File Hashes in IT, in Courts and in Real Life (and a Look at the Tools Still Being Used)

June 10, 2026

Every time you download a program and your computer checks it arrived intact, a hash did the work. Every time a backup system skips a file it already has, a hash made the call. And every time a digital file is presented as evidence in a courtroom, somewhere in the paperwork there is, or there should be, a hash.

For something so central to how we trust digital information, the tools people use to compute hashes are surprisingly old. We will get to that, because it is the strange part of this story. First, the basics.

What a hash actually is

A hash is a fixed-length fingerprint computed from a file's content. Feed the same file to the algorithm and you get the same fingerprint, every time, on any machine. Change a single byte, even a comma in a 500-page document, and the fingerprint changes completely.

That gives you a simple but powerful test: if two fingerprints match, the files are identical. If they differ, something changed. You never need to compare the files themselves, and you never need to show them to anyone.

If you want the deeper story of how fingerprints combine with public timestamps to prove when something existed, that is precisely what our pillar article on timestamping covers. Here we stay with the fingerprint itself, because it has a busy life of its own.

Where hashes do the quiet work in IT

Hashes are the plumbing of digital trust. A few places they run every day:

Software distribution. Projects publish the hash of each release next to the download link. If the file you received hashes to the same value, it was not corrupted or tampered with on the way.
Version control. Git identifies every commit by a hash. When two developers see e6b41d, they know they are looking at exactly the same code.
Backups and deduplication. Storage systems hash files to detect duplicates and to verify that what was restored is what was saved.
Security tooling. Antivirus engines and threat-intelligence feeds identify malicious files by their hashes.

None of this is exotic. It works because the fingerprint test is fast, cheap and unambiguous.

Where hashes meet courts and real life

The same property matters outside IT. When a digital file becomes evidence, a photo, a chat export, an email archive, a contract, the first question a serious examiner asks is: is this exactly the file that was collected, or has it been altered along the way?

The answer is a hash. The examiner records the fingerprint when the evidence is collected. Anyone can recompute it later, at any stage of the proceedings, and confirm the file is byte-for-byte intact. Forensic IT experts do this routinely, and so do notaries, auditors and insurance assessors. In everyday life the same logic protects you when you document a car accident, a property's condition or a delivered piece of work: fingerprint it now, and nobody can quietly swap or edit it later.

The strange part: the tools

Here is what surprised us. Talking with a small sample of practitioners, we found that a tool still in use for this job is HashCalc by SlavaSoft, a Windows utility from the early 2000s.

HashCalc by SlavaSoft, the discontinued Windows hash calculator from the early 2000s, hashing an evidence file — HashCalc by SlavaSoft, released in the early 2000s and surprisingly still showing up in professional work today. The software house does not seem to be active anymore: click its logo and the website returns an advertising page. The program itself is found today on third-party download portals.

We tried it, and the problems start before you even run it. SlavaSoft, the company behind it, does not seem to be active anymore: its website now serves ads, and according to the Wayback Machine it has shown no signs of life since January 2020. With the official website gone, in practice you download the program from large software portals like Softonic and hope the copy is faithful. It runs only on Windows. And it struggles badly with large files, because it tries to process them in one piece instead of streaming them in chunks: in our tests with multi-gigabyte video files it either hangs or takes more than twenty minutes.

Why does a 20-year-old orphaned tool persist in serious work? Tools evolve; habits evolve more slowly. Professionals understandably stay with what they learned and have trusted for years, often since university, and that comfort is part of how any practice works. Our sample is small, and this surely does not describe everyone. But it is a real pattern, we have seen it firsthand, and it is worth asking the question properly: when the developer has disappeared, the download comes from a random mirror and the source code was never public, what exactly are you trusting? There is a real irony in verifying the integrity of evidence with a program whose own integrity you cannot verify.

What a modern hash tool looks like

Browsers quietly became capable of running serious applications. Some of those applications still send your data to a server for the heavy lifting. Others do the work entirely on your machine, and that is the case of the Free Hash Calculator we built.

It runs on two well-established pieces of technology: WebAssembly, which lets browsers execute near-native-speed code, and hash-wasm, a widely used open-source hashing library whose source code is public and inspectable. The file is read in chunks, as a stream, so there is no theoretical limit on size: a 2 GB video is processed as comfortably as a 2 KB text file.

EMOZ free online hash calculator computing nine hash algorithms (MD5, SHA-256, SHA-512) on a 1.99 GB file in 32 seconds — The fingerprints of a 1.99 GB file (2,132,524,513 bytes), all computed simultaneously in 32.35 seconds. That is about 66 MB per second: roughly twice the real-world speed of copying to a USB 2.0 pen drive, and faster than a 500-megabit fiber line could even deliver the file.

And most important: it is privacy first. The file never leaves your device. Nothing is uploaded to any server or cloud, which matters a great deal when the file is evidence, a contract or unpublished work. You do not have to take our word for it either: open your browser's developer tools while hashing and watch for yourself that nothing is transmitted.

No installation, no platform lock-in. It works the same from a Windows desktop, a Mac, a Linux laptop or a tablet, today and on whatever you are using next year.

A report built for serious work

Computing fingerprints is half the job; documenting them is the other half. The calculator generates a PDF report, and before downloading it you can optionally identify who produced it: a person or a company, with tax ID and address, a case reference, and the hashing session itself.

Hash report issuer details form: person or company, tax ID, address, case reference and hashing session data for professional documentation — After hashing, the optional report details: who issued the report (a person or a company, with tax ID and address), a case reference and the hashing session itself (timing, browser, operating system, public IP address). Useful when the report becomes part of professional documentation, for instance in court proceedings.

Self-contained PDF file hash report generated by the EMOZ free online hash calculator, with fingerprints and verification details — An example report. It is self-contained: along with the fingerprints it records the technical details needed to verify it, including the open-source hashing library used, whose code anyone can inspect if an audit is ever required.

The report is not stored online. It can be reproduced at any time by hashing the same file again, which is the beauty of how hashes work: the proof is in the mathematics, not in our database.

From proving integrity to proving time

A hash answers one question with certainty: is this file exactly the same file? What it cannot tell you on its own is when the file existed. For that you need to anchor the fingerprint to a moment in time that nobody can backdate, which is exactly what EMOZ does: it writes the fingerprint to a public blockchain, creating a tamper-evident, independently verifiable record that your file existed, exactly as it is, on a specific date.

This is precisely the direction we are building in: tools that make digital information provable, privately and without friction, in a world where anything can be copied, edited or generated. The Free Hash Calculator is the everyday workhorse, free forever, no signup. Timestamping is the next step when "intact" needs to become "intact since this date".

Try the calculator with any file, even a huge one. It costs nothing, and your file goes nowhere.