The IT Law Wiki


Integrity checking is

[t]he testing of programs to verify the soundness of a software product at each phase of development.[1]


Integrity checking tools can detect whether any critical system files have been changed, thus enabling the system administrator to look for unauthorized alteration of the system.

Integrity checkers examine stored files or network packets to determine if they have been altered or changed. They can only flag a change as suspicious; they cannot determine if the change is a genuine virus infection.

These checkers are based on checksums — a simple mathematical operation that turns an entire file or a message into a number. More complex hash functions that result in a fixed string of encrypted data are also used. The integrity checking process begins with the creation of a baseline, where checksums or hashes for clean data are computed and saved. Each time the integrity checker is run, it again makes a checksum or hash computation and compares the result with the stored value.