Blog Details

Introduction

Every data migration ends with the same anxious question: did all the data arrive, exactly as it was? Whether you are an IT lead moving a database to new hardware, a managed-service provider cutting a client over to the cloud, or an auditor signing off an ERP go-live, you need more than a reassuring screen that says "complete." You need defensible proof that the source and the target hold the same data, byte for byte. A data migration verification certificate provides that proof. It hashes the data before and after the move, compares the two, and records the outcome in one readable document. This article explains what the certificate contains, when to use it, and how e-Dex (formerly Hash Calculator) produces one entirely on your own machine.

What a Data Migration Verification Certificate Is

A data migration verification certificate makes a narrow, testable claim: that the data set at the destination is identical to the data set at the source, as determined by comparing cryptographic hashes. A cryptographic hash is a fixed-length fingerprint computed over a file's contents. Change a single byte and the hash changes completely, so two matching hashes are strong evidence that nothing was added, dropped or corrupted in transit. The certificate does not describe the migration tooling or the network path — it answers only the question of whether the bits survived the journey intact, and it answers it with arithmetic rather than assurance.

What Is Inside the Certificate

The certificate is built from real, structured fields rather than free text. It identifies the case and the analyst, then opens with a summary line — total files, total size, and counts of matches, mismatches and errors. Below that sits the hashes annexure: each file listed with its byte size, its SHA-256 value and a per-file verification status such as "Verified." A verification result line states the totals plainly — for example, verified, failed and errors counts. The document closes with a declaration in which the analyst certifies that the data set was verified with e-Dex before and after migration, that the source and migrated hashes were computed and compared, and that the stated result reflects whether the migrated data is identical to the source. Finally, the whole document is bound by a SHA-256 integrity seal computed over its sealed content, so any later edit to the certificate itself is detectable.

Source Versus Target, File by File

The heart of the workflow is a direct comparison. e-Dex records a hash for every file at the source and again at the destination, then matches them. A file is counted as matched only when both hashes are identical; if they differ it is a mismatch, and if a file expected at the target cannot be found it is recorded as missing. A clean migration shows every file matched with zero mismatches and zero errors — a small set of integers that an auditor can read in seconds and that no amount of progress-bar optimism can fake. This is the same integrity logic behind our evidence integrity certificate, applied to the before-and-after of a migration.

Where It Is Used

The certificate fits any cutover where someone has to sign off that data moved losslessly. System and hardware migrations use it to confirm that files copied to a new server are identical to the originals before the old system is decommissioned. Cloud lift-and-shift projects attach it as evidence that uploaded data matches what left the on-premises estate. ERP and data-platform cutovers rely on it for go-live sign-off, giving the business and the auditors a single artefact that the migrated records are complete and unaltered. MSPs hand it to clients as deliverable proof of a clean handover. In each case the certificate turns "trust me, it worked" into a document anyone can re-check.

How e-Dex Generates It

The process is straightforward. First, hash the source data set with e-Dex using SHA-256, SHA-512 or BLAKE3. Run the migration. Then hash the destination with the same algorithm and let e-Dex compare the two sets, producing the per-file match, mismatch and missing counts. Once the comparison is in hand, open the Certificate Generator, choose the data-migration template, and export to PDF. If your workflow is built around backup rather than migration, e-Dex also offers a related Backup Validation tab that confirms a backup equals its source by hash and certifies the result — the same compare-and-attest pattern in a different context.

Verifying the Certificate Offline

e-Dex runs fully offline on a single Windows machine, so neither the data nor the certificate ever leaves your environment. Verification is just as self-contained. The SHA-256 integrity seal is computed over the certificate's sealed lines, so a reviewer can recompute SHA-256 over those lines and confirm the result equals the stated hash, proving the document has not been edited. Independently, the hashes annexure lets an auditor re-hash the migrated files and compare them against the recorded values — no portal, no account, no internet. For a deeper look at offline checking, see our guide to verifying a digital evidence certificate offline. Where extra assurance is required, you can also apply a PAdES digital signature and an RFC-3161 trusted timestamp; only the timestamp step needs the internet.

Frequently Asked Questions

What is a data migration verification certificate?
It is a short, readable document that records that a data set was hashed before and after a migration and that the source and target values were compared file by file. It lists each file with its size and verification result, a per-file hashes annexure, an overall verification result and a declaration, all bound by a SHA-256 integrity seal. In effect it is cryptographic proof that the migrated data is identical to the source as far as the comparison shows.

How does e-Dex prove a migration was lossless?
e-Dex computes a cryptographic hash of every file at the source and again at the destination, then compares the two sets value by value. A file counts as matched only when both hashes are identical. The certificate summarises how many files matched, changed, were missing or errored, so a result of all files matched and zero mismatches is strong evidence that the migration moved the data without altering or losing it.

Does e-Dex need an internet connection to verify a migration?
No. e-Dex runs fully offline on your own Windows machine. Hashing the source and destination, comparing them and generating the data migration verification certificate all happen locally, so your data never leaves your environment. An internet connection is only needed if you choose to apply an RFC-3161 trusted timestamp from a Time-Stamping Authority.

Which hash algorithms does e-Dex use for migration verification?
e-Dex supports SHA-256, SHA-512 and BLAKE3, all modern collision-resistant algorithms. SHA-256 is the common default and is also used as the integrity seal over the certificate itself. Using the same algorithm on both the source and the target ensures the before-and-after comparison is exact and reproducible.

Can someone else verify the certificate later?
Yes. The certificate carries a SHA-256 integrity seal computed over its sealed content. Anyone can recompute SHA-256 over the sealed lines and confirm the result equals the stated hash, proving the document itself has not been edited. The hashes annexure also lets an auditor re-hash the migrated files independently and compare against the recorded values, all without contacting Innovativa or going online.

Conclusion

A data migration verification certificate replaces a hopeful "complete" with a one-page, verifiable fact: the migrated data is identical to the source, proven by hashing both sides and comparing them file by file, and sealed against tampering with SHA-256. It gives IT teams, MSPs and auditors a clean sign-off artefact for system migrations, cloud lift-and-shift and ERP cutovers alike. If your work also touches backups and compliance, the same approach underpins our backup integrity certificate for compliance. You can produce a migration certificate in minutes, offline, on a single Windows machine with e-Dex — the Digital Evidence Integrity Suite. Download it free and prove your migration moved every byte intact.