File Checksum Integrity Verification using fciv.exe

The Microsoft built tool named the ‘File Checksum Integrity Verifier version 2.05‘ can be used to get the hash of an MS-Access database (or for that matter, any file). This is probably one of the best way to obtain the hash on windows platforms because this utility comes from Microsoft, the developer of the Windows Operating System. The file size of the fciv.exe is small, just 84 KB and easy to use.

fciv-1

The fciv.exe is able to find the md5 of the new Microsoft Access Database by using the -md5 flag.

Hashing is the generation of a digital fingerprint that is useful to identify files and to detect any changes made to files. The hash value will change if even a single bit changes. If the hashes of two files are the same, they are considered to be exact duplicates. If you take hashes of a file over time, you can detect if a file changed by noting any changes in the hash value. A limitation of hashes is that they do not explain what changes are made, nor do they suggest how extensive a change was made. They only indicate that some change was made, great or small, it makes no difference.

Interestingly, if the file name or file extension is changed the hash value does not change.  I can take a file and make a copy of it; the hash will remain the same. It does not change because the contents of the file have not changed. So, the hash calculation is not determined by the name of the file, any change to the name is ignored when the hash is taken.

fciv-2

You can recursively determine the hashes in folders by using the -r switch for example if the location was the H: drive use the following command: fciv.exe H:\ -r -md5

In the above example I copied the same database to a subfolder in the same directory. Note how the hash is the same even though I renamed the file name. The fciv.exe tool is useful for these kinds of problems. It also handles getting the hashes of many files in folders at one time.  You can recursively determine the hashes in folders by using the -r switch as shown below.

fciv.exe H:\ -r -md5

In the above example, it correctly identifies two duplicate files. They are easily identified because they have the exact same hash value. Some people refer to the hash value as the check sum. Regardless of what you call it, checksum or hash, if the value matches it means the files are almost certainly an exact duplicate. There is a tiny possibility that two different files have the same hash, however it is so unlikely , it is practically a certain match.

In the above example, it correctly identifies two duplicate files. They are easily identified because they have the exact same hash value. Some people refer to the hash value as the check sum. Regardless of what you call it, checksum or hash, if the value matches it means the files are almost certainly an exact duplicate. There is a tiny possibility that two different files have the same hash, however it is so unlikely , it is practically a certain match.

fciv-err.txt opened in notepad showing HashAndStore and access is denied errors.

fciv-err.txt opened in notepad showing HashAndStore and access is denied errors.

If you get any errors they are logged to a fciv.err fle. In this case I got “Error msg  : The process cannot access the file because it is being used by another process.”  The problem came about because it was attempting to access a system folder that was being used by the operating system that normally is ignored. In my example I am running it from a USB drive. Because the OS was using it, it logged ‘access is denied’.

HashAndStore –> h:\fciv.err :

Error msg  : The process cannot access the file because it is being used by another process.

Error code : 20

The other error you might get is:

HashAndStore –> h:\fciv.err :

Error msg  : The process cannot access the file because it is being used by another process.

Error code : 20

That error message can be caused if they fciv.err file is created and used in the same directory where you are getting the hashes. What happens is you are trying to get a hash on the log file that is creaed by the fciv.exe program. You can avoid the error by running the fciv.exe from some other location. If I run the fciv.exe from another drive where the program is not looking for hashes, it should avoid the error.

I created another folder on my c drive named fciv-test, moved the fciv.exe to that folder. Using the command prompt, I changed directory to point to the c:\fciv-test folder and ran the following:

fciv.exe H:\ -r -exc H:\exceptions.txt -md5

That command line code means I am running it from c:\fciv-test but pointing to the H:\ drive. That did the trick and the fciv.err is generated on a different disk location and avoiding errors.

As shown above the command line used in the console is automatically logged by the fciv program in the fciv.err text file. The previous errors are avoided and no others show up in the fciv.err file.

So, what is the significance of this? Well, what is cool about this little tool is it can add a layer of security to your process because it will detect changes to hashes. Not only can you find files that are duplicates, you can also discover if files have changed by noticing any changes to the hash values.

This might be useful in cases where the administrator has kept thousands of files, and you want to track changes and reduce duplication. But how do you manage a list of hashes that could contain thousands. Well, you can keep a database. This tool will create an xml formatted ‘database’  using the -xml db.xml where db.xml is the xml file you want as your ‘database’.  As an example, if you run the command: fciv.exe H:\ -r -exc exceptions.txt -sha1 -xml dbsha.xml  a ‘database’ of SHA1 hashes is generated.

Now, there are ways of getting xml to a relational database. You can do it with SQL server for example using some build in T-SQL. To get it into an MS-ACCESS database is easier as shown below. Just use the menu in ‘External Data’ and choose XML file.

ac_xml_file

Import XML data using the MS-Access ‘External Data’ tab, select ‘XML file, Import XML file’.

ac_import_xml

Importing hashes in the form of xml data into MS-Access.

ac_imported_xml_FILE_ENTRY_table

MS Access imported xml file from the dbsha.xml file created by the Microsoft Checksum Integrity Verifier utility.

At this point I can see the beginnings of an application to find and detect duplicates or to alert when files change.  There are tools out that may do the same thing however I think its more interesting and educational to build your own solutions. As we see here, the free File Checksum Integrity Verifier tool can be used and if combined with the power of MS-Access  it would be possible to create a customized database driven solution to use hashes to find duplicates or detect file changes.