When I download, say an ISO image, using a torrent; should I still verify the file's integrity (by calculating sha256 hash, for example), or is this done automatically while downloading?
The BitTorrent protocol has a mechanism for automatically verifying each chunk's integrity after download. Of course, this should only reassure you if you trust the source of the file.
If you have a checksum for the whole file (eg. for some software package), you can definitely verify the file yourself afterwards.
Torrent files have an "announce" section, which specifies the URL of the tracker, and an "info" section, containing (suggested) names for the files, their lengths, the piece length used, and a SHA-1 hash code for each piece, all of which are used by clients to verify the integrity of the data they receive.