File Integrity Monitoring Tool

    File Integrity Monitoring Tool for Windows and Linux

    FolderManifest is a file integrity monitoring tool for teams that need proof, not a green checkmark. Baseline any folder with SHA-256 checksums, re-scan on schedule, and export a shareable HTML report of every change.

    Free for 7 days · No credit card · Runs locally

    4.9/5from 19+ reviews on G2, SourceForge & Slashdot

    Checksum-level change detection

    SHA-256 hashes catch byte-level edits that filenames, sizes, and dates miss entirely.

    Baselines you can re-scan over time

    Capture a trusted baseline once, then verify the same folder after every patch, migration, or incident.

    Evidence auditors can read

    Export an interactive HTML report that compliance, audit, and security teams can open without installing anything.

    Verify Folder Integrity With Checksums

    Read the hands-on guide to building a SHA-256 baseline for any folder and re-verifying it on schedule. A practical walkthrough for FIM without an enterprise SIEM.

    Read the Integrity Guide

    Frequently Asked Questions

    What is a file integrity monitoring tool?

    A file integrity monitoring (FIM) tool records a cryptographic baseline of files in a folder and flags any change the next time you scan. FolderManifest is a FIM tool that uses SHA-256 checksums to detect added, modified, and deleted files locally on Windows and Linux.

    How does FolderManifest work as a FIM tool?

    On the first run, FolderManifest writes a SHA-256 manifest for every file in the target folder. On every later run, it recomputes the hashes, compares them to the baseline, and reports exactly which files changed. The result is a diff plus an interactive HTML report you can hand to an auditor.

    Is file integrity monitoring required for compliance?

    Yes for several frameworks. PCI DSS 10.5, SOC 2 CC7, and ISO 27001 A.12 all call for file integrity monitoring on critical systems. FolderManifest produces the checksum evidence those controls expect without the overhead of an enterprise SIEM deployment.

    Why does a FIM tool need SHA-256?

    Filename, size, and modified date can all be spoofed or unchanged after a silent edit. SHA-256 is a one-way hash of the file contents, so any byte-level change produces a completely different hash. That is what lets FolderManifest prove a file is byte-for-byte identical to the trusted baseline.

    Can a file integrity monitoring tool run offline?

    Yes. FolderManifest runs locally on your Windows or Linux machine, so private, client-owned, or regulated folders never leave your computer. The desktop app and the CLI both work without an internet connection after install, and the CLI can be scheduled by cron or Task Scheduler.

    Stop assuming your files are safe. Start monitoring them.

    Download FolderManifest and turn your next folder scan into integrity evidence you can share.

    Baseline My Folder Free for 7 Days
    4.9/5from 19+ reviews on G2, SourceForge & Slashdot

    Free for 7 days · No credit card · Runs locally