I’ve watched a $2.3 million breach of contract case hinge on whether a text message thread was admissible. The plaintiff’s attorney submitted screenshots. The defense moved to exclude, arguing no foundation had been laid. The judge sustained. The screenshots never came in. The case settled for a fraction of the demand.

The screenshots were real. The conversation happened. But nobody had done what FRE 901 requires — and the plaintiff paid for it.

Text messages are now the primary communication record in a wide range of cases: employment disputes, domestic violence, business agreements, family law matters, criminal prosecution. And they’re also among the most commonly mishandled pieces of digital evidence when it comes to admissibility.

This article covers what FRE 901 requires, which authentication methods work for text messages, what metadata actually proves, how hash values support authentication, and what expert testimony is necessary versus optional.

FRE 901: The Foundation

Federal Rule of Evidence 901 governs authentication of evidence. The basic rule is in 901(a): to authenticate evidence, the proponent must produce evidence sufficient to support a finding that the item is what the proponent claims it is.

That’s a low bar on its face — “sufficient to support a finding” is not proof beyond a reasonable doubt. It’s not even a preponderance. It’s enough for a reasonable juror to conclude the evidence is authentic. But “sufficient” is doing a lot of work, and for digital evidence, courts have made clear that screenshots alone — without more — often don’t get there.

Rule 901(b) provides a non-exclusive list of ways to authenticate evidence. Three of them matter most for text messages.

FRE 901(b)(1): Testimony of a Witness with Knowledge

The simplest authentication method: someone testifies that the evidence is what it claims to be, based on their personal knowledge.

For text messages, this typically means a party to the conversation testifies: “I received this message from [person] on [date]. This screenshot accurately shows the conversation we had.” Or: “I sent this message from my phone. This is an accurate representation of what I wrote.”

This sounds easy, but courts have imposed meaningful requirements on lay witness testimony authenticating text messages.

The recipient doesn’t automatically authenticate the sender. Just because someone testifies “I received this message” doesn’t mean the person named as the sender actually sent it. Phone numbers can be spoofed. Accounts can be compromised. Shared devices mean multiple people may use the same number or account. Courts have found that testimony about receiving a message is sufficient to admit it in many circumstances — but only when combined with corroborating circumstances showing the named sender was likely the source.

What corroboration looks like: The content references events or facts only the named sender would know. The sender’s subsequent behavior is consistent with having sent the message. The sender’s phone number is established through other means (prior communications, business records, carrier records). The recipient has communicated with that number before and the identity was previously confirmed.

The screenshot problem with lay witness testimony: When a lay witness testifies about screenshots, the court needs confidence that the screenshots accurately represent the messages as they were received — not that they were cropped, edited, or assembled from different conversations. Lay witnesses often can’t speak to this if they’re not the ones who took the screenshot, and even if they are, their testimony that “I took this screenshot and didn’t alter it” is easily challenged if there’s no technical verification.

FRE 901(b)(4): Distinctive Characteristics

Rule 901(b)(4) allows authentication through the item’s appearance, contents, substance, internal patterns, or other distinctive characteristics — alone or in combination with circumstances.

For text messages, distinctive characteristics can include:

Content-specific identifiers: The message references private information only the named sender would know. It uses distinctive vocabulary, abbreviations, or phrases consistent with that person’s known communication style. It references prior conversations, shared history, or events that establish the sender’s identity circumstantially.

Contextual consistency: The message fits into an established pattern of communication. If you have a series of emails and text messages from the same person over six months, and the content, tone, and subject matter are consistent, that chain of circumstantial evidence supports authentication.

Technical markers: The phone number associated with the message matches the number on the person’s business card, in their email signature, or in carrier records. The message timestamp is consistent with metadata from surrounding messages. The network carrier identifier in the message metadata matches the carrier associated with the named sender’s account.

Courts have found 901(b)(4) authentication sufficient for text messages in a range of circumstances. But the “distinctive characteristics” need to actually be distinctive — generic messages with no identifying content (“OK” or “Be there at 5”) can’t be authenticated through content alone. They need technical corroboration.

FRE 901(b)(9): System Evidence

Rule 901(b)(9) allows authentication by “evidence describing a process or system and showing that it produces an accurate result.”

This is the forensic examiner’s provision. It’s how you authenticate digital evidence when you can show that the system used to collect and preserve it is reliable and that the process was properly followed.

For text messages, a 901(b)(9) authentication case looks like this:

An examiner with appropriate credentials extracts text messages from a device using a validated forensic tool — Cellebrite UFED, Magnet AXIOM, or similar — following a documented acquisition protocol. The examiner can testify to:

Under this framework, the messages are authenticated not primarily through what they say or who testifies about them, but through the reliability of the process that produced them. The court is being asked to find that the system (the forensic tool plus the documented methodology) reliably produces accurate output.

This is generally the strongest authentication method for text messages in contested cases, and it’s why [forensic acquisition matters](/chain-of-custody-cloud-evidence/) even in what look like simple screenshot-appropriate situations.

Metadata vs. Screenshots: Understanding What Each Proves

This is the most important practical distinction for anyone working with text message evidence.

What a Screenshot Proves

A screenshot proves that something appeared on a screen at some point. That’s it.

A screenshot can be fabricated by creating a fake conversation in an SMS app designed for that purpose. There are commercially available apps whose entire purpose is creating fake text message screenshots. A screenshot can be cropped to remove context. It can be assembled from parts of different conversations. The sender’s name on a screenshot can be whatever the screenshot creator wants it to be — it doesn’t reflect any technical data from the carrier or the device.

Screenshots of text messages have been admitted in court. They’ve also been challenged and excluded. The admissibility depends entirely on what corroborating evidence exists to establish authenticity. Alone, a screenshot proves almost nothing.

What Forensically Extracted Message Data Proves

A forensically extracted text message, extracted using a validated tool with proper methodology, contains:

PDU (Protocol Data Unit) data: The raw SMS message format includes the originating phone number, the destination number, the timestamp (which comes from the carrier’s network, not the device’s local clock), message class, and encoding information. This data exists below the layer visible in a screenshot.

Database records: On both Android and iOS, text messages are stored in SQLite databases. Cellebrite UFED and Magnet AXIOM extract these databases and parse them into human-readable form. The database records include message IDs, thread IDs, timestamps, read receipts, delivery confirmations, and flags indicating whether a message was sent, received, or deleted. Deleted messages that remain in unallocated space can often be recovered and their metadata preserved.

IMSI and IMEI data: The device’s unique identifiers can tie the extracted messages to a specific physical device, which can then be tied to a specific subscriber through carrier records.

Carrier records: SMS messages pass through carrier infrastructure. Carriers maintain logs of message transmissions that include originating and terminating numbers, timestamps, and cell tower information. These records can be subpoenaed and compared against extracted device data to confirm authenticity.

The difference between screenshot evidence and forensically extracted data isn’t just methodological — it’s the difference between asking a court to trust a photograph and asking a court to evaluate a technical record with independent verification points.

Hash Values and Authentication

Hash values — specifically SHA-256 hash values generated during forensic acquisition — serve two authentication functions for text message evidence.

Integrity verification: When you generate a hash of the forensic image or export at the time of acquisition, and generate the same hash again later before using the evidence, a matching hash proves the data hasn’t been modified between acquisition and use. This addresses the most common tampering allegation in digital evidence cases.

Chain of custody documentation: Hash values are the technical backbone of digital evidence chain of custody. They’re verifiable by any qualified examiner. Opposing experts can compute the same hash from the same data and confirm or deny the match. This creates an objective, independently verifiable record that’s much more reliable than testimony alone.

For text message authentication, hash values work at two levels:

The acquisition hash covers the entire forensic image or extraction. It proves the overall collection wasn’t modified.

Individual file or artifact hashes cover specific message databases or export files. They prove a particular set of messages wasn’t modified after extraction.

When testifying about hash authentication, be precise: the hash proves integrity of the copy, not authenticity of the original. The original messages existed on a device and were sent over a carrier network. The hash proves your copy accurately reflects what was on the device. The combination of carrier records, device data, and hash verification builds the complete authentication chain.

Expert Testimony: When It’s Required vs. Helpful

Courts don’t always require expert testimony to authenticate text messages. Lay witness testimony under 901(b)(1) or distinctive characteristics under 901(b)(4) can suffice in the right circumstances. But expert testimony becomes necessary or strongly advisable in specific situations.

When Expert Testimony Is Required

When authenticity is genuinely disputed: If the opposing party files a motion to exclude or submits a competing expert report challenging authenticity, you need an expert. Lay witness testimony won’t hold up against a qualified examiner testifying that the evidence could have been fabricated.

When metadata is at issue: If the timestamp, sender identification, or other metadata of the messages is central to the case — if the question is exactly when a message was sent, not just approximately when — expert testimony about metadata sources, reliability, and interpretation is essentially mandatory.

When recovery of deleted messages is involved: If your evidence includes messages recovered from unallocated space on the device, you need an expert to explain how that recovery was accomplished and why it’s reliable. Without expert testimony, a court has no basis for assessing whether the recovery process was accurate.

When the platform is unusual: Standard SMS/MMS is well understood. Signal, WhatsApp, Telegram, Snapchat, and other encrypted or ephemeral messaging platforms require platform-specific knowledge about data storage, encryption, and metadata. Expert testimony is typically necessary to authenticate messages from these platforms.

When Expert Testimony Is Strongly Helpful But Not Always Required

High-value cases: In any case where text messages are central to the case and the stakes are high, get an expert. The cost is trivial compared to the risk of exclusion.

Business agreement disputes: When the existence of an agreement depends on messages, authentication challenges are predictable. Build the foundation early.

Employment and harassment cases: Messages that form the basis of a hostile workplace claim or wrongful termination are routinely challenged. Expert authentication protects the evidentiary record.

When your evidence is screenshots: If you have screenshots and not forensic data, an expert can sometimes rehabilitate them through analysis of the screenshots themselves — examining metadata embedded in the screenshot file, identifying device-specific formatting that’s consistent with the claimed platform, and providing an opinion on the plausibility of fabrication given the specific circumstances.

Practical Authentication Checklist for Attorneys

Before relying on text message evidence in any contested proceeding, work through this checklist.

Source documentation: Where did the evidence come from? The party’s own device? A forensic examiner? A third-party platform export? Different sources require different authentication approaches.

Chain of custody: Who has had custody of the device or data since it was collected? Are there any gaps?

Metadata preservation: Were the messages extracted forensically, or do you only have screenshots? If screenshots, can you still obtain forensic data?

Independent verification points: Do you have carrier records, other communications with the same number, or other evidence that independently supports the identity of the sender?

Expert retention: Have you retained a forensic expert? If you wait until trial preparation to think about authentication, you may find the forensic data is no longer accessible.

Platform-specific issues: What platform were these messages on? SMS/MMS, iMessage, WhatsApp, Telegram, Signal? Each has different data storage and metadata characteristics.

Deletion and recovery: Are any of the messages from recovered deleted data? If so, expert testimony is not optional.

Common Authentication Failures and How to Avoid Them

Relying solely on screenshots. Don’t. Or if you must, get expert analysis of the screenshots and build as much independent corroboration as possible before trial.

Failing to preserve the device. If the device containing the messages is still in your client’s possession, it needs to be forensically imaged immediately. Every day of continued use potentially overwrites data. Devices get lost, broken, or traded in. Preserve first, analyze second.

Ignoring the sender-identity problem. The fact that messages came from a particular phone number doesn’t prove the named defendant sent them. Build the evidence that ties the number to the person: phone records in the defendant’s name, testimony from someone who called that number and spoke with the defendant, social media accounts using that number for verification.

Waiting too long to engage an expert. Forensic experts retained close to trial have less time to do thorough work and less time to identify problems with the evidence that could have been addressed earlier. Engage experts early, even if only for a consultation.

Not understanding the platform’s specific limitations. iMessage messages have different metadata than SMS. WhatsApp stores data differently than Signal. Snapchat’s server-side deletion creates gaps in recoverable evidence. Know the platform before you make promises to your client about what’s provable.

For criminal defense practitioners working to challenge prosecution text message evidence, see our article on [criminal defense expert witness considerations in digital forensics](/criminal-defense-expert-witness/). For foundational knowledge on [Daubert challenges](/preparing-for-daubert-challenges/) you may face with digital forensics experts, that piece covers methodology documentation in detail.

Authentication in State Courts

FRE 901 governs federal court proceedings. State courts have their own rules, most of which are modeled on the Federal Rules but may differ in application.

California’s Evidence Code §§ 1400-1421 govern authentication and contain similar provisions to FRE 901, including authentication by testimony of a witness with knowledge and by distinctive characteristics. California courts have followed a general trend toward requiring more than screenshots alone for digital message authentication in contested cases.

New York courts have applied a “reasonable certainty” standard for text message authentication that focuses heavily on corroborating circumstances. Some New York decisions have admitted messages authenticated primarily through lay witness testimony and distinctive characteristics, while others have required more technical foundation.

If you’re in state court, research the specific appellate decisions in your jurisdiction governing digital evidence authentication. The federal case law provides useful persuasive authority, but state courts may have developed their own standards that differ in important ways.

Looking Forward: Authentication in the Age of AI-Generated Content

The challenge of text message authentication is about to get significantly harder. Generative AI tools can now produce convincing fabricated message threads. Deep-learning models can mimic an individual’s writing style. And the forensic tools used to detect manipulated screenshots may lag behind the fabrication technology.

This isn’t a reason to panic — it’s a reason to build stronger authentication foundations now, before AI-generated evidence becomes a routine problem in litigation. Forensic acquisition, carrier records, hash values, and expert testimony are the building blocks of an authentication framework that will survive the coming challenges to digital evidence integrity.

Courts that have developed thoughtful standards for text message authentication — requiring technical foundation rather than accepting screenshots on faith — are better positioned to handle AI-generated evidence challenges than courts that have taken a more permissive approach.

The fundamentals of FRE 901 don’t change. What changes is how much work it takes to satisfy them as fabrication technology advances.