Terms of the trade

Glossary

The key digital-forensics concepts you meet using Probatio, explained briefly.

Hash

A fixed-length fingerprint computed from a file's content. If even one byte changes, the hash changes: the standard way to prove a file has not been altered.

SHA-256 / SHA-512

Cryptographic hash functions from the SHA-2 family, among the most used in forensics for acquisition integrity.

BLAKE3 / XXH3 / CRC32

Fast modern algorithms: BLAKE3 is cryptographic and parallel; XXH3 and CRC32 are non-cryptographic checksums, useful for quick checks.

Entropia

A measure of byte "disorder" (0-8). High values indicate compressed or encrypted data; useful to spot hidden content or anomalies.

ssdeep (fuzzy hash)

A "fuzzy" hash that stays similar when a file changes slightly: it lets you find near-identical files or variants.

C2PA / Content Credentials

A standard that embeds provenance and edit history into media, cryptographically signed. Probatio reads and validates its manifest.

JUMBF

A binary container used by C2PA to embed the manifest inside a file (e.g. a JPEG).

YARA

A rule language to recognise patterns in files and malware. Probatio applies YARA rules updatable from an endpoint.

Magic bytes

The first bytes of a file that reveal its real type regardless of extension: Probatio uses them to unmask deceptive extensions.

Hash percettivo

A hash that represents an image's appearance: two similar images have close perceptual hashes, even if the bytes differ.

Marca temporale RFC 3161

A cryptographic attestation, issued by an authority (TSA), that a piece of data existed at a certain date. Probatio applies it to the report.

SHA256SUMS

A text file listing the expected hashes of several files: Probatio verifies it in batch, like sha256sum -c.