PowerShell Get-FileHash
last modified February 15, 2025
In this article, we will cover the Get-FileHash cmdlet in
PowerShell. This cmdlet computes cryptographic hash values for files.
Hash basics
A hash is a fixed-size string generated by a hash algorithm. It uniquely represents file contents. Common hash algorithms include SHA1, SHA256, and MD5. Hashes are used to verify file integrity and detect changes.
Basic Get-FileHash usage
The simplest way to use Get-FileHash is with just a file path.
It defaults to SHA256 algorithm. The output includes the hash and algorithm
used. This is useful for quick file verification.
Get-FileHash -Path "C:\Windows\explorer.exe"
This command calculates the SHA256 hash of explorer.exe. The output shows the hash value, algorithm, and file path.
Specifying hash algorithm
You can specify different hash algorithms using the -Algorithm parameter. Supported algorithms include SHA1, SHA256, SHA384, SHA512, and MD5. Each algorithm produces different hash lengths.
Get-FileHash -Path "C:\Windows\explorer.exe" -Algorithm SHA512
This command calculates the SHA512 hash of explorer.exe. SHA512 produces a longer hash than SHA256 for enhanced security.
PS C:\> .\hash2.ps1 Algorithm Hash Path --------- ---- ---- SHA512 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855... C:\Windows\explorer.exe
Hashing multiple files
You can hash multiple files by using wildcards or piping file objects. This is useful for batch processing. The output shows each file's hash separately. You can verify multiple files at once.
Get-ChildItem -Path "C:\Windows\*.exe" | Get-FileHash -Algorithm MD5
This command calculates MD5 hashes for all .exe files in C:\Windows. Each file's hash is displayed in the output.
Comparing file hashes
You can compare file hashes to verify integrity. Store the original hash and compare with newly calculated one. Matching hashes indicate unchanged files. Different hashes mean the file was modified.
$originalHash = "A94A8FE5CCB19BA61C4C0873D391E987982FBBD3" $currentHash = (Get-FileHash -Path "file.txt" -Algorithm SHA1).Hash $originalHash -eq $currentHash
This script compares a stored SHA1 hash with current file hash. It returns True if hashes match, False otherwise.
Stream input for hashing
You can hash data from streams instead of files. Use the -InputStream parameter with a stream object. This is useful for hashing dynamic data. The process is similar to file hashing.
$data = [System.Text.Encoding]::UTF8.GetBytes("Hello World")
$stream = [System.IO.MemoryStream]::new($data)
Get-FileHash -InputStream $stream -Algorithm SHA256
This command hashes the string "Hello World" as a stream. The output shows the SHA256 hash of the input data.
Hashing with progress display
For large files, you can show progress during hashing. Use the -Verbose parameter to display progress information. This helps monitor long-running operations. The hash calculation continues in background.
Get-FileHash -Path "largefile.iso" -Algorithm SHA256 -Verbose
This command hashes a large file while showing progress. The verbose output indicates the ongoing operation status.
Exporting hash results
You can export hash results to files for documentation. Use standard output redirection or Export-Csv cmdlet. This creates permanent records of file hashes. Useful for security audits.
Get-FileHash -Path "important.dll" | Export-Csv -Path "hashes.csv" -NoTypeInformation
This command saves the hash of important.dll to a CSV file. The output file can be used for future verification.
Source
In this article, we have covered the Get-FileHash cmdlet in PowerShell.
Author
List all PowerShell tutorials.