SID-500

Home » PowerShell » PowerShell: Checking integrity with Get-FileHash

PowerShell: Checking integrity with Get-FileHash

A hash is a stray value and a one-way function. A string of fixed length is formed from a string of arbitrary length. Sounds mathematical. For administrators and users, a modified hash value of a file is an indication that the file has been modified.

For example, the download link of Windows 10 shows a hash value. This value can be compared to the value of the downloaded file. If the installation medium has a different hash value, it can be assumed that this is not the original and has therefore been changed.

Get-FileHash in Action

To check the file hash, you can use PowerShell. There is no reason for downloading 3rd party tools from the Internet. Avoid the ask toolbar and simply run Get-FileHash. It´s included in PowerShell!

My file looks like this.

Unbenannt.JPG

Pay attention to the hash.

Get-FileHash -Path C:\Patrick\Data.txt | Format-List

Unbenannt.JPG

If i change the content the hash value changes too.

Unbenannt.JPG

Unbenannt.JPG

More about Hashes and encryption in my German Cyber Security series

Cyber Security / Pen Testing (Teil 2): Grundlagen der Kryptographie, and in Technet https://msdn.microsoft.com/en-us/powershell/reference/5.1/microsoft.powershell.utility/get-filehash.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

Who is the blogger?

My name is Patrick Grünauer (pewa2303). I am from Austria. On sid-500 I write about Windows, Cisco and IT-Security in English and German. Have fun while reading!

Patrick Gruenauer
Follow SID-500 on WordPress.com