Digital Data Assurance

Digital integrity refers to ensuring that digital data has not been altered, corrupted or manipulated from a given point in time.

This means that the information remains intact, that is, exactly the same as its original state and any modification, even minimal, can be detected.

Digital integrity is achieved through hash functions and there are several software programs that implement hash functions: sha256sum, b3sum, fsum, etc. Regardless of what is used, it is essential to record which algorithm was used in the process, to allow correct verification of data integrity.

The auditor was developed with a focus on digital integrity, implementing an innovation in the calculation of hashes, while bringing useful features not found in the most popular existing software.

Installing the auditor

The auditor is available at: https://thash.org/auditor It must be unzipped to a local folder and, for it to be easily available from anywhere in the prompt, it needs to be copied into a folder included in the operating system's PATH, which are usually:

On Windows: %localappdata%\Microsoft\WindowsApps : (You can paste this shortcut directly into Windows Explorer and it will take you there!),C:\Windows\System32
On Linux: /usr/local/bin /usr/bin , /bin,/usr/sbin

If copied to a folder in the PATH, check if it is available by typing at the command prompt: auditor --help
If you do not have permission to copy to a folder in the PATH, you can use it directly from the folder where it was unzipped. Example: If unzipped to the folder C:\temp, type:
C:\temp\auditor.exe --help

The auditor implements two subcommands, used in this order:

auditor hash pasta: Generates audit files containing the integrity data of files existing in 'folder';
auditor check pasta: Uses information from audit files to check whether files in 'folder' are intact.

Usage is detailed below.

Start

The first step is to subject the data to hashing algorithms, saving the integrity data in audit files so that it can be verified in the future.

The recommended steps using the auditor are as follows:

Organize all the data you want to ensure its integrity in a single folder, on a reliable medium, new if possible (pendrive, HD, etc.). For large volumes of data, it is recommended to use fast-access media (SSD disks, pendrives with USB 3.0 or higher, etc.), as the process time depends on the size of the data and the type of media technology used.
Only when there is no further change to the folder's contents should you execute (Example using the folder D:\EquipeSC-05\):

For SSD disks or USB 3.0 pendrives (using the '-z' flag, to optimize performance):
auditor.exe hash D:\EquipeSC-05 -z

For other slow disks and USB media:
auditor.exe hash D:\EquipeSC-05
The above command will generate the audit files in the root of the folder and print on the screen the integrity data of the newly generated audit file Audit_FullList(default name: _auditor_hashes.txt ), which must be recorded in a printed document or in a document with a digital signature.
Integrity data that must be recorded:
Note: The integrity data is also saved in the file Audit_Stamp(default name: _auditor_stamp.txt ).
Finally, the media containing the data (which includes the audit files) must be stored and transported securely , and it is recommended to make a backup copy on another media (Storage, pendrive, HD, etc.)

Important: Changing any byte of a file after the hashes have been generated will be detected and will invalidate its integrity. Therefore, for media without write protection, DO NOT manipulate the original files, always use copies! If you need to open files contained in a folder that has already undergone the integrity process, create a copy outside the originally audited folder and use the copy. Some software, for example Microsoft Word, automatically saves opened files (changing internal metadata) which will inevitably invalidate the integrity of the file irreversibly .

The generated audit files are:

Audit_FullList: List with the integrity data (hash, algorithm, size and file path) of each of the files contained in the folder. (The default name of this file is _auditor_hashes.txt )
Audit_Stamp: Contains only the integrity data of the previous file, which is also displayed on the screen at the end of the process. (Default name: _auditor_stamp.txt )

Note 1: If audit files already exist, the auditor will fail by default. To delete them and create new ones, use the '-o' flag. This will change the integrity data that should be preserved!
Example:
auditor.exe hash D:\EquipeSC-05 -o

Note 2: If the folder does not have write permission (e.g. CDs), the auditor will not be able to write the audit files. In this case, you must define their destination using the '-f' and '-s' flags (See the subcommand help: auditor hash --help).

If you want to add a timestamp to your audit files (to prove that the process was executed at a certain date and time), you can register the timestamp signature with online services such as freetsa.org (using Online Signature) .

Start

After generating the audit files, described in the previous section, the correct integrity check must be done through (Using the folder D:\EquipeSC-05as an example:):

For SSD or USB 3.0 disks (with the '-z' flag to optimize performance):
auditor.exe check D:\EquipeSC-05 -z

For other disks and USB media:
auditor.exe check D:\EquipeSC-05

The auditor will verify the integrity of the files in the folder using the information in the audit files. He will also recalculate and display on the screen the file integrity data Audit_FullList( _auditor_hashes.txt ): The recalculated integrity data must necessarily match those already recorded in the document prepared in item A.3 that was physically printed. If a document with a digital signature was used, the signature must be duly verified.

If any discrepancy is detected, the auditor will report the error.

Start

If you have any concerns about the integrity of the Auditor software, calculate the SHA256 hash of the executable with an independent tool and compare it with the value published at: https://thash.org/auditor .
The procedure described uses the default options. Other options and details are available in the full Auditor manual.
By default, Auditor uses the thash method , which is faster. You can disable this method if desired.

To go back

Digital Data Integrity with auditor

Digital Integrity and Auditor Installation

Installing the auditor

A - Generating the audit files (auditor hash)

B - Verifying data integrity (auditor check)

Important considerations