Previous Post: Hash a directory with md5deep.
On a previous post I discussed how md5deep can be used to hash an entire directory recursively and output the results to a single file for later verification. Now I will demonstrate how to verify the integrity of an entire directory using the output file, md5deep will only output those file(s) that failed the integrity check/hash matching process.
In this example I have a directory by the name of Pictures with 40 items and a list containing hashes for all 40 items(list.txt).
I have deliberately modified three of the items in the directory(img_0597.jpg, img_0605.jpg, img_0616.jpg), this will cause the hashes to change and no longer match against the list. In the real world this would be a reason to be alert.
This is the command I will run against the directory to check for any changes.
md5deep -X list.txt -r Pictures/
- -X Display failed hashes
- -r Recursive operation
After the command is issued md5deep outputs the name,hash, and location of the files that failed to match the list.
C:UsersLuisDesktop>md5deep -X list.txt -r Pictures/ 51cc62f3df770577e5a3029c3e4fed69 C:UsersLuisDesktopPicturesimg_0597.jpg 8cca8037d8584535e28a6b9c82eac8d8 C:UsersLuisDesktopPicturesimg_0605.jpg dad7ddfb6fc0d7ab9a73e0937b8fb290 C:UsersLuisDesktopPicturesimg_0616.jpg
You can output the failed results to a text file for later review by adding > failed_hashes.txt to the command.
md5deep -X list.txt -r Pictures/ > failed_hashes.txt
Md5deep is a powerful tool that administrators can take advantage of to ensure data integrity, hopefully this tutorial highlighted its value.