How to Hash a Photo to Prove It Was Not Edited

Introduction

A photograph can settle an argument or start one. The moment its honesty is questioned, you need a way to show the image is exactly what it was when you captured it. That is what a hash gives you. To hash a photo to prove not edited is to compute a short cryptographic fingerprint over the file's exact bytes and freeze that value in time. If the same file is hashed again later and produces the same fingerprint, the photo is provably unchanged down to the last byte. This guide walks through how that works, what it does and does not prove, the metadata pitfalls to avoid, and the practical steps to do it on your own machine with e-Dex (formerly Hash Calculator).

How It Works

A cryptographic hash, such as SHA-256, reads every byte of the photo file and produces a fixed-length string that acts as a digital fingerprint. The key property is sensitivity: change anything at all and the fingerprint changes completely and unpredictably. The trick is timing. You hash the original file at capture — before opening it in an editor, before re-saving, before sharing it through an app that might recompress it. That first hash becomes your reference. Any later edit, even a single-pixel change or a simple re-save that re-encodes the JPEG, produces a different hash. So when a re-computed hash matches your recorded value, you have proof the file never moved a bit since you froze it. If you want the underlying idea in more depth, read our explainer on what tamper-evidence means in digital forensics.

What a Hash Does — and Does Not — Prove

It is vital to be precise about the claim. A matching hash proves the file is byte-identical to the version you recorded. It does not prove that the scene is real, that nothing was staged in front of the lens, that the photo was taken where or when it claims, or that the camera was not fed a fake. Hashing protects integrity after capture; it says nothing about authenticity at the moment of capture. Confusing the two oversells your evidence. The honest, defensible statement is narrow and strong: "this image has not been altered since it was recorded." Anything about the truth of the scene needs separate support — witness accounts, device logs, and a documented chain of custody.

The EXIF and Metadata Trap

Photos carry hidden data inside the file: EXIF fields such as the capture date, GPS coordinates, camera make and orientation. Because the hash is computed over the whole file, that metadata is part of the fingerprint. The catch is that ordinary actions silently rewrite it. Opening a photo in an editor and saving, sending it through a messaging app that strips location data, or even rotating it can re-save the file and change or remove EXIF — and that changes the hash, making an untouched-looking image fail verification. The rule is simple: to keep the original hash valid, work from a copy of the raw file and never open-and-save the original. If you must hash after the fact, hash the exact file you intend to rely on and record that value.

Practical Steps

The workflow is short and repeatable. One, hash at capture: as soon as you have the photo, compute its hash — SHA-256 is the sensible default — over the original file. Two, record it: save the hash next to the filename, the date, and a one-line note of where the photo came from. Three, optionally timestamp it: apply an RFC-3161 trusted timestamp so the hash is sealed against an independent time source, proving the value existed at that moment. Four, re-hash to verify: whenever integrity is questioned, recompute the hash of the file and compare it to your record. A MATCH means byte-identical and unaltered; a MISMATCH means the file changed. e-Dex performs each of these steps in a few clicks and prints a plain verdict.

When It Has to Stand as Evidence

For an internal check, the hash alone is enough. When the photo may be relied on formally, wrap the hash in two things: a certificate and a chain of custody. The certificate records the file name, the algorithms, the hash values and a MATCH / MISMATCH result in a clean, signed document; the chain of custody records who handled the file and when. Together they turn a bare fingerprint into a defensible package. If your photo is a screenshot or capture that may go before a court, see our walkthrough on how to certify a screenshot as evidence in India, and learn more about the foundation on our evidence integrity page.

Frequently Asked Questions

How does hashing a photo prove it was not edited?
A hash is a fixed-length fingerprint computed over every byte of the photo file. If you record the hash at capture and later recompute it, an identical value proves the file is byte-for-byte unchanged. Because even a one-pixel edit or a re-save changes the hash completely, a matching hash is strong evidence that the photo was not edited since it was recorded.

Does a matching hash prove the scene in the photo is real?
No. A hash proves only that the file is byte-identical to the version you recorded. It does not prove the scene is real, unstaged, taken at a particular place, or that the camera was not tricked. Hashing protects integrity after capture; it says nothing about authenticity at the moment of capture. Those are separate questions that need other forms of proof such as device records and chain of custody.

Why does editing EXIF metadata change a photo's hash?
EXIF metadata such as date, GPS and camera model is stored inside the image file itself. The hash is computed over the entire file, including that metadata. So stripping, editing or re-writing EXIF — which happens automatically when many apps re-save an image — changes the bytes and therefore changes the hash. To preserve the original hash, copy the file without opening or re-saving it.

Which hash algorithm should I use for a photo?
SHA-256 is the practical default: it is modern, collision-resistant and widely recognised. e-Dex also computes SHA-512 and BLAKE3 for extra assurance, plus MD5 and SHA-1 for matching against older records. Listing several algorithms side by side makes the integrity proof stronger and lets a verifier match whichever value was originally recorded.

Do I need internet to hash a photo with e-Dex?
No. e-Dex runs fully offline on your own Windows machine, so the photo never leaves your computer. Hashing, comparing values and producing the certificate all happen locally. An internet connection is only needed if you choose to apply an RFC-3161 trusted timestamp from an independent Time-Stamping Authority.

Conclusion

Proving a photo was not edited is not about clever forensics — it is about discipline at the start. Hash the original the moment you have it, record the value, and re-hash whenever integrity is questioned. A matching fingerprint then settles the byte-level question cleanly, while metadata care keeps that proof intact. You can do every step in minutes, offline, on a single Windows machine with e-Dex — the free Digital Evidence Integrity Suite. Open the hash tool, freeze your photo's fingerprint, and prove it is exactly what it should be.