28, 2006 — But Briton Gary McKinnon says he is just an ordinary computer nerd who wanted to find out whether aliens and UFOs exist...

10. Source: nist.gov
    Title: provenience based cross verification digital forensic [artifacts]({{ ‘artifacts/’ | relative_url }}) applied ntfs
    Link: https://www.nist.gov/publications/provenience-based-cross-verification-digital-forensic-artifacts-applied-ntfs
    Source snippet

    Provenience-based cross-verification of digital forensic...by A Nelson · 2024 — The results of this general workflow form comprise a...

11. Source: wired.com
    Title: WIRE D
    Link: https://www.wired.com/
    Source snippet

    The Latest in Technology, Science, Culture and...We bring you the future as it happens. From the latest in science and technolog...

12. Source: wired.com
    Title: british ufo hac
    Link: https://www.wired.com/2008/07/british-ufo-hac/
    Source snippet

    ker Gary McKinnon Is Coming to AmericaJul 30, 2008 — Threat Level extends its warmest welcome to hacker Gary McKinnon, who just lost his...

13. Source: nist.gov
    Link: https://www.nist.gov/
    Source snippet

    National Institute of Standards and TechnologyNIST promotes U.S. innovation and industrial competitiveness by advancing measurement scien...

14. Source: csrc.nist.gov
    Title: govchain of custody
    Link: https://csrc.nist.gov/glossary/term/chain_of_custody
    Source snippet

    of custody - Glossary | CSRCA process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle b...

15. Source: csrc.nist.gov
    Title: govdigital forensics
    Link: https://csrc.nist.gov/glossary/term/digital_forensics
    Source snippet

    forensics - Glossary | CSRCThe application of computer science and investigative procedures involving the examination of digital evidence...

16. Source: swgde.org
    Link: https://www.swgde.org/documents/published-complete-listing/05-f-001-swgde-digital-multimedia-evidence-glossary/
    Source snippet

    SWGDE Digital & Multimedia Evidence GlossaryChain of Custody. The chronological documentation of the movement, location and possession of...

17. Source: swgde.org
    Link: https://www.swgde.org/documents/published-complete-listing/23-q-001-best-practices-for-personnel-presenting-digital-evidence-in-legal-proceedings/
    Source snippet

    wledge, skills, and abilities investigators/digital forensic examiners need to present...Read more...

Additional References

1. Source: interpol.int
   Link: https://www.interpol.int/content/download/16243/file/Guidelines_to_Digital_Forensics_First_Responders_V7.pdf
   Source snippet

   GUIDELINES FOR DIGITAL FORENSICS FIRST...Handle evidence according to agency policy and maintain a chain of custody. • Preserve the stat...

2. Source: vps.net
   Link: https://www.vps.net/blog/historic-hacks-gary-mckinnon/
   Source snippet

   Historic Hacks: Gary McKinnon – BlogIn our Historic Hacks segment, we like to look back at internet events that shocked, surprised, or ho...

3. Source: malicious.life
   Link: https://malicious.life/episode/us_vs_gary_mckinnon/
   Source snippet

   The US vs. Gary McKinnonGary McKinnon, a British hacker with Asperger's, broke into NASA & U.S Army networks - to find evidence of UFO co...

4. Source: researchgate.net
   Link: https://www.researchgate.net/publication/386361522_Digital_Evidence_Chain_of_Custody_Navigating_New_Realities_of_Digital_Forensics
   Source snippet

   (PDF) Digital Evidence Chain of Custody: Navigating New...Dec 3, 2024 — In digital forensic practice, integrity is typically ensured thr...

5. Source: spreaker.com
   Title: gary mckinnon the hacker who found nasa s ufo non terrestrial officers 70473181
   Link: https://www.spreaker.com/episode/gary-mckinnon-the-hacker-who-found-nasa-s-ufo-non-terrestrial-officers–70473181
   Source snippet

   Gary McKinnon: The Hacker Who Found NASA's UFO &...5 Mar 2026 — This episode is a casual, banter-filled deep dive into Gary McKinnon's N...

6. Source: welivesecurity.com
   Title: gary mckinnon reveals detail on nasa data breach and extraterrestrial life
   Link: https://www.welivesecurity.com/2015/12/08/gary-mckinnon-reveals-detail-on-nasa-data-breach-and-extraterrestrial-life/
   Source snippet

   Gary McKinnon reveals detail on NASA data breach and '...Dec 8, 2015 — IT expert and so-called hacker Gary McKinnon has claimed in an in...

7. Source: youtube.com
   Link: https://www.youtube.com/watch?v=WFd7XzTf6_k
   Source snippet

   David Grusch & NASA Hacker Gary McKinnonThe story of how a hacker breached NASA security with the intention of proving that NASA is hidin...

8. Source: youtube.com
   Link: https://www.youtube.com/shorts/OFfQo4HkGp0
   Source snippet

   NASA Hacker Found Alien Officers List...Gary McKinnon, the hacker who broke into NASA, claimed to have found evidence of UFOs and a secr...

9. Source: youtube.com
   Link: https://www.youtube.com/watch?v=vimQuaC3RYM
   Source snippet

   Understanding Chain of Custody in Digital ForensicsChain of custody refers to the documented process of collecting handling and preservin...

10. Source: lcgdiscovery.com
    Link: https://lcgdiscovery.com/beyond-the-screen-part-6-video-evidence-under-the-microscope-metadata-and-manipulation/
    Source snippet

    Body-worn cameras. Prosecutors and agencies now have guidance that pairs policy with evidence practice...Read more...