Testing software and files to check if they’ve been tampered with. By performing an integrity check, system administrators can find whether someone had unauthorized access to the system.
Automated integrity checkers can determine whether files and packets were changed or altered by examining them. However, they can’t detect whether the changes were authorized (performed by the administrator) or malicious (done by malicious software). Checkers only flag the changes they notice — it’s up to a person to actually check them and determine for themselves.
Integrity checkers create a baseline first by turning clean files into numbers or hash functions and saving them in their memory. Every time an integrity check is performed, the checker compares the hash functions and checksums of the files against the baseline data. If they do not match, the file is flagged as changed.