Glossary
The key digital-forensics concepts you meet using Probatio, explained briefly.
Hash
A fixed-length fingerprint computed from a file's content. If even one byte changes, the hash changes: the standard way to prove a file has not been altered.
SHA-256 / SHA-512
Cryptographic hash functions from the SHA-2 family, among the most used in forensics for acquisition integrity.
BLAKE3 / XXH3 / CRC32
Fast modern algorithms: BLAKE3 is cryptographic and parallel; XXH3 and CRC32 are non-cryptographic checksums, useful for quick checks.
Entropia
A measure of byte "disorder" (0-8). High values indicate compressed or encrypted data; useful to spot hidden content or anomalies.
ssdeep (fuzzy hash)
A "fuzzy" hash that stays similar when a file changes slightly: it lets you find near-identical files or variants.
C2PA / Content Credentials
A standard that embeds provenance and edit history into media, cryptographically signed. Probatio reads and validates its manifest.
JUMBF
A binary container used by C2PA to embed the manifest inside a file (e.g. a JPEG).
YARA
A rule language to recognise patterns in files and malware. Probatio applies YARA rules updatable from an endpoint.
Magic bytes
The first bytes of a file that reveal its real type regardless of extension: Probatio uses them to unmask deceptive extensions.
Hash percettivo
A hash that represents an image's appearance: two similar images have close perceptual hashes, even if the bytes differ.
Marca temporale RFC 3161
A cryptographic attestation, issued by an authority (TSA), that a piece of data existed at a certain date. Probatio applies it to the report.
SHA256SUMS
A text file listing the expected hashes of several files: Probatio verifies it in batch, like sha256sum -c.