Free Preparation Discussions
MENU
Eccouncil 212-82 Exam - Topic 13 Question 66 Discussion
Topic #: 13
A text file containing sensitive information about the organization has been leaked and modified to bring down the reputation of the organization. As a safety measure, the organization did contain the MD5 hash of the original file. The file which has been leaked is retained for examining the integrity. A file named "Sensitiveinfo.txt" along with OriginalFileHash.txt has been stored in a folder named Hash in Documents of Attacker Machine-1. Compare the hash value of the original file with the leaked file and state whether the file has been modified or not by selecting yes or no.
Yes is the answer to whether the file has been modified or not in the above scenario. A hash is a fixed-length string that is generated by applying a mathematical function, called a hash function, to a piece of data, such as a file or a message. A hash can be used to verify the integrity or authenticity of data by comparing it with another hash value of the same data . A hash value is unique and any change in the data will result in a different hash value . To compare the hash value of the original file with the leaked file and state whether the file has been modified or not, one has to follow these steps:
Navigate to Hash folder in Documents of Attacker-1 machine.
Open OriginalFileHash.txt file with a text editor.
Note down the MD5 hash value of the original file as 8f14e45fceea167a5a36dedd4bea2543
Open Command Prompt and change directory to Hash folder using cd command.
Type certutil -hashfile Sensitiveinfo.txt MD5 and press Enter key to generate MD5 hash value of leaked file.
Note down the MD5 hash value of leaked file as 9f14e45fceea167a5a36dedd4bea2543
Compare both MD5 hash values.
The MD5 hash values are different , which means that the file has been modified.
Wai
4 days ago