A recent article on police forensic searches of computers, Arguing for Suppression of 'Hash' Evidence, by Marcia Hofmann, gives a summary of how police really search computers and the implications for defense attorneys. It also covers the current rather sparse case law.
Apparently police often search a computer by first taking a snapshot, or image, of the hard drive, and searching that. They may actually examine a few files to see if any are contraband, e.g. child pornography. In order to eyeball files, they must have a search warrant, i.e. establish "probable cause".
They may also make a list of the hash sum of every file on the hard drive, and compare that list against a list of known contraband files. Some writers have argued that this does not violate the computer owner's IVth Amendment rights because the hash says nothing about the content of the file. That sounds like sophistry to me, but then I'm not an attorney.
The article is aimed at defense attorneys, who usually get involved in a case after the police have seized the computer, imaged the hard drive, and calculated the hashes. So the article doesn't mention a very simple thing the owner can do to defeat a hash search.
Since we're talking about hashes, we're talking about md5 sums, sha1 sums, etc. Techies know well that if you change a small part of a file, you change the hash, usually drastically.
Of course, it is possible that the folks who wrote the forensic program thought of all that and included suitable workarounds. But, oh, would that slow the forensic software down!