Document Forensic: Attorney Charged for Forged Court Order – Why It's Now Critical
What happened in Washington State and why it matters
In late 2024, Washington prosecutors filed felony charges against Josephine C. Townsend after investigators alleged she produced (and circulated) a forged court order designed to derail an arrest. The charging announcement came from the Washington State Office of the Attorney General, led at the time by Bob Ferguson, and the case was filed in Clark County Superior Court.
The core allegation is simple, and chilling: a “modified” civil protection order—complete with official-looking filing marks—was presented to law enforcement as if it were real, in order to show that the underlying restraint had been changed and that an arrest would therefore be improper. The Attorney General’s office charged two counts of forgery and stressed that the probable-cause narrative was allegation-only, with the normal presumption of innocence.
The probable-cause statement describes how this became operational in real time. Deputies were responding to a violation report tied to a civil protection order involving Travon Santiago and Angela Foss. During the attempted arrest, a document was produced claiming the civil order had been modified; later, that document was emailed to a supervisor and appeared to carry the electronic signature of Judge Suzan L. Clark along with an electronic filing stamp associated with the county clerk, Scott G. Weber.
A detail that should make every legal professional pause: the document looked authentic enough to slow down action. It included the right visual “authority cues”—a signature block, a clerk stamp, an “E-FILED” mark—exactly the kinds of features humans are trained to respect. Forensic document examiners are often employed in both public crime laboratories and private practices, and private examiners may be called upon to analyze submitted evidence in such cases. These experts may be required to analyze not only the questioned document but also other documents, including those that are altered, obliterated, or otherwise compromised.
One important, time-sensitive note about case posture: the Attorney General’s initial public statement (December 2024) characterized potential consequences as up to 90 days in jail and up to a $5,000 fine. Separately, Washington statutes classify “forgery” under RCW 9A.60.020 as a class C felony, and class C felonies carry a statutory maximum of five years confinement and a $10,000 fine under RCW 9A.20.021. (Charging choices, sentencing ranges, and offender scores can cause real-world exposure to differ from the statutory ceiling; the headline lesson is that the conduct alleged is treated as serious.)
The Role of Document Examiners
In the evolving landscape of forensic sciences, document examiners have become indispensable experts, bridging the gap between suspicious paperwork and the pursuit of truth. Forensic document examiners specialize in the scientific examination of questioned documents—whether handwritten notes, printed contracts, digital files, or signatures—to determine their authenticity, authorship, and origin. Their work is foundational to forensic document examination, providing key evidence that can influence investigations, litigation, and court decisions.
Document examiners employ a wide array of techniques to analyze documents. Handwriting analysis remains a cornerstone of their expertise, allowing examiners to compare known standards with questioned writing to identify or eliminate possible authors. Ink analysis and paper analysis are also critical, as they can reveal whether different writing instruments or materials were used, or if alterations have occurred. Advanced tools, such as the video spectral comparator, enable examiners to detect subtle changes, obliterations, or erasures that might otherwise go unnoticed.
With the rise of digital documents, the scope of document examination has expanded. Forensic document examiners now routinely analyze electronic signatures, metadata, and the structure of digital files to uncover manipulation or forgery. This includes examining the metadata embedded in documents, which can provide crucial information about when and how a document was created or modified. The ability to address issues in both physical and digital formats is now a core skill for any examiner.
Becoming a document examiner requires rigorous training and a solid educational foundation, often including a degree in forensic science or a related discipline. Many professionals pursue additional courses and hands-on training in forensic document analysis, handwriting analysis, and the use of specialized equipment. Professional certification, such as that offered by the American Board of Forensic Document Examiners, is highly valued and demonstrates a commitment to published standards and ongoing professional development. Certification from the American Board of Forensic Document Examiners is recognized as a mark of expertise and credibility within the forensic science community.
Document examiners work in a variety of settings, from private laboratories to government agencies and law enforcement organizations. Their responsibilities often include examining a diverse range of documents—handwritten letters, printed contracts, digital files, and even liquid-soaked or damaged documents. In many cases, they are called upon to present evidence in court, where their ability to clearly explain complex findings and demonstrate their expertise is critical. Their testimony can be pivotal in cases involving questioned documents, helping judges and juries understand the significance of their analysis.
The role of document examiners is vital to upholding the integrity of the legal system. By applying their knowledge and skills to examine documents, identify key evidence, and determine authenticity, they help resolve disputes, solve crimes, and ensure that justice is served. Their expertise in forensic document examination, combined with ongoing training and adherence to professional standards, makes them essential members of the forensic science community—trusted to provide objective, scientifically sound analysis whenever the authenticity of a document is in question.
How the forged document was detected
The most revealing part of this incident is not that a document was forged—it’s how it unraveled.
The probable-cause narrative shows that suspicion began with a verification failure: the “modified” document could not be authenticated through normal record channels. Deputies initially noted a mismatch in cause numbers when comparing the presented paperwork to the known protection order, and the inability to confirm the “modification” in official records escalated the concern to supervisory review. This comparison of the questioned document to known standards is a key forensic procedure in document forensic analysis.
From there, the detection mechanics were old-school—but decisive. A supervisor contacted records staff, and records staff contacted the clerk’s office; both sources reportedly could not find any filed version of the purported modification. Critically, the clerk’s office did find a motion to modify that had been filed the following morning—after the attempted arrest—an apparent timeline mismatch that undercut the idea that a valid order had existed the day before. Forensic document examiners follow standardized procedures in laboratory settings to ensure accurate identification and analysis of such discrepancies.
Then the investigation moved from “is it in the system?” to “does the artifact look like a real e-filed artifact?”
The statement explains that the county’s electronic filing process automatically stamps filings with multiple indicators—an “e-file log” line (showing who filed), a page count at the top-left, and the clerk’s electronic filing stamp with date/time. Comparing a known-valid e-filed order to the suspect document, investigators reported that the suspect document had an “E-FILE” stamp but lacked other system-generated markers—pointing to a stamp being manually added rather than generated by the filing platform.
Even more telling, the affidavit describes visual artifacts consistent with copy/paste manipulation: the clerk’s stamp was said to be “identical” between documents, with an anomalous vertical line that appears in the authentic document but not truly in the forged one—suggesting the stamp was cropped out of a separate filing and edited before being overlaid. Scrutinizing such minute details and using objective data are essential in supporting forensic conclusions and ensuring the reliability of document forensic analysis.
Finally, the probable-cause statement describes a signature implausibility. The judge’s electronic signature text and timestamp in the forged order matched the signature text and timestamp in an unrelated valid order—down to the same second—something the investigator considered implausible for two separate orders. The statement further describes contacting chambers and the judge confirming she had not signed (or even seen) the modified civil protection order. In handwriting and signature analysis, the identification process involves the comparison of handwriting characteristics to determine authorship, which is fundamental in forensic document examination.
The “small” anomalies mattered, too. The Attorney General’s office highlighted that a declaration embedded with the amended document contained misspellings of the client’s name (including the signature line) and an incorrect date of birth—subtle errors that often appear when someone is copying, retyping, or assembling a document under pressure.
Why digital documents fraud is scaling faster than verification
PDFs became ubiquitous for a reason: they preserve layout, travel well, and are standardized for cross-platform use. PDF 2.0 is an international standard (ISO 32000-2), and authoritative format references describe PDF’s central purpose as exchanging and viewing electronic documents independent of the environment in which they were created or viewed.
But the same flexibility that makes PDFs practical also makes them dangerously “forgeable” in the hands of a motivated actor.
Modern tooling can turn even a scanned document into editable content. For example, Adobe documentation describes workflows where OCR converts scanned PDFs into editable copies and where newly typed text can be made to match original fonts—reducing the visual friction that once made tampering easy to spot.
PDFs can also be updated in ways that do not require rewriting the entire file. The PDF Association’s technical material explains incremental updates: new body/xref/trailer sections can be appended, linked via /Prev, allowing edits and changes while keeping earlier structure in place. That’s useful for legitimate workflows, including signing—but it also means investigators and reviewers must think beyond “what the page looks like” to “how the file is constructed.” Understanding the form and structure of both digital and printed documents is crucial in forensic analysis, as subtle manipulations may only be detectable by examining these underlying features.
After discussing digital forgeries, it’s important to note that forensic document examiners also analyze documents produced by computer printers and typewriters. Typewritten and machine-printed documents can sometimes be traced to a particular make, model, or even to a specific machine, which is vital for verifying document authenticity and tracing the origin of printed materials.
Against this technical backdrop, the broader fraud environment is getting harsher. In the United States, the Federal Trade Commission reported that consumers reported losing more than $12.5 billion to fraud in 2024, a 25% increase over the prior year. The Federal Bureau of Investigation, through its Internet Crime Complaint Center (IC3), reported losses exceeding $16 billion in its 2024 internet crime reporting and public press materials. In Europe, Europol has repeatedly emphasized identity and document fraud as an enabler within organized crime ecosystems, and has separately highlighted deepfakes as a growing challenge for law enforcement.
The Washington case fits this pattern precisely: a forged PDF wasn’t used for a distant financial scam. It was used for immediate, high-stakes decisioning—whether law enforcement could arrest someone in the moment.
What PDF authentication and forensic document examination actually check
At a technical level, a PDF is not “a page.” It’s a structured object container—numbers, dictionaries, streams, cross-references—assembled in a predictable grammar. Even implementer-facing documentation (like QPDF’s manual) emphasizes that PDFs consist of an object structure with many object types and that streams/strings may be compressed or encrypted.
That structure creates forensic hooks. In broad terms, document forensics for PDFs tends to focus on four evidence layers, with consideration given to a variety of factors and variables that can complicate the examination process. Forensic document examiners utilize scientific methods to analyze documents, which may include handwriting comparisons and examination of physical characteristics.
File structure and object consistency. Analysts look for signs of incremental rewrites, object replacement patterns, suspicious xref/trailer chains, and unexpected object streams—especially when those patterns conflict with what “normal” documents from a given issuer look like. Examiners follow standardized procedures to ensure consistency and reliability in their analysis.
Metadata coherence. PDFs commonly hold metadata such as creator/producer software and creation/modification timestamps, sometimes in both classic “document info” fields and XMP metadata. The key isn’t that metadata can’t be edited; it’s that mismatches between claimed provenance (“filed April 25”) and technical provenance (created/modified later, by different tools) can be strong indicators when combined with other signals.
Text, fonts, and rendering artifacts. When content is surgically edited—numbers swapped, names adjusted, paragraphs retyped—font families, font embedding behavior, glyph encodings, and spacing can drift. That drift is often hard to see but measurable. The Washington affidavit’s “stamp cropping” narrative is essentially this concept applied to seals and filing marks: subtle consistency failures surfaced once documents were compared side by side. Data collected from these analyses supports the identification of alterations and provides objective evidence for forensic conclusions.
Cryptographic signature validity. This is the gold standard when it exists. Adobe’s guidance on certificate-based digital signatures explains that a certificate-based digital signature uniquely identifies the signer and uses encryption safeguards, relying on a digital ID (private key + certificate) for signing and verification. For PDFs specifically, ETSI’s PAdES standards describe baseline signature formats designed for governmental and business use cases, emphasizing interoperable long-term validation needs. Technical guidance on signature validation mechanics (including reading bytes according to the PDF signature’s declared byte ranges) underscores a central truth: a real digital signature verification process evaluates the actual signed bytes, not just the appearance of a signature block or the words “Digitally signed by …” printed on a page.
In the Washington case, the alleged forged “order” looked like it had digital signing language and an e-file stamp. But the investigative narrative indicates that the authenticating reality lived elsewhere: in the court’s filing system, in system-generated filing markers, and in whether chambers recognized the order at all.
How PDFchecker maps to this case as a preventive control
The operational gap exposed by this incident is not a lack of professionalism. It’s a lack of instant, durable verification when a PDF is used as “authority” in a time-critical workflow.
PDFchecker positions itself precisely in that gap. Its product messaging describes real-time detection of forged, manipulated, fake, or AI-generated PDF and image documents using AI-driven fraud detection. Its “How it works” page states that it examines metadata, text structure, embedded signatures, and potential manipulation during verification. Its technology overview also claims analysis of document metadata, digital signatures, and content consistency, alongside other forensic markers, with models trained at scale.
When you overlay those stated capabilities onto the Washington narrative, several concrete “catch points” emerge—places where an automated forensic screen could have raised flags before a human relied on the document:
A forged court order that claims to be filed on an earlier date but is transmitted during an arrest event is a classic timeline-risk scenario. The probable-cause narrative itself stresses the concern that the alleged order bore an April 25 date even though the motion to modify the civil protection order was filed July 18, after the attempted arrest. Tools designed to examine metadata and structural provenance are meant to highlight exactly these provenance mismatches for reviewers.
The affidavit also emphasizes stamp inconsistency—missing e-file log and missing page count, plus imagery suggesting a cropped-and-pasted clerk stamp. A system that inspects document structure and objects (not merely pixels) can, in many cases, help reviewers distinguish between a stamp generated as part of a true e-filing workflow versus an element inserted later as an image or layered object. That investigative logic—“this stamp exists, but its expected companions do not”—is exactly the kind of rules-plus-forensics pattern that automated checks are good at applying consistently.
Signature language is another trap. The affidavit includes a side-by-side presentation where a “forged order” appears to carry “Digitally signed by …” signature text. Automated inspection that focuses on whether a PDF contains valid embedded signature structures (and whether those structures validate cryptographically) is materially stronger than trusting a signature appearance layer. PDFchecker explicitly claims “embedded signatures” examination as part of its analysis pipeline.
Finally, the “small anomalies” (misspelled name, incorrect date of birth) mattered. The charging announcement itself points to those internal inconsistencies as red flags. Automated red-flagging—detecting mismatched identifiers, inconsistent names, or conflicting structured fields—can bring these anomalies to the surface faster, especially when humans are working under time pressure and context switching.
Put bluntly: the forged order appears to have been persuasive at a glance. A forensic-first approach asks a different question—does the file’s internal evidence support its claim of origin?—and tools like PDFchecker are built to operationalize that question at workflow speed.
Lessons for law firms, courts, and investigators
The Washington allegations illustrate three risks that are easy to underestimate until they land in your inbox at 8:30 p.m. during an active incident.
First, visual authenticity is not authenticity. The probable-cause narrative repeatedly returns to the theme that the document had the right “look” (stamp, electronic signature) yet was not in the court’s records—and even lacked expected e-file artifacts that the real filing system creates automatically. Your procedure has to assume that seals, stamps, and signature appearances can be copied. Following standardized procedures, such as those outlined in ASTM E2288, is essential in forensic document examination to ensure systematic and reliable analysis.
Second, verification must be designed for real-time use. In this case, authentication depended on records checks and clerk confirmation. That worked, but it required escalation and time. The same decision pattern repeats in many domains: you do not control when the “must verify now” moment arrives. Given the documented rise in fraud losses and cyber-enabled deception, organizations should treat document verification capacity as a routine operational control, not a special project. Restoration of damaged documents—such as those that are burned, liquid-soaked, or otherwise compromised—can also be a critical part of forensic document examination in legal cases.
Third, courts and agencies should harden the artifact, not just the process. Where possible, this means pushing toward cryptographically verifiable signatures and standardized validation approaches (e.g., PAdES profiles) rather than trusting appearance layers. It also means making it easy for recipients—law enforcement, employers, counterparties—to verify that an order is filed and current without heroic effort. Forensic document examiners often face challenges in presenting their findings clearly in court, as the terminology and technical details involved can be complex and confusing for legal professionals.
A practical synthesis, consistent with the Washington narrative, looks like this: treat any PDF that affects liberty, money, or rights as untrusted until it passes two gates—(1) issuer verification (court record, filing system confirmation) and (2) file integrity checks (structure/metadata/signature consistency). The case shows both gates in action: database verification invalidated the claimed filing, and artifact examination supplied corroborating evidence of manipulation.
The future of legal document verification
Document fraud is migrating—fast—from the paper era into the era of editable, transmissible, AI-assisted artifacts. The standardization and ubiquity of PDF (ISO 32000-2) ensures the format will remain central to legal workflows.
At the same time, standards bodies and technical communities have built mature concepts for trustworthy PDF signing and validation—especially through certificate-based digital signatures and PAdES profiles designed for interoperability and long-term validity. This is not fantasy; it is existing infrastructure that needs wider operational adoption, plus consistent validation discipline.
The Washington case functions as a sharp, modern parable: when a forged PDF can plausibly impersonate “the court” for long enough to change behavior, the system needs stronger default verification. Not slower. Not “more careful humans.” Stronger systems.
In that future, tools positioned around automated PDF integrity analysis—like PDFcheckers described approach of analyzing metadata, text structure, embedded signatures, and manipulation indicators—become less like optional tooling and more like seatbelts: invisible until the moment you need them, and difficult to rationalize not having once you understand the failure modes.
For further reading and authoritative guidance on document forensic standards and best practices, see links to organizations such as the American Board of Forensic Document Examiners and the American Society of Questioned Document Examiners.