Hashdeep: Advanced File Integrity Verification for Linux Users

There is a diversity of tools that can significantly help with the security aspects and general administration of the system. Among all these tools, we can recommend one that is used for the advanced integrity verification of the file. Hashdeep is a fantastic option in case you need file integrity checking or verification of the hashes.

In this guide, we will discuss what a Hashdeep is and some peculiarities of its installation, and usage. We will specifically discuss its functioning in the Linux environment.

Overview of hashdeep

Hashdeep is one of those great tools that is necessary for working with hashes of files. It can be used for the verification and comparison of the files created by MD5 or SHA-256-like functions. File hash also crown as cryptographic hash is a specific string of characters created by a mathematical algorithm.

A couple of the most frequent user cases for this tool are:

• Digital forensics. Checking the files’ integrity in the digital forensics sphere.
• Identifying the integrity of the file and whether it has not corrupted during a certain time period.
• Restoration. Guarantee that during the recovery process, the data is consistent.

Steps to Install hashdeep on Linux

Prior to the description of the most common user cases, let’s initially install Hashdeep on your system. Depending on the used distributive, the process might be slightly different for most users:

For Arch users, use the following command:

sudo pacman -S hashdeep

For the users of Mint/Debian/Ubuntu:

sudo apt install hashdeep

For FreeBSD:

sudo pkg install hashdeep

For Rocky, Fedora, RHEL, AlmaLinux, Rocky:

sudo yum install hashdeep

For Alpine:

sudo apk add hashdeep

For Gentoo:

sudo emerge -a sys-apps/hashdeep

For OpenSUSE:

sudo zypper install hashdeep

1. Computing File Hashes

Probably the most common user case for the tool is computing file hashes. This case be done the following way:

hashdeep -c sha1 yt.png

In the command, you should use:

• File name, in the command we specified yt.png, but you can use any needed.
• The hash algorithm, here we have used sha1, but you can also specify md5 or sha256.

2. Recursively Hashing Files in Directories

For hashing all the files in a directory, use the following line:

hashdeep -c sha1 -r /path/to/the/specific/directory

3. Storing Hash Outputs in Files

For the storage of the hash outputs, you will need the following command:

hashdeep -r ravi > hashes.txt
cat hashes.txt

4. Checking File Integrity with hashdeep

One of the most used commands in the hashdeep is for verifying file integrity. To have the right verification process, you need to have a list of known hashes and compare the current file as the following:

hashdeep -a -k list.txt -r /home/ravi/ravi

In this command, ravi is a directory against which the list.txt is verified.

5. Creating Multiple Hash Types Simultaneously

To mention more than one algorithm simultaneously and calculate several types of hashes, you can use the following command:

hashdeep -c md5,sha1,sha256 -r /path/to/the/necessary/directory

Final Thoughts

Hashdeep is a great tool for Linux users for digital forensics, checks of file integrity, and more. The major benefit of the tool is in the support for the various algorithms so that sys admins and employees working in security can perform their work much more effectively.