How to Verify File Integrity in Windows With FCIV

This article explains how to verify file integrity in Windows using File Checksum Integrity Verifier (FCIV). The freely available program from Microsoft works on all commonly used versions of Windows.

How to Verify File Integrity in Windows With FCIV

Follow the easy steps below to verify a file's integrity with FCIV, a free checksum calculator:

1. Download and "install" File Checksum Integrity Verifier, often simply referred to as FCIV.

   FCIV is a command-line tool, but don't let that scare you away. It's very easy to use, especially if you follow the tutorial outlined below.

   If you've followed the tutorial above in the past, then you can skip this step. The remainder of these steps assumes you've downloaded FCIV and placed it in the appropriate folder as described in the link above.

2. Navigate to the folder that contains the file that you want to create the checksum value for.

3. Once there, hold down the Shift key while right-clicking on any empty space in the folder.

   In the resulting menu, select Open in Terminal (Windows 11) or Open command window here. Command Prompt will open, and the prompt will be preset to this folder.

   For example, if the file is in the Pictures folder of the user jonfi, the prompt in the Command Prompt window would read C:\Users\jonfi\Pictures> after following this step from the Downloads folder.

   Another way to open Command Prompt from the folder is by erasing everything from the location box at the top of the window and replacing it with cmd.

4. Next, we need to make sure we know the exact name of the file you want FCIV to generate the checksum for. You may already know it, but you should double-check to be sure.

   The easiest way to do this is to execute the dir command and then write down the full file name.

   Enter dir into Command Prompt to generate a list of files in that folder. In this example, we want to create the checksum for a file called amy.jpg, so we'll write that down exactly.

5. Now we can run one of the cryptographic hash functions supported by FCIV to create a checksum value for this file.

   Let's say that the website we downloaded the file from decided to publish an SHA-1 hash to compare to. This means that we also want to create an SHA-1 checksum on our copy of the file.

   To do this, execute FCIV as follows:
   

   fciv amy.jpg -sha1
   

   Be sure you type the entire file name—don't forget the file extension!

   If you need to create an MD5 checksum, end the command with -md5 instead.

   Did you get a "'fciv' is not recognized as an internal or external command..." message? Be sure you've placed the file in an appropriate folder as described in the tutorial linked to in Step 1 above.

6. Continuing our example above, here's the result of using FCIV to create an SHA-1 checksum on our file:
   

   //
   // File Checksum Integrity Verifier version 2.05.
   //
   990a24141b146789abeb9feb55e4c40699e0769e amy.jpg
   

   The number/letter sequence before the file name in the Command Prompt window is your checksum.

   Don't worry if it takes several seconds or longer to generate the checksum value, especially if you're trying to generate one on a very large file. The process should take no more than 5 minutes in total.

   How to Redirect Command Output to a File

Do the Checksums Match?

Now that you've generated the checksum value, you need to see if it equals the value the download source provided for comparison.

If they match, then great! You can now be completely certain that the file on your computer is an exact copy of the one being provided. It means that there were no errors during the download process and, as long as you're using a checksum provided by the original author or a very trusted source, you can also be sure that the file hasn't been altered for malicious purposes.

If the checksums don't match, download the file again. If you're not downloading the file from the original source, do that instead. In no way should you install or use any file that didn't perfectly match the checksum provided.

What Is a Checksum?

Fortunately, many websites offer a piece of data called a checksum that can be used to help verify that the file you end up with on your computer is exactly the same as the file they're providing.

A checksum, also called a hash or hash value, is produced by running a cryptographic hash function, usually MD5 or SHA-1, on a file. Comparing the checksum produced by running a hash function on your version of the file, with the one published by the download provider, can prove with near certainty that both files are identical.