Explain how file hash analysis works and why MD5, SHA-1, and SHA-256 hashes are important for SOC analysts. How would you use file hashes during an investigation?

Sample answer preview

A file hash is a fixed-length string generated by running a file through a cryptographic hashing algorithm. The hash acts as a unique fingerprint for that file. Even a single byte change in the file produces a completely different hash value.