Investigation Timelines

Investigation Timelines bring scan, trust, lifecycle, and governance events together against a single identity — so brand-protection, compliance, and operations teams can investigate without assembling evidence from disconnected sources.

What a Timeline Contains

Where supported, an investigation timeline can include:

SourceExamples
Lifecycle eventsIssuance, publication, revocation, controlled updates
Scan historyResolver attempts, valid scans, activation events, outcome distribution
Trust eventsDetected signals, severity changes, manual investigations
Governance eventsAuthorised changes, break-glass actions, role-aware operations

These are presented in a single chronological view, scoped to the entity under investigation.

Identity-Aware Scoping

Timelines respect the platform’s identity model. Investigations can be scoped to:

  • a product
  • a passport
  • a batch or lot

This allows operators to ask precise operational questions — for example, “what happened to this lot after activation?” or “why does this passport have a low Trust Score?” — without manually correlating multiple data sources.

Why It Matters

Trust and compliance decisions require evidence. Investigation Timelines turn the platform’s underlying event history into a coherent, defensible record that can support:

  • brand-protection investigations
  • compliance and audit conversations
  • internal incident review
  • partner and customer support

How It Connects

Timelines are surfaced within the relevant Passport Intelligence views so investigators don’t have to leave their workflow. From a Trust Signal drawer, for example, an operator can move directly into the timeline for the affected entity.

For credibility interpretation see Trust Signals; for activity context see Scan Visibility.