Verifying an acquisition's integrity
You recompute the hash of a forensic image (DD/E01) and compare it with the hash recorded at acquisition time: Probatio confirms the copy has not been altered.
Probatio comes from the forensic analyst's daily work. Here are typical situations where it saves time while keeping evidentiary rigor.
You recompute the hash of a forensic image (DD/E01) and compare it with the hash recorded at acquisition time: Probatio confirms the copy has not been altered.
You analyse an image and Probatio extracts its C2PA Content Credentials, validates the signature and shows provenance, author and edit chain — useful against deepfakes and manipulation.
On a doubtful file you apply up-to-date YARA rules, check entropy, strings and executable headers, and compare against known hash-sets for a first classification.
You scan an entire volume: Probatio catalogs every file with type, size, hash and content date, and produces a chronologically ordered PDF report.
With perceptual hashes you tell whether two images are the same scene recompressed or a manipulation, and document the differences in a side-by-side report.
You generate the analysis report and apply an RFC 3161 timestamp from an accredited TSA: an independent proof of date, verifiable with OpenSSL.

With C2PA Content Credentials, Probatio reads and validates a photo's provenance signature: who created it, with what, and how it was edited — a concrete help against deepfakes and manipulation.