Windows PowerShell is an immensely powerful tool and can be used for both good and evil, however we are going to focus on an Information Assurance application of PowerShell to verify a downloaded file from the Internet.

Why would we do this? So we can be sure that the file has maintained it's integrity from the source to your computer system. This allows us to check if the file has been tampered with along the way, or malicious replaced at the trusted vendor.

 

First we need to open the PowerShell command prompt in Windows. For most Windows systems this can be done from the context search start menu by clicking the Start button and typing 'PowerShell'.

From there we open the Windows PowerShell and we should see a command prompt type display (as below):

PowerShell Command Prompt

I have downloaded a copy of Kali Linux 2018 from a torrent I found online, but I need to know that the file is in fact legitimate and has not been tampered with. Kali.org tells me that this file needs to have a SHA256 value of ed88466834ceeba65f426235ec191fb3580f71d50364ac5131daec1bf976b317.

So here is the meaty bit of the PowerShell command:

Get-FileHash .\kali-linux-2018.1-amd64.iso | Format-List

This returns a result from the PowerShell Get-FileHash of:

Algorithm : SHA256
Hash : ED88466834CEEBA65F426235EC191FB3580F71D50364AC5131DAEC1BF976B317
Path : D:\ISOs\kali-linux-2018.1-amd64.iso

By using the Windows PowerShell extensions like this, you can avoid downloading external applications and introducing them into your network perimeter needlessly.