Windows - Hashing

Hashing is used to verify the integrity of data by generating a unique numerical digest of the given data. If the data is modified in any way from its original form the hash value will be changed as well.

 

Microsoft’s File Checksum Integrity Verifier (FCIV) - A free command-line utility for making hashes (checksums) of files.

 

1.     Download and extract the utility to “c:\windows” on your machine:

https://web.archive.org/web/20200728195620/https://www.microsoft.com/en-us/download/details.aspx?id=11533

2.     Hash a single file by running: “fciv <name of the file>”:



Note: MD5 is the default hashing algorithm. SHA1 and SHA256 are also available.

3.     It’s possible to hash every file on the volume and save to an XML database using: “fciv c:\ -r -md5 -xml <FILE NAME>.xml”. In the example below it will only do the “Shares” directory:

Text Description automatically generated

4.     List all hashes in database by using: “fciv -list -md5 -xml <FILE NAME>.xml”:

Text Description automatically generated

5.     Verify hashes in database by using: “fciv -v -md5 -xml <FILE NAME>.xml”:

Text Description automatically generated

If a file has been modified in any way the result will look like this:

Text Description automatically generated

Native Windows tools for Hashing

 

1.     PowerShell has a native utility in the “Get-FileHash” cmdlet. The default algorithm for this is SHA256:

Text Description automatically generated

2.     Via command line the utility “certutil” is available. The default algorithm is SHA1:

Text Description automatically generated

Why is Hashing important?

File hashing is a fundamental tool in security that helps ensure data integrity, detect tampering and malware, facilitate secure communications, and protect sensitive information like passwords.