1. Tripwire is a tool that detects when files have been altered by regularly recalculating hashes of them and storing the hashes in a secure location. The product triggers when changes to the files have been detected. By using cryptographic hashes, tripwire is often able to detect subtle changes. Contrast: The simplistic form of tripwire is to check file size and last modification time. However, programs that change files (like viruses) will often keep these the same. On the other hand, keeping complete backups would require too much space. Therefore, cryptographic hashes are used. Contrast: The cryptographic hash calculated from the file is often known as a "fingerprint" or "signature". However, these terms have completely different meanings in other areas of security, so some people just say "hash" or "checksum". History: The original tool was published in 1992 for Unix. The company Tripwire Inc. was formed in 1998. Point: Reasons why files change: Replace common system programs with duplicates contains backdoors. Change configuration files to allow intruder back into the system. Alter system logfiles in order to cover tracks. Alter data files (such as financial records or school grades). From Hacking-Lexicon