Skip to main content
Every document processed by TruEnroll goes through a forensic analysis pass. The forensics engine checks for signs that a document has been altered, manipulated, or is otherwise not authentic — and reports its findings alongside the extraction result.

What forensics checks

Forensic analysis runs against the original uploaded file and the OCR output. It looks for:

Tampering indicators

Pixel-level manipulation, copy-paste artifacts, inconsistent fonts, and metadata anomalies that suggest content has been modified after the document was originally created.

Consistency checks

Internal inconsistencies — grades that don’t match stated GPA, dates that contradict enrollment timelines, or institution details that don’t match known records.

Layout analysis

Structural irregularities in how the document is formatted — unofficial templates, missing expected fields, or layout patterns that don’t match the issuing institution’s known format.

Metadata verification

File metadata (creation date, software, modification history) cross-referenced against what the document claims to represent.

Forensics result shape

The forensics result is returned per credential. Each entry includes: 
{
  "credentialId": "6850abc123def456ghi789",
  "uploadId": "6850def456ghi789abc123",
  "status": "completed",
  "reportUrl": "https://..."
}
The full forensics report — including verdict, risk score, findings, and evidence — is available at the reportUrl.
Forensics and extraction run independently. A forensics failure does not block extraction from completing, and vice versa.

Enabling forensics

Forensics is an opt-in feature at the case level. Include it in the features array when submitting a case: 
curl -X POST https://api.truenroll.com/partner/v1/cases \
  -H "x-api-key: $TRUENROLL_API_KEY" \
  -F "files=@transcript.pdf" \
  -F 'features=["extraction","forensics"]'
Your organization must have the forensics feature enabled. Requesting it without the feature fails synchronously with a 403 before any files are uploaded.

Forensics feature limits

Organization feature requirements and behavior when the feature is unavailable.