On a previous post I discussed how md5deep can be used to hash an entire directory recursively and output the results to a single file for later verification. Now I will demonstrate how to verify the integrity of an entire directory using the output file, md5deep will only output those file(s) that failed the integrity check/hash matching process.
In this example I have a directory by the name of Pictures with 40 items and a list containing hashes for all 40 items(list.txt). I have deliberately modified three of the items in the directory(img_0597.jpg, img_0605.jpg, img_0616.jpg), this will cause the hashes to change and no longer match against the list. In the real world this would be a reason to be alert.
This is the command I will run against the directory to check for any changes.
md5deep -X list.txt -r Pictures/
- -X Display failed hashes
- -r Recursive operation
After the command is issued md5deep outputs the name,hash, and location of the files that failed to match the list.
C:UsersLuisDesktop>md5deep -X list.txt -r Pictures/
You can output the failed results to a text file for later review by adding > failed_hashes.txt to the command.
md5deep -X list.txt -r Pictures/ > failed_hashes.txt
Md5deep is a powerful tool that administrators can take advantage of to ensure data integrity, hopefully this tutorial highlighted its value.