Technology
4 min read
·

How to Verify a SHA-256 Hash Yourself (Mac, Windows, Linux)

Why Verify a Hash?

When you receive a forensic evidence package — from TrueSnap or any other source — the SHA-256 hash is your proof that the files haven't been tampered with. But that proof only works if you can verify it yourself, independently, without relying on the tool that created it.

The good news: every major operating system has built-in tools to compute SHA-256 hashes. No software installation, no technical expertise, and no trust in third parties required.

What You Need

  • The evidence file (e.g., evidence-package.zip)
  • The original hash value (found in the forensic certificate, metadata file, or blockchain record)
  • A terminal or command prompt on your computer

Step-by-Step: macOS

1. Open Terminal

Press Cmd + Space, type Terminal, and press Enter.

2. Navigate to the File

If your file is in the Downloads folder:

cd ~/Downloads

3. Compute the Hash

shasum -a 256 evidence-package.zip

4. Read the Output

You'll see something like:

a3f2b8c9d1e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0  evidence-package.zip

The long string of characters before the filename is your SHA-256 hash.

5. Compare

Copy this hash and compare it character by character with the original. If they match exactly, the file is untampered.

Step-by-Step: Windows

1. Open PowerShell

Press Win + X and select Windows PowerShell, or search for "PowerShell" in the Start menu.

2. Navigate to the File

cd C:\Users\YourName\Downloads

3. Compute the Hash

Get-FileHash evidence-package.zip -Algorithm SHA256

4. Read the Output

PowerShell displays the result in a table:

Algorithm  Hash                                                              Path
---------  ----                                                              ----
SHA256     A3F2B8C9D1E4F5A6B7C8D9E0F1A2B3C4D5E6F7A8B9C0D1E2F3A4B5C6D7E8F9A0  C:\Users\...

5. Compare

The hash is in the Hash column. Compare it with your original — note that Windows may display it in uppercase, which is equivalent to lowercase.

Step-by-Step: Linux

1. Open a Terminal

Use your distribution's terminal application (usually Ctrl + Alt + T).

2. Navigate to the File

cd ~/Downloads

3. Compute the Hash

sha256sum evidence-package.zip

4. Read and Compare

The output format is the same as macOS:

a3f2b8c9d1e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0  evidence-package.zip

Tips for Accurate Comparison

Comparing 64 characters by eye is error-prone. Here are some reliable methods:

Use Find (Ctrl+F / Cmd+F)

  1. Open a text editor
  2. Paste both hashes on separate lines
  3. Use the editor's search function to confirm they match

Use the Command Line

On macOS/Linux, you can automate the comparison:

echo "EXPECTED_HASH  evidence-package.zip" | shasum -a 256 -c

Replace EXPECTED_HASH with the original hash. If the file matches, you'll see:

evidence-package.zip: OK

On Windows PowerShell:

$hash = (Get-FileHash evidence-package.zip -Algorithm SHA256).Hash
if ($hash -eq "EXPECTED_HASH") { "MATCH" } else { "MISMATCH" }

Common Questions

What if the hashes don't match?

A mismatch means the file has been modified since the original hash was computed. This could mean:

  • The file was corrupted during transfer (try downloading again)
  • The file was intentionally tampered with
  • You're comparing against the wrong hash value

Does capitalization matter?

No. A3F2B8 and a3f2b8 represent the same hash. SHA-256 hashes are hexadecimal and case-insensitive.

Can I use an online hash calculator instead?

Yes, but be cautious about uploading sensitive evidence to third-party websites. The built-in tools on your operating system are more secure because your file never leaves your computer.

Do I need to verify every file individually?

If the evidence package is a single ZIP archive that was hashed as a whole, you only need to verify the ZIP file. TrueSnap hashes the complete package, so one verification covers all contents.

Where to Find the Original Hash

For TrueSnap evidence packages, the SHA-256 hash can be found in:

  • The forensic certificate (PDF) — Listed in the verification section
  • The metadata.json file — Stored as a field in the evidence metadata
  • The blockchain record — Permanently recorded on Polygon; searchable via Polygonscan

Key Takeaway

Hash verification is the simplest and most powerful way to confirm evidence integrity. It requires no special software, takes under a minute, and provides mathematical certainty. If the hash matches, the evidence is exactly as it was when captured — no trust required.

Protect Your Digital Evidence Today

TrueSnap captures web pages with forensic-grade integrity — SHA-256 hashes, blockchain timestamps, and tamper-proof packaging that courts accept.

Download TrueSnap Free

Related Articles

View all