Abstract and introduction

PowerShell File Checksum Integrity Verifier (PsFCIV) is a enhanced PowerShell version of legacy Microsoft FCIV.exe tool. Native tool description can be found in the following article: KB841290. Since original tool wasn’t developed for more than 5 years and there are needs to improve it’s functionality, I decided to write my own implementation of the tool by using native PowerShell code.

The main purpose of PsFCIV is to track your files integrity status by calculating cryptographic hashes over a file (or files) and writing them into FCIV-compatible XML database. You can verify whether files were changed since last check run. PsFCIV can be useful for rarely-changed files (for example, installation packages or installation images), backups  and archives that should not be changed. Additionally you can use PsFCIV to verify your files after they were moved over WAN links. Often some files become corrupted after this copy process and you can use this tool to determine which files were corrupted.

Features

The following features are included in PsFCIV 2.0:

Main logic

PsFCIV is database-based utility and it uses FCIV-compatible XML database file to keep all required information about a file:

PsFCIV provides various cryptographic hashing algorithm support: MD5, SHA1, SHA256, SHA384 and SHA512. You can calculate multiple hashes over the same file and write all of them to XML database. When you run the command first time, it creates XML database file for specified folder or folders. When you specify existing XML database, the command performs file checksum verification process as follows:

  1. PsFCIV attempts to find a file for each record in database;
  2. Once the file is found, file size and last modification timestamp are compared between real file values and values stored in the XML database;
  3. If real file size or modification timestamp do not match to corresponding values in XML database, then the file is marked as bad. No hashes are verified.
    Note: when you move or copy file to another location, it's LastWriteTime property is not changed.
  4. If file size and last modification timestamp matches to corresponding values in XML database, PsFCIV calculates a hash over a file and verifies it’s value against a known good value in the XML database.
  5. If the file hash value comparison succeeds, the file is marked as good and PsFCIV switches to a next entry in XML database.

Useful examples

Here are few useful examples you can use:

Checks all files in C:\tmp folder by using SHA1 hash algorithm.

Checks all files in C:\tmp folder and subfolders by using SHA1, SHA256 and SHA512 algorithms

Checks only InstallPackage.msi file in C:\tmp folder by using SHA512 hash algorithm.

Rebuilds DB file, by removing all unused entries (when an entry exists, but the file does not exist) from the XML file and add all new files that has no records in the XML file using SHA1 algorithm. Existing files are not checked for integrity consistence.

Checks all files in C:\tmp folder using SHA256 algorithm and renames files with Length, LastWriteTime or hash mismatch by adding .BAD extension to them. The 'Delete' action can be appended to delete all bad files.

Checks all files in C:\tmp folder using SHA1 algorithm and shows filenames that match Ok or Bad category.

Performs file hash calculation and passes output objects to a pipeline without using XML database.

Feedback

If you found bugs, have suggestions or questions, you are welcome in Q&A section.

Revision history

03.04.2013: fixed "Include" parameter handler.

17.11.2013: fixed missing "Dispose" method on crypto provider class, fixed time zone issue and performance improvement.

12.12.2013: fixed minor bugs, several code paths moved to a C# wrapper for performance reasons.