What is a Hash?

What is a Hash?

A hash is a unique digital fingerprint for a file. It's a string of characters generated by running data through a mathematical algorithm. No matter how large the file—a single email or a gigabyte of documents—the result is always a fixed-length code.

Here's an example. The SHA-256 hash of the phrase "Hello world" is:

64ec88ca00b268e5ba1a35678a1b5316d212f4f366b2477232534a8aeca37f3c

Change even one character—a capital letter, a space, a full stop—and the hash becomes completely different. That's what makes it so powerful.

Why Do Hashes Matter for Evidence?

Hashes solve a fundamental problem with digital evidence: how do you prove something hasn't been changed?

When evidence is collected, a hash is generated immediately. That hash becomes the reference point. Days, weeks, or months later, you can run the same algorithm on the file again. If the hash matches, the file is identical. If it doesn't, something has changed.

It's like sealing an envelope with a wax stamp. You can't open it without breaking the seal—and everyone can see if the seal has been broken.

How Hashes Work

Hashing algorithms are one-way functions. You can easily generate a hash from a file, but you can't reverse-engineer the file from the hash. This makes them tamper-evident, not tamper-proof—they don't prevent changes, but they make changes impossible to hide.

The most common algorithms used in forensic work are:

• MD5 – Older and faster, but now considered weak for security purposes. Still used for quick verification.

• SHA-1 – More robust than MD5, but also showing its age.

• SHA-256 – The current standard. Produces a 64-character hash and is widely trusted in legal and forensic contexts.

Proof uses SHA-256 for all evidence, ensuring your files meet the highest verification standards.

A Practical Example

Imagine you collect a set of emails as evidence. At the moment of collection, the hash is calculated:

9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

That hash goes into your chain of custody report. Six months later, in court, the opposing side claims the emails have been edited. You run the hash again. If it still produces the same string, you've just proven—mathematically—that not a single byte has changed.

That's the power of a hash. It turns "trust me" into "verify it yourself."

What Hashes Can and Can't Do

Hashes prove integrity—that a file hasn't been modified since the hash was created. They don't prove authenticity on their own. A hash confirms the file is unchanged, but it doesn't confirm where the file came from or whether it was genuine in the first place.

That's why hashes are one part of a larger chain of custody. Combined with timestamps, access logs, and proper collection methods, they create a complete picture of evidence integrity.

The Bottom Line

A hash is a small string of characters that carries a lot of weight. It's the simplest, most reliable way to prove that digital evidence is exactly what it was at the moment of collection. No alterations, no tampering, no doubt.

When your evidence includes cryptographic hashes, you're not asking a court to trust you—you're giving them the tools to verify for themselves.