Call us now: 888 540-2010,  416 833-3501   10am – 6pm ET

General Information
DiskSense Unit
Extensions
Battery
Supported Drives
Version Log

Ordering

Place an Order
Lifetime Warranty

Features

Disk Diagnostics
Disk Duplication
Selective Head Imaging
Password Removal
Segmented Hashing
Scripting
Case Management
Bad Sector Recovery
File Recovery
Firmware Recovery
Disk Utilities
Multi-Tasking

Information

Quickstart
Screencasts
FAQ

Segmented Hashing

The Atola Insight Forensic can perform hash calculation for both source and target drives simultaneously via a Hashing menu. It supports two hashing methods: Linear and Segmented.

Supported hash types: MD5, SHA1, SHA224, SHA256, SHA384, SHA512

How is segmented hashing different from linear hashing?

With linear hashing, you get a single hash for the entire image.

With segmented hashing, you end up with many hashes of corresponding LBA ranges (chunks) of the image. The sum of these LBA ranges represents the entire image, just not necessarily in sequential order. By validating all hashes in a set you can still prove that the entire image was not modified.

Why to use segmented hashing

There are two primary use cases:

1. Segmented hashes support multi-pass imaging and handling of bad sectors.
Hashes are calculated only for the imaged regions, while all bad sectors are excluded from calculation. This allows to validate a hash even when the source drive is damaged.

2. Better resiliency against data corruption.
If your acquired image gets damaged at some point in the future, with regular hashes you will get a hash mismatch upon verification and the entire image becomes useless. With segmented hashing only a single hash value will become invalid while the rest of the image can still be validated.

Format

All hashes are saved in a CSV file with the following format:

Hash,start LBA,end LBA

Example:

75c92419e86ce82734ef3bbb781e6602,0,8388608
e2c7fc5264bae820e46c50b0502236d3,8388609,16777216
42718e48b5adb59563c98727cbce0619,16777217,25165824

... And so on until the last LBA.

Chunk size

A new chunk is created by Atola Insight Forensic in one of two cases:

  1. Bad sector or any other error occurred during imaging
  2. Pre-defined chunk size limit (4 GB by default)

In both cases, existing hash value and LBA range are saved and a new hash is started.

Verify segmented hashes

Atola Insight Forensic enables to verify existing CSV file containing segmented hashes against any target image. As a result, you receive the quantity of matched/mismatched segmented hashes. So even if a single hash value become invalid, it ensures the rest of the image can still be validated.

Are there any disadvantages compared to regular hashing?

The only disadvantage is that you end up with multiple hashes instead of a single hash value. This can pose an issue when validating such hash values with third-party tools. For this reason we have released a free open-sourced tool for validating segmented hashes:

seghash on GitHub