Hash Your Way to More Reliable OSINT

Hashing can be used to create a unique and irreversible fingerprint of digital data, thereby making the hashed data uniquely identifiable and tamper-proof, and essentially guaranteeing that data sent between two parties cannot be modified or replaced in-transit without this change being detected.

The concept is simple: The hashing algorithm takes a text or a file, such as an image for example, and looks at all the individual bytes that constitute the underlying data that makes up that file. It then creates a unique digital key comprised of letters and numbers (the hash) that will only ever match the current composition of bytes within that file at the time it was hashed. This means that changing even a single byte in the file – by resizing, rotating, colorizing, shading, changing the format, or introducing noise of any kind – will completely alter its hash (i.e. its digital key), thus proving beyond a doubt that the old and new files are not one and the same. On the other hand, if no changes have been made to the original file, its hash will remain the same, thereby proving its authenticity.

Why hash?

For OSINT practitioners, hashing provides irrefutable proof that a particular file has not been tampered with, and is the same file that was captured or created by the investigator and then sent onward to their client or stake-holder as part of the investigative process.

Hashing is therefore a worthwhile and important step within the OSINT workflow and is most effective as part of the documentation process, once the collection and selection of data have been completed and before the final findings are reported to the client or stake-holder.

Once an OSINT investigator decides which files to include in the final report, those files should be hashed and sent together with their corresponding hash numbers (like an inventory list of sorts) as part of the final report.

How is it done?

Hashing can be done manually by typing in a simple terminal command in most operating systems (with little or no technical background required) or by using one of the many web-based, browser-based, or GUI-based tools that are freely available.

Using the manual terminal command line method in Windows PowerShell is as easy as typing in the following formula (and modifying the PATH and FILE_NAME as needed): Get-FileHash PATH\FILE_NAME

In MacOS, use the formula: shasum -a 256 FILE_NAME

And in Linux, use the formula: sha256sum FILE_NAME

Among the web-based tools, there are websites such as xorbin.com that will allow you to hash texts, and other sites such as emn178.github.io and md5file.com, which will allow you to also drag and drop a file and hash it in multiple formats.

Alternatively, you can choose from among the different browser add-ons or extensions to do your hashing directly from within your browsing session. A couple of options in this category are Secure Hash Generator for Chrome and for Firefox to hash files, and Hash Generator for Chrome to hash texts.

Finally, if for privacy or other reasons you would prefer not to upload your files to a website or browser extension, you can instead install a standalone GUI-based tool on your own system. Some good options in this category are QuickHash, which works with Windows, Linux, and MacOS, and also allows you to compare the hashes of two files or even entire directories, and Hash Generator and MultiHasher, both of which are designed for Windows systems and offer hashing for numerous file types.