Using hash tags to compare two files to confirm they are identical or different
What HashTab does is to put a new tab in the Windows Explorer File Properties menu called 'File Hashes'. Selecting this tab will displaythe hashes used for that particular file, and allows you to quickly compare it to a second file on your system automatically, by clciking the 'Compare a File' button.
I will demonstrate the use of this in File Explorer during one of our sessions. A copy of this shareware software is available in our File Cabinet for download but check with your I.T. team to have them check it out for your office computer use. A copy of the software is also at the bottom of this page but when you download it rename it so the name is hash.exe
What are hash numbers?
What Is a Hash Value?
Similar to the Standing Committee on Federal Rules, the Cybersecurity and Infrastructure Security Agency (CISA) defines a hash value, or hash function, as:
A fixed-length string of numbers and letters generated from a mathematical algorithm and an arbitrarily sized file such as an email, document, picture, or other type of data. This generated string is unique to the file being hashed and is a one-way function—a computed hash cannot be reversed to find other files that may generate the same hash value. Some of the more popular hashing algorithms in use today are Secure Hash Algorithm-1 (SHA-1), the Secure Hashing Algorithm-2 family (SHA-2 and SHA-256), and Message Digest 5 (MD5).
In simple terms, a hash value is a specific number string that’s created through an algorithm, and that is associated with a particular file. If the file is altered in any way, and you recalculate the value, the resulting hash will be different. In other words, it’s impossible to change the file without changing the associated hash value as well. So if you have two copies of a file, and they both have the same hash value, you can be certain that they are identical.
A hash value guarantees authenticity thanks to four particular characteristics:
It is deterministic, meaning that a specific input (or file) wil always deliver the same hash value (number string). This means that it is easy to verify the authenticity of a file. If two people independently (and correctly) check the hash value of a file, they will always get the same answer.
The odds of “collisions” are low. This means that the chances of two different inputs (files) coincidentally having the exact same hash value are incredibly small—practically non-existent.
A hash can be calculated quickly. Generating a hash value is quick and easy (provided you have the right tool). The size of the file in question is also irrelevant—generating a hash value for a large file is as simple as creating one for a small file.
Any change to the input will change the output. Even the smallest change to the input file will result in a change to the resulting hash value. This means that it is impossible to alter a file without changing the associated hash value, which makes it very easy to prove (or disprove) the authenticity of a piece of digital evidence.