🌑

Linhost.info

Compare Hashes With md5deep - Part 2

Previous Post: Hash a directory with md5deep.

On a previous post I discussed how md5deep can be used to hash an entire directory recursively and output the results to a single file for later verification. Now I will demonstrate how to verify the integrity of an entire directory using the output file, md5deep will only output those file(s) that failed the integrity check/hash matching process.

Explain…

In this example I have a directory by the name of Pictures with 40 items and a list containing hashes for all 40 items(list.txt). I have deliberately modified three of the items in the directory(img_0597.jpg, img_0605.jpg, img_0616.jpg), this will cause the hashes to change and no longer match against the list. In the real world this would be a reason to be alert.

The Command

This is the command I will run against the directory to check for any changes.

md5deep -X list.txt -r Pictures/

  • -X Display failed hashes
  • -r Recursive operation

After the command is issued md5deep outputs the name,hash, and location of the files that failed to match the list.

C:UsersLuisDesktop>md5deep -X list.txt -r Pictures/

51cc62f3df770577e5a3029c3e4fed69 C:UsersLuisDesktopPicturesimg_0597.jpg
8cca8037d8584535e28a6b9c82eac8d8 C:UsersLuisDesktopPicturesimg_0605.jpg
dad7ddfb6fc0d7ab9a73e0937b8fb290 C:UsersLuisDesktopPicturesimg_0616.jpg

You can output the failed results to a text file for later review by adding > failed_hashes.txt to the command.

md5deep -X list.txt -r Pictures/ > failed_hashes.txt

Md5deep is a powerful tool that administrators can take advantage of to ensure data integrity, hopefully this tutorial highlighted its value.

, , , — May 11, 2010