How to Verify File Integrity in Windows With FCIV

Easy steps to verify a file with Microsoft FCIV

What to Know

  • Install FCIV. Find the folder with the file for which you want to create a checksum value.
  • Hold the Shift key while right-clicking empty space. Select Open command window here.
  • Type the exact file name and run a cryptographic hash function supported by FCIV.

This article explains how to verify file integrity in Windows using File Checksum Integrity Verifier (FCIV). The freely available program from Microsoft works on all commonly used versions of Windows.

How to Verify File Integrity in Windows With FCIV

Follow the easy steps below to verify a file's integrity with FCIV, a free checksum calculator:

  1. Download and "Install" File Checksum Integrity Verifier, often simply referred to as FCIV.

    FCIV is a command-line tool but don't let that scare you away. It's very easy to use, especially if you follow the tutorial outlined below.

    If you've followed the tutorial above in the past then you can skip this step. The remainder of these steps assumes that you've downloaded FCIV and placed it in the appropriate folder as described in the link above.

  2. Navigate to the folder that contains the file that you want to create the checksum value for.

  3. Once there, hold down the Shift key while right-clicking on any empty space in the folder. In the resulting menu, select Open command window here. Command Prompt will open and the prompt will be preset to this folder.

    For example, if the file is in Tim's Downloads folder, the prompt in the Command Prompt window would read C:\Users\Tim\Downloads> after following this step from the Downloads folder.

    Another way to open Command Prompt from the folder is by erasing everything from the location box at the top of the window and replacing it with cmd.

  4. Next we need to make sure we know the exact file name of the file you want FCIV to generate the checksum for. You may already know it, but you should double-check to be sure.

    The easiest way to do this is to execute the dir command and then write down the full file name. Type the following in Command Prompt:


    That will generate a list of files in that folder. In this example, we want to create the checksum for a file called AA_v3.exe, so we'll write that down exactly.

  5. Now we can run one of the cryptographic hash functions supported by FCIV to create a checksum value for this file.

    Let's say that the website we downloaded the file from decided to publish an SHA-1 hash to compare to. This means that we also want to create an SHA-1 checksum on our copy of the file.

    To do this, execute FCIV as follows:

    fciv AA_v3.exe -sha1
    Screenshot of the fciv command in Windows 10
    Running the fciv Command (Windows 10).

    Be sure you type the entire file name—don't forget the file extension!

    If you need to create an MD5 checksum, end the command with -md5 instead.

    Did you get a "'fciv' is not recognized as an internal or external command..." message? Be sure you've placed the file in an appropriate folder as described in the tutorial linked to in Step 1 above.

  6. Continuing our example above, here's the result of using FCIV to create an SHA-1 checksum on our file:

    // // File Checksum Integrity Verifier version 2.05. // 5d7cb1a2ca7db04edf23dd3ed41125c8c867b0ad aa_v3.exe

    The number/letter sequence before the file name in the Command Prompt window is your checksum.

    Don't worry if it takes several seconds or longer to generate the checksum value, especially if you're trying to generate one on a very large file. The process should take no more than 5 minutes in total.

    You can save the checksum value produced by FCIV to a file by adding > filename.txt to the end of the command you executed in Step 5. See How to Redirect Command Output to a File if you need help.

Do the Checksums Match?

Now that you've generated a checksum value, you need to see if it equals the checksum value the download source provided for comparison.

If they match, then great! You can now be completely certain that the file on your computer is an exact copy of the one being provided. It means that there were no errors during the download process and, as long as you're using a checksum provided by the original author or a very trusted source, you can also be sure that the file hasn't been altered for malicious purposes.

If the checksums don't match, download the file again. If you're not downloading the file from the original source, do that instead. In no way should you install or use any file that didn't perfectly match the checksum provided.

What Is a Checksum?

Fortunately, many websites offer a piece of data called a checksum that can be used to help verify that the file you end up with on your computer is exactly the same as the file they're providing.

A checksum, also called a hash or hash value, is produced by running a cryptographic hash function, usually MD5 or SHA-1, on a file. Comparing the checksum produced by running a hash function on your version of the file, with the one published by the download provider, can prove with near certainty that both files are identical.

Was this page helpful?