Skip to content
Log in

Cryptographic hash (MD5/SHA-256)

Definition

A fixed-length digest computed from the contents of a file or disk image. Used to verify that a forensic copy is identical to the source: if both hashes match, the copy has not been altered. SHA-256 is the current standard; MD5 is still reported for legacy compatibility but should not be used alone.

Related terms

Chain of custody
The documented chronological record of who collected, handled, transferred, and examined a piece of evidence. For digital evidence, chain of custody includes...
Forensic image
A bit-for-bit verified copy of a storage medium, created using a write-blocker to prevent modification of the original. The copy is verified...
Legal hold
A directive from legal counsel instructing relevant people within an organisation to preserve documents, data, and physical items that may be relevant...
Order of volatility
The sequence in which digital evidence should be collected, ranked from most to least transient. Defined in RFC 3227. CPU registers and...
Write blocker
A hardware or software device interposed between a digital storage medium and the forensic workstation that prevents any write commands from reaching...

Explained in

  • Evidence Preservation During ContainmentA fixed-length digest computed from the contents of a file or disk image. Used to verify that a forensic copy is identical to the source: if both hashes match,...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account