How to Verify Downloaded Files
Introduction
It is best to verify any file you download or transfer. If not for checking malicious file manipulation, verify to ensure the simple file transfer results in the same source and destination file. If a TCP packet was dropped during the download, the file you've downloaded may be just a hair off, and performing a file verification would let you know that what you downloaded is different than what is available on the source server.
File Verification on Windows:
Windows 7 and later versions include the certutil app which can be used for file verification.
Commands can be issued in Command Prompt or PowerShell.
The format of the command is certutil -hashfile path/to/file ALGORITHM.
The algorithm is case-sensitive, meaning 'md5' won't work and you would need to type 'MD5'.
To verify the mini.iso file's MD5 hash, execute this command:
certutil -hashfile mini.iso MD5
The results will look like this:
Output
MD5 hash of file mini.iso:
8388f7232b400bdc80279668847f90da
CertUtil: -hashfile command completed successfully.
For the SHA algorithm, we'll execute the same command, but we'll use SHA1 instead of MD5.
The number after SHA specifies the different version or iterations of SHA. So we use SHA or SHA1 for SHA1 hashing, or SHA256 if we needed the SHA 256 algorithm.
certutil -hashfile mini.iso SHA1
The results will look like this:
Output
SHA1 hash of mini.iso:
cce936c1f9d1448c7d8f74b76b66f42eb4f93d4a
CertUtil: -hashfile command completed successfully.
Compare the resulting hash to the one on the download page to ensure they match.