While making a block by block image is definitely a step toward best evidence, there is clearly still a case that a copy – even a good physical copy – is not the original article. This means that there must be a mechanism to verify the integrity of the copy. The most common method of verifying data in computing is the checksum.

The most common checksum that's used is the Message Digest 5 (MD5) checksum, which was specified under IETF RFC 1321. MD5 applies a series of mathematical algorithms on the image file and its contents in order to generate a 128-bit hash value. A 128-bit value has almost 3.4 x 10³⁸ different combinations, which means that the chances of a collision (two files generating the same hash value) are exceedingly low; if a single hash was attempted per second, and each hash value was stored, it would take longer than the universe has existed to have a 50% chance of a repeat. Comparing just 128 bits is obviously much easier to compare than going through the actual image itself block by block to verify that the image has not been compromised.

If copies of disks/disk images have corresponding MD5 hashes, this is a fair indication that the image has not been contaminated. However, if the case was to progress to court, the original best evidence may still be requested. Practitioners must be aware of the limitations of hashes, as well as the confidence levels associated with them.