Digital Signature

Digital Signature Verification

Why It Matters

  • Ensures that applications are from trusted sources.

  • Detects tampering or unauthorized modifications.

  • Helps prevent malicious or unsigned applications from executing.

Tools & Commands for Signature Verification

1. Sysinternals Sigcheck

Verify a Single File:

sigcheck.exe -a -h target.exe

Batch Verification of a Directory:

sigcheck.exe -a -h -s "C:\Program Files\Target\"

Export Detailed Results:

sigcheck.exe -a -h -c target.exe > signature_report.csv

2. Signature Analysis Checklist

Use these criteria to evaluate the validity of the signature:

Check

Description

Valid Certificate Chain

Verify the certificate authority (CA) is trusted.

Certificate Expiration

Confirm the certificate is still valid (not expired).

Code Integrity

Ensure the binary has not been modified since signing.

Publisher Information

Validate the software publisher’s identity.

Timestamp Verification

Confirm the signing timestamp is valid and not backdated.

3. PowerShell Signature Verification

Get Signature Info:

Verify Certificate Chain:

View Certificate Details:

Best Practices for Digital Signature Validation

  • Always verify the certificate chain is trusted and issued by a reputable CA.

  • Check the timestamp to ensure the signature was valid at signing time.

  • Confirm the application has not been altered since signing.

  • Maintain an updated list of trusted root CAs.

  • Use tools like Sigcheck and PowerShell consistently during audits.

PreviousMemory & Registry AnalysisNextAutomated Analysis Tools

Last updated