Hashing is one of the most critical techniques for ensuring a file’s integrity. Hashing algorithm creates a checksum, which is basically a unique fingerprint of a specific file. MD5 and SHA256 are hashing algorithm examples that you’ll come across as an analyst. To get a filehash, you can simply use windows powershell and type Get-FileHash, which is a command that gets hash of a file.
To get to powershell, just simply type powershell on your windows search. From there, type Get-FileHash “Location of the file, for example, /etc/file.doc“. Here is an example of a hash on a image, .png file. You can specify a specific cryptographic hash function by typing -Algorithm as well. By default, SHA256 is used. You can also include inputstream, literalpath, and path.
When you get a hash of a file and that file gets changed in any way afterwards, the hash value of that file will change. This is how you know the file that you once knew before has been tampered with. Hash creates a fixed length value, so no matter how big or small your file may be, it’ll create the same length value. This way, you don’t need to review the whole file from scratch. Other hashing option you have on windows are CertUtil, File checksum integrity verifier, Sigcheck, Hashmyfiles, and hashcheck.
Hash value shows that the file is genuine and can also be used to match a database of known malware. Most malware has a certain hash value and you can use tools to see if it matches up with anything on malware repositories like virustotal or malshare. Also, hash allows us to initiate tracking down what has changed and what processes it created.
HansITAcademy 
You must be logged in to post a comment.