How to Verify File Integrity in Windows With FCIV

Easy Steps to Verify a File With Microsoft FCIV

Some types of files you download, like ISO images, service packs, and of course entire software programs or operating systems, are often large and high-profile, making them prone to downloading errors and possibly even alterations by malicious third parties.

Fortunately, many websites offer a piece of data called a checksum that can be used to help verify that the file you end up with on your computer is exactly the same as the file they're providing.

A checksum, also called a hash or hash value, is produced by running a cryptographic hash function, usually MD5 or SHA-1, on a file. Comparing the checksum produced by running a hash function on your version of the file, with the one published by the download provider, can prove with near certainty that both files are identical.

Follow the easy steps below to verify a file's integrity with FCIV, a free checksum calculator:

You can only verify that a file is genuine if the original producer of the file, or another person you trust who has used the file, has provided you with a checksum to compare to. Creating a checksum yourself is useless if you have nothing trustworthy to compare it to.

Time Required: It should take less than five minutes to verify a file's integrity with FCIV.

How to Verify File Integrity in Windows With FCIV

  1. Download and "Install" File Checksum Integrity Verifier, often simply referred to as FCIV. This program is freely available from Microsoft and works on all commonly used versions of Windows.

    FCIV is a command-line tool but don't let that scare you away. It's very easy to use, especially if you follow the tutorial outlined below.

    Obviously if you've followed the tutorial above in the past then you can skip this step. The remainder of these steps assumes that you've downloaded FCIV and placed it in the appropriate folder as described in the link above.

  2. Navigate to the folder that contains the file that you want to create the checksum value for.

  3. Once there, hold down your Shift key while right-clicking on any empty space in the folder. In the resulting menu, select the Open command window here option.

    Command Prompt will open and the prompt will be preset to this folder.

    For example, on my computer, the file I wanted to create the checksum for was in the Downloads folder, so the prompt in the Command Prompt window reads C:\Users\Tim\Downloads> after following this step from the Downloads folder.

    Another way to open Command Prompt from the folder is by erasing everything from the location box at the top of the window and replacing it with cmd.

  4. Next we need to make sure we know the exact file name of the file you want FCIV to generate the checksum for. You may already know it but you should double-check to be sure.

    The easiest way to do this is to execute the dir command and then write down the full file name. Type the following in Command Prompt:

    
    

    That will generate a list of files in that folder. In this example, we want to create the checksum for a file called AA_v3.exe, so we'll write that down exactly.

  5. Now we can run one of the cryptographic hash functions supported by FCIV to create a checksum value for this file.

    Let's say that the website we downloaded the AA_v3.exe file from decided to published an SHA-1 hash to compare to. This means that we also want to create an SHA-1 checksum on our copy of the file.

    To do this, execute FCIV as follows:

    fciv AA_v3.ex
    
    Screenshot of the fciv command in Windows 10
    Running the fciv Command (Windows 10).

    Be sure you type the entire file name—don't forget the file extension!

    If you need to create an MD5 checksum, end the command with -md5 instead of -sha1.

    Did you get a "'fciv' is not recognized as an internal or external command..." message? Be sure you've placed the fciv.exe file in an appropriate folder as described in the tutorial linked to in Step 1 above.

  6. Continuing our example above, here's the result of using FCIV to create an SHA-1 checksum on our file:

    // // File Checksum Integrity Verifier version 2.05. // 5d7cb1a2ca7db04edf23dd3ed41125c8c8
    

    The number/letter sequence before the file name in the Command Prompt window is your checksum.

    Don't worry if it takes several seconds or longer to generate the checksum value, especially if you're trying to generate one on a very large file.

    You can save the checksum value produced by FCIV to a file by adding > filename.txt to the end of the command you executed in Step 5. See How to Redirect Command Output to a File if you need help.

  7. Now that you've generated a checksum value for your file, you need to see if it equals the checksum value the download source provided for comparison.

    If the checksums match, then great! You can now be completely certain that the file on your computer is an exact copy of the one being provided. It means that there were no errors during the download process and, as long as you're using a checksum provided by the original author or a very trusted source, you can also be sure that the file hasn't been altered for malicious purposes.

    If the checksums don't match, download the file again. If you're not downloading the file from the original source, do that instead. In no way should you install or use any file that didn't perfectly match the checksum provided!