In the good old days it was md5sum, now it's FCIV.EXE - A good tool for host security
Michael Howard mentions he has found the File Checksum Integrity Verifier:
http://blogs.msdn.com/michael_howard/archive/2005/05/12/416741.aspx
You can find it too, on
http://support.microsoft.com/default.aspx?scid=kb;en-us;841290
This little tool is awesome, and I was also unaware of it.
In fact, in the unix world is quite common to calculate hashes of *everything* on a machine (usually md5 hashes, but it doesn't matter which kind) to keep on a CD or floppy just in case the machine has been compromised. This way the machine is "prepared" for an incident.
In the HoneyNet Project's challenges, this has often been the key (see http://www.honeynet.org/scans/scan29/ for example) to figuring out what happened.
There are some implementations of the md5sum command on windows on the Net, but still this method of operating is not very widespread and known to the "average" admin....
In fact I had been looking for such a thing in the past years, and I had not figured out it was available on windows now.
It would be very cool if we started including this kind of things in the OS, and not just as an extra tool to be downloaded, IMHO, but that's not really up to me to decide.
But I think it is very important to point people to it, to start off with!
