e-Dex for Forensic Investigators

The Problem: Every Artifact Must Survive Challenge

For a forensic investigator, an artifact is only as good as its provenance. Every file you acquire has to be hash-verified at collection and re-verified after each copy or transfer, and every act of handling has to be documented well enough to survive a challenge in court or in a disciplinary hearing. When integrity is assumed rather than proven, opposing counsel has an opening: a single undocumented copy or an unexplained gap in custody can put an entire examination in doubt. The work is repetitive, but it is the backbone of a defensible investigation, and our primer on the role of hashing in digital forensics explains why this discipline underpins everything that follows.

How e-Dex Helps

e-Dex gives investigators a single, focused workflow for evidence integrity:

• Multi-algorithm and dual-hashing — compute SHA-256, SHA-512 and BLAKE3 side by side, and dual-hash an artifact under two algorithms at once so an undetected collision is implausible. MD5 and SHA-1 are also recorded for continuity with older case records.
• Verify acquisitions — capture a baseline hash at collection and confirm it on every later check with a plain match result, so a copy can be shown bit-for-bit identical to the original.
• Tamper-evident chain of custody — record who handled each artifact and when, with every handover tied to a re-verified hash. See our chain of custody software and the chain of custody checklist.
• Self-verifying evidence packs — bundle a case into a BagIt pack so a whole batch travels as one verifiable unit with a manifest anyone can re-validate.
• Signed examination & acquisition certificates — issue a one-page integrity certificate sealed with a PAdES digital signature and an optional RFC-3161 trusted timestamp.
• Fully offline — everything runs on a single Windows machine, so sensitive evidence never leaves your control.

Where e-Dex Fits: A Complement, Not a Replacement

e-Dex is a free, focused integrity layer — not a full forensic suite. It does not image drives, carve deleted files or parse artefacts; it complements those heavyweight acquisition and analysis workflows by doing the one job examiners repeat all day: proving files are unaltered, documenting how they were handled, and certifying the result. Drop it alongside your existing acquisition and analysis tools to add a defensible, machine-readable integrity record without a licence fee or vendor lock-in. Outputs are open — hashes, BagIt manifests, and certificates in HTML, JSON and XML — so any other tool can read them.

Outcomes for Your Casework

Fits Your Workflow

• Hash and verify an acquisition immediately after collection, before analysis begins.
• Re-verify exhibits before each handover, transfer or export.
• Package an exhibit set into a self-verifying BagIt pack for transmission to counsel or a peer reviewer — see our defensible e-discovery collection checklist.
• Issue a signed examination certificate for the case file — our guide to the forensic examination certificate in India walks through it.
• Apply an RFC-3161 timestamp when you need independent proof of when a result was produced.
• Pair it with the broader digital forensics hashing tool workflow already in e-Dex.

Frequently Asked Questions

Is e-Dex really a free hashing and certificate tool for forensic investigators?
Yes. e-Dex is a free Windows application that runs fully offline. Multi-algorithm hashing, dual-hash acquisition verification, chain-of-custody logging, building BagIt evidence packs and issuing signed examination and acquisition certificates all happen on your own machine, with no licence fee, cloud account or dongle. An internet connection is only needed if you choose to apply an RFC-3161 trusted timestamp.

What is dual-hashing and why do forensic investigators use it?
Dual-hashing computes two independent algorithms over the same evidence at once, for example SHA-256 alongside SHA-512 or BLAKE3. Recording two values makes an undetected collision implausible and lets a verifier match against whichever algorithm the original case record used. e-Dex lists several algorithms per file so an examiner can prove integrity even when reviewers prefer different standards.

Does e-Dex replace a full forensic acquisition suite?
No, and it is not meant to. e-Dex is a focused, free integrity layer that complements heavyweight acquisition and analysis workflows. It does the everyday job most examiners need — proving files are unaltered, documenting handling and certifying the result — without replacing the imaging, carving and analysis features of a full forensic suite. Use it alongside your existing tools.

How does e-Dex keep a tamper-evident chain of custody?
e-Dex records who acquired each artifact, when it was hashed, and the result of every later verification, keeping the integrity values and the custody log consistent with one another. Because each handover is tied to a re-verified hash, any alteration between steps shows up as a mismatch, so the custody record is evidence-backed rather than a paper trail that has to be taken on trust.

What is a self-verifying BagIt evidence pack?
BagIt is a widely used packaging format that stores evidence files together with a manifest of their hashes. e-Dex builds a BagIt pack so a whole batch travels as one verifiable bundle: anyone who receives it can re-validate every file against the manifest and confirm nothing changed in transit, and a signed certificate can accompany the pack as a one-page integrity record.

Start Verifying and Certifying Evidence

Bring multi-algorithm hashing, acquisition verification, tamper-evident chain of custody, self-verifying evidence packs and signed certificates into one free, offline workflow. e-Dex from Innovativa SoftTech (Pune) runs on a single Windows machine and keeps your evidence entirely under your control. Download e-Dex free and prove your files are exactly what they should be — or try the hash tool first.