How to document digital abuse

If you’re facing tech-based abuse, you don’t always get to prove it in the moment.
But evidence—if collected carefully—can become power. It can help with legal protection, housing, support services, or simply being believed.

This guide walks you through calm, low-risk ways to gather and store digital evidence.

Screenshots: what to include, when to export, how to timestamp

Good screenshots tell a story. Capture them in context:

• Include:

  • Time and date (e.g. top bar of the phone or computer)
  • The sender or source (who did what)
  • The action or message in full—no cropping

• Best times to screenshot:

  • When messages are edited or deleted
  • When login or security alerts come in
  • When app behaviour suddenly changes (e.g. GPS active, camera on)

• Timestamping tips:

  • Take a second screenshot showing your system clock
  • Or email the image to yourself immediately (adds a reliable date)

Metadata logs, browser history, and app data

The digital trail you don’t see—until you need it.

• Browser history:

  • Shows access patterns, visited links, login attempts
  • Can prove if someone was impersonating you or tampering remotely

• Cloud/app logs:

  • Google: https://myactivity.google.com
  • Apple: iCloud logs, device access history
  • Dropbox/OneDrive: file open/edit logs

• Login logs:

  • Email accounts often show last IP used, device type, location
  • Screenshot and export logs before changing passwords

• Calendar/app activity:

  • Note added or deleted events, recurring reminders, etc.

Save logs as PDF, CSV, or HTML when possible. Emailing yourself the files helps preserve the timestamp trail.

Voice recordings and journaling patterns

Sometimes the abuse isn’t digital—it just uses tech. Your own words can become a reliable record.

• Voice memos:

  • Record your observations after something happens (“Today I found…”)
  • Can be useful if writing feels too formal or slow

• Journaling:

  • Paper, notes app, or secure journaling tool
  • Focus on what happened, how it made you feel, and what was unusual

• Patterns matter:

  • “He reset the router again after I changed the passwords”
  • “She said she knew I was at the pharmacy, though I hadn’t told her”

Don’t worry about making it sound official. Just make it real.

Third-party verification (email headers, IP addresses, others)

If someone claims you did something online—you’ll want more than your word.

• Email headers:

  • Show who really sent a message, from where, using what service
  • Forward the email (as attachment) to a tech-savvy ally or legal advisor

• IP logs:

  • Google, Microsoft, and many apps show recent login IPs
  • Match IP addresses to times you know you were online

• Witnessing tools:

  • Services like Tella (open-source) offer ways to create secure, tamper-evident documentation
  • Cloud backup with timestamps from trusted providers (ProtonDrive, Google Drive with 2FA) also helps

Tools that don’t shout “surveillance!”

Some evidence tools can escalate the situation if found. These don’t:

• Simple tools:

  • Phone’s built-in screenshot or screen recorder
  • Encrypted notes apps (e.g. Standard Notes, Joplin)
  • USB stick hidden in a safe place

• Safer journaling apps:

  • Tella (discreet, designed for documenting abuse and human rights violations)
  • Encrypted note apps (e.g., Standard Notes, Joplin), or a simple offline notebook

• Discreet cloud backup:

  • Set up an email alias (e.g. yourname+docs@proton.me)
  • Auto-forward logs or screenshots via a private browser tab

Avoid using shared devices to store sensitive evidence unless you know it’s safe.

A word on this section

You don’t need to prove everything, all at once. You just need to start creating a record—quietly, calmly, and in a way that helps you.

Next up: Technical countermeasures → or return to Mapping impacts to responses →