Finding a file Hash Natively in Windows with CertUtil

A hash function is any function that can be used to map data of arbitrary size to fixed-size values, though there are some hash functions that support variable length output. The values returned by a hash function are called hash values, hash codes, hash digests, digests, or simply hashes. The values are usually used to index a fixed-size table called a hash table. Use of a hash function to index a hash table is called hashing or scatter storage addressing.

In Windows, we can natively perform a hash check on a file using "CertUtil". CertUtil is actually used for manage certificates, but it also can perform hash checks. We would want to has a file for the purpose of verifiying a file integrity. 

We can use the command certutil -hashfile -? to see a list of all available options. 

CertUtil supports the following hash algorithms:

MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512

We can run the command on a file to get a filehash: certutil -hashfile filename SHA256

Once we have the file hash we can compare that against an original to see if changes have occured, or upload the hash to a service like VirusTotal to see if the hash belongs to a file that is malicious.

Like my work? Donate here: https://buymeacoffee.com/forensicnoobsecurity