e-Dex for Auditors & Compliance
File Integrity Evidence for Auditors & Compliance Teams
e-Dex is a free, offline Windows tool that turns "trust us, nothing changed" into proof. Baseline your records, logs and backups, re-hash them later to detect any change, and retain a signed integrity certificate plus a custody trail you can hand straight to an auditor — all on your own machine, with nothing ever leaving your control.
Auditors Want Proof, Not Assurances
When an auditor asks whether a financial record, an application log or a backup is the same one you captured months ago, an assurance is not evidence. They need something defensible: a record showing the file is bit-for-bit identical to a known baseline, produced in a way they can re-verify themselves. Most teams cannot produce that on demand — they can show the file, but not prove it was never altered. A file integrity evidence tool for auditors closes that gap by making "unchanged" a provable fact rather than a claim. Our file integrity for compliance overview explains why this matters across control frameworks.
How e-Dex Produces the Evidence
e-Dex computes a cryptographic baseline hash — a fixed-length fingerprint of a file's contents — the moment you capture a record, log or backup. Change a single byte and that hash changes completely, so a later re-hash instantly detects any alteration. Each verification is captured as a signed integrity certificate you can retain as an audit artifact, backed by tamper-evident logs of the hashing activity and a custody trail of who handled each file and when. Because it runs fully offline, sensitive data never leaves your machine. See how evidence integrity works for the underlying mechanics.
Mapping to Framework Evidence Expectations
Control frameworks repeatedly ask you to demonstrate that data has not been altered without authorisation and that backups are recoverable and intact. e-Dex produces the kind of artifacts those expectations call for — baselines, re-hash verification results, signed certificates and custody records — which map generically to the integrity and logging expectations behind ISO 27001, SOC 2 and many regulatory evidence requirements. To be clear: e-Dex produces the evidence; it is not a compliance programme and does not certify your organisation. The scoping, controls and audit remain yours. Our guides on ISO 27001 evidence and backup integrity controls and SOC 2 backup and restore evidence show how teams use these artifacts in practice.
What You Get
Defensible proof
Re-verifiable hashes that show records, logs and backups are unchanged — not just asserted to be.
Audit-ready artifacts
Signed integrity certificates you can retain and attach directly to an audit file.
Custody & tamper-evident trail
A record of who handled each file and when, with tamper-evident logs of the hashing activity.
Offline & free
Runs on a single Windows machine with no cloud account, no licence fee and no data leaving your control.
Evidence You Can Hand an Auditor
- A signed integrity certificate listing each file and its hash.
- A re-hash verification result proving the file matches its baseline.
- A tamper-evident log of the hashing and verification activity.
- A custody trail of who handled the records and when.
- Open, machine-readable outputs (HTML, JSON, XML) the auditor can re-verify independently.
For a practical worked example, see our backup validation checklist and the walkthrough on building an audit evidence certificate.
Frequently Asked Questions
What is a file integrity evidence tool for auditors?
It is a tool that produces defensible, verifiable proof that records, logs and backups were not
altered between two points in time. e-Dex computes a cryptographic baseline hash of each file,
re-hashes it later to detect any change, and records each match as a signed integrity certificate
with a custody trail. Instead of asserting that data is unchanged, you can hand an auditor an artifact
that proves it.
Does e-Dex make my organisation ISO 27001 or SOC 2 compliant?
No. e-Dex is not a compliance programme and does not certify your organisation. It produces the
file-integrity evidence that controls and auditors ask for — baselines, re-hash verification results,
signed integrity certificates and custody records — which you can map to evidence expectations under
frameworks such as ISO 27001 and SOC 2. The framework programme, scoping and audit remain your
responsibility.
What evidence can I actually hand to an auditor?
You can hand over a signed integrity certificate listing each file and its hash, a verification result
showing the file is unchanged against its baseline, a tamper-evident log of the hashing activity, and
a custody trail of who handled the records and when. These are open, machine-readable artifacts an
auditor can re-verify independently.
Does e-Dex run offline, and is it free?
Yes. e-Dex is a free Windows application that runs fully offline. Baselining, re-hashing, certificate
generation and custody logging all happen on your own machine, so sensitive records, logs and backups
never leave your control. An internet connection is only needed if you choose to apply a trusted
RFC-3161 timestamp.
How does e-Dex prove a backup or log was not tampered with?
When you capture a backup or log, e-Dex records its baseline hash — a fixed-length fingerprint of its
contents. At any later point you re-hash the same file and compare. If a single byte changed, the hash
changes and the verification fails; if the values match, the file is provably identical to the
baseline. The signed certificate retains that result as durable audit evidence.
Give Your Auditors Evidence, Not Assurances
Baseline your records, re-hash to detect change, and retain signed integrity certificates with a full custody trail — in one free, offline workflow. e-Dex from Innovativa SoftTech (Pune) runs on a single Windows machine and keeps your data entirely under your control. Download e-Dex free and produce evidence you can hand an auditor — or try the hash tool first.