In this blog post, we dicuss the use of Microsoft File Integrity Checksum Verifier (FCIV) and the importance it has in security.
FCIV is a command line utility that is used to generate or compute MD5 & SHA-1 hash values to compare against provided values particular to a download. The importance of this tool is to verify that a downloaded file has not been corrupted or altered in any way. Large files such as ISO images and operating system service packs are often targeted by malicious parties and can be altered to contain malware.
After downloading a file, it is always best to use FCIV to be sure it is not corrupted or modified before choosing to install or execute.
Download & Install
Click the following to Download Microsoft FCIV
Next, execute the download and accept the license agreement. The installer will ask where you would like the files to be extracted. Personally, we find that extracting FCIV into the “Downloads” folder is best as most user downloads default to this location. Once extraction location is decided, click OK to extract and then once again to close the installer.
Checking File Integrity
Now that FCIV has been extracted & installed, we can put it to use. To do so, we will need to download a file or program from a source that has also provided either and MD5 or SHA- hash. For this example we are using the program WinDirStat (a Windows disk usage statistics viewer and cleanup tool). Be sure that WinDirStat is downloaded to the appropriate directory or the same directory that FCIV has been extracted to.
Open a command prompt by pressing Win+R on your keyboard and entering cmd into the run box.
Once the command prompt has opened, navigate to the Downloads directory by issuing the following command:
Next, we will ask FCIV to run a hash check against our WinDirStat download. To do this, run the following in your command prompt window:
fciv windirstat1_1_2_setup.exe -md5
Breakdown: fciv calls the name of our program windirstat1_1_2_setup.exe with the option of -md5 to specify the hashtype.
The name of the program can be autofilled in command prompt
by typing the first few characters and the pressing tab
Depending on the size of the file FCIV runs a check against, results can take anywhere from a few seconds to a few minutes.
The image below shows the result of our file integrity check against WinDirStat.
In order to use FCIV to check against SHA-1 hashes, use the option -sha1 lets instead try running it with the option -both to have it display results for each hash type.
By examining the picture above, we see that FCIV has successfully ran an Integrity Check against the program WinDirStat and has provided matching hashes with what has been provided by the trusted source. This helps to verify that the file downloaded is indeed true and the installation can be proceeded with safely.
Network Security Analyst | Blogger | Hacker | InfoSec Nerd