Verify Data Integrity

Technical safeguards operating systems use to verify data.

OS Mechanisms

Windows: Windows Defender

macOS: Gatekeeper

Linux: Using Debian Linux as an example, apt-secure and debsig-verify

Some additional guidance and overview from Microsoft, which applies to any operating system:

• Prevent Malware Infection
• Exploits & Exploit Kits

In most cases, these detections are signature based and not behavioral (meaning based on the static 'fingerprint' of the file, not what the file does while running).

---

Manual Verification

The following resources each do a great job at showing and explaining how and why to verify signatures. This is essentially what's happening in the background with the mechanisms mentioned above, though the type of signature and exact tools used may differ.

• AWS CLI Installation
• Kali Linux Downloading Instructions
• KeePassXC Verifying Signatures

Essentially you're computing the signature of a downloaded file, and comparing it against a publicly known value provided by the source.

This uses SHA256 (Secure Hashing Algorithm).

Compute a file hash using PowerShell:

Get-FileHash .\example.file

Compute a file hash using bash:

sha256sum ./example.file

There will be times where file signatures are not always provided.

If it's a binary, or the file is publicly known, then check a public signature database like virustotal

Be sure you only submit hashes of data and not data itself to services like this, as anything you submit becomes public

• File hashes / signatures of known software are often public
• You cannot recreate the original file content from the hash value alone, hashing functions are a one-way computation

Be sure you only submit a domain name when checking links and not the full URL itself, as anything you submit becomes public

Status	Example
OK	example.com
BAD	example.com/confidential/link/to/financial/documents