Atola Insight Forensic
The Atola Insight Forensic can perform hash calculation for both source and target drives simultaneously via a Hashing menu. It supports two hashing methods: Linear and Segmented.
Supported hash types: MD5, SHA1, SHA224, SHA256, SHA384, SHA512
How is segmented hashing different from linear hashing?
With linear hashing, you get a single hash for the entire image.
With segmented hashing, you end up with many hashes of corresponding LBA ranges (chunks) of the image. The sum of these LBA ranges represents the entire image, just not necessarily in sequential order. By validating all hashes in a set you can still prove that the entire image was not modified.
Why to use segmented hashing
There are two primary use cases:
1. Segmented hashes support multi-pass imaging and handling of bad sectors.
2. Better resiliency against data corruption.
All hashes are saved in a CSV file with the following format:
... And so on until the last LBA.
A new chunk is created by Atola Insight Forensic in one of two cases:
In both cases, existing hash value and LBA range are saved and a new hash is started.
Verify segmented hashes
Atola Insight Forensic enables to verify existing CSV file containing segmented hashes against any target image. As a result, you receive the quantity of matched/mismatched segmented hashes. So even if a single hash value become invalid, it ensures the rest of the image can still be validated.
Are there any disadvantages compared to regular hashing?
The only disadvantage is that you end up with multiple hashes instead of a single hash value. This can pose an issue when validating such hash values with third-party tools. For this reason we have released a free open-sourced tool for validating segmented hashes:seghash on GitHub