When a system is compromised an attacker will often alter certain key files to provide continued access and prevent detection. By applying a message digest (cryptographic hash) to key files and then checking the files periodically to ensure the hash hasn’t altered a degree of assurance is maintained. On detecting a change an alert will be triggered. Furthermore, following an attack the same files can have their integrity checked to assess the extent of the compromise.