File-integrity monitoring, or FIM, is a security control that watches important files and alerts when they change in an unexpected way. It typically records baseline hashes, timestamps, permissions, and file contents, then compares later activity against that trusted state. If a system file, configuration file, or script is altered without approval, FIM can flag it quickly.
In cyber security, FIM matters because many attacks depend on changing files quietly. Ransomware may encrypt documents, replace notes, or modify startup scripts; attackers may also tamper with logs, web pages, or configuration files to hide access or persist. Defenders use FIM to detect these changes early, validate system integrity after an incident, and support forensic investigation. It is most effective on high-value assets such as servers, domain controllers, and critical application paths, especially when alerts are tuned to ignore normal maintenance activity.