Hash Your Way to More Reliable OSINT

Hashing can be used to create a unique and irreversible fingerprint of digital data, thereby making the hashed data uniquely identifiable and tamper-proof, and essentially guaranteeing that data sent between two parties cannot be modified or replaced in-transit without this change being detected.

The concept is simple: The hashing algorithm takes a text or a file, such as an image for example, and looks at all the individual bytes that constitute the underlying data that makes up that file. It then creates a unique digital key comprised of letters and numbers (the hash) that will only ever match the current composition of bytes within that file at the time it was hashed. This means that changing even a single byte in the file – by resizing, rotating, colorizing, shading, changing the format, or introducing noise of any kind – will completely alter its hash (i.e. its digital key), thus proving beyond a doubt that the old and new files are not one and the same. On the other hand, if no changes have been made to the original file, its hash will remain the same, thereby proving its authenticity.

Why hash?

For OSINT practitioners, hashing provides irrefutable proof that a particular file has not been tampered with, and is the same file that was captured or created by the investigator and then sent onward to their client or stake-holder as part of the investigative process.

Hashing is therefore a worthwhile and important step within the OSINT workflow and is most effective as part of the documentation process, once the collection and selection of data have been completed and before the final findings are reported to the client or stake-holder.

Once an OSINT investigator decides which files to include in the final report, those files should be hashed and sent together with their corresponding hash numbers (like an inventory list of sorts) as part of the final report.

How is it done?

Hashing can be done manually by typing in a simple terminal command in most operating systems (with little or no technical background required) or by using one of the many web-based, browser-based, or GUI-based tools that are freely available.

Using the manual terminal command line method in Windows PowerShell is as easy as typing in the following formula (and modifying the PATH and FILE_NAME as needed): Get-FileHash PATH\FILE_NAME

In MacOS, use the formula: shasum -a 256 FILE_NAME

And in Linux, use the formula: sha256sum FILE_NAME