Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Week-4: Anti Forencis Techniques: Lab-1: Data & Message Integrity

Learning Objectives

  • Contextualise the implementation of integrity over an asset.
  • Understand the characteristics of a cryptographic hash function.

Setup

  1. Start the Kali Linux virtual machine. If you don't have one you can
    1. (Recommadnded)You can find a VM in your Cyberlab folder, or
    2. You can download kali vm from here then deploy. Login credentials:
    • Username: kali
    • Password: kali

NOTE: The best way to carry out this lab by openning it in the Kali VM, simpley open a browser in your VM and paste the following link

Activity 1: Generating a Hash (Digital Fingerprint) from Text

A unique hash (digital fingerprint) can be calculated for a sequence of characters using:

echo -n your_characters | hash_function

Where:

  • your_characters = input string to be hashed
  • hash_function = chosen cryptographic hash function

Example 1: Using SHA-256

echo -n dragon | sha256sum

Output:

a9c43be948c5cabd56ef2bacffb77cdaa5eec49dd5eb0cc4129cf3eda5f0e74c

This hash will always be identical when using sha256 on the same input.

Example 2: Using MD5

echo -n dragon | md5sum

Output:

8621ffdbc5698829397d97767ac13db3

Again, the hash is consistent when using md5 on the same input.

Note: Cryptographic hash functions are sensitive to case, punctuation, and spacing.
Examples such as dragon, Dragon, dragon. and dragon will all produce different hashes.

Task

  1. Modify the command to calculate a hash for the word dragons using sha256.
    Enter your answer here:

  2. Confirm the hash by visiting:

Activity 2: Generating a Hash from Files

A hash can also be generated for files using:

hash_function filename.ext

Example

  1. Navigate to your home directory and create a file named test.txt.
  2. Open test.txt and type: 
    cat
  3. Save and close the file.
  4. In the terminal, run: 
    sha256sum test.txt
    Output: 
    175cc6f362b2f75acd08a373e000144fdb8d14a833d4b70fd743f16a7039103f

This value will always be the same as long as the file remains unchanged.

  1. Edit test.txt and replace the text with: 
    From where you are, you can hear their dreams.
  2. Save the file.
  3. Generate the hash again and enter your new hash here:
  4. Confirm your hash using the online tool above.

Activity 3: Investigating Message Integrity

Question:
Do WhatsApp and other messaging applications maintain the integrity of images sent between users?

A cryptographic hash function can be used to verify this.

Tools

You may use any messaging app (e.g. WhatsApp, Telegram, Messenger, WeChat, Signal, etc.)

Steps

Step 1: Prepare Your Images

  1. Find two images online:
    • One .png file
    • One .jpg file
  2. Save both in a folder called send.

Step 2: Generate Hashes

  1. Use the sha256sum command to create hashes for each image.
  2. Save both hashes into a file called sendhash.txt.
  3. Save this file in the send folder.

Step 3: Transfer Images to Your Mobile Device

  1. Email the images to yourself (e.g. Gmail).
  2. From your phone, open the email and download both images.

Step 4: Send the Images

Send each image separately using your chosen messaging app:

  • One message for the .png
  • One message for the .jpg

Step 5: Receive and Save Images

  1. Once you’ve received both images, transfer them to your workstation.
  2. Save them in a folder called received.

Step 6: Verify Integrity

  1. Generate a sha256 hash for each received image.
  2. Save the hashes into a file called received.txt.
  3. Compare sendhash.txt and received.txt.

If the hashes are different, the messaging app has modified the image, meaning integrity is not preserved.

Activity 4: Investigating Image Integrity with Steghide

Steps

  1. On your Kali VM, open a terminal:

    sudo apt-get install steghide

  2. Download an image (e.g. .jpg) and save it in your Documents directory.

  3. Navigate to that directory:

    cd ~/Documents

  4. Identify the MD5 hash of your image:

    md5sum image.jpg

    Enter hash value here:

  5. Create a secret file:

    nano secret.txt

  6. Type a short secret message, then:

    • Press Ctrl + X
    • Press Y
    • Press Enter

  7. Embed the secret message in your image:

    steghide embed -ef secret.txt -cf image.jpg

    Add a password (stego key) when prompted.

  8. Generate a new MD5 hash for the image:

    md5sum image.jpg

    Enter new hash value here:

Can you see a difference in hash values?
If yes, the image was altered when the message was embedded.

  1. Extract the secret message: 
    steghide extract -sf image.jpg

Optional Self-Study: Password Salting

“A salt is a unique, randomly generated string added to each password before hashing.”

OWASP Password Storage Cheat Sheet

Reading:

- McAfee: What Is a Salt and How Does It Make Password Hashing More Secure?

Copyright © 2026 • Created by Ali Jaddoa

Page last updated: Monday 09 February 2026 @ 09:24:42 | Commit: 998e092