A MD5 hash generation program is reporting that the hash values do not match the source installation when an image is taken using the -IR switch and restored to another computer. This would indicate that there was a difference in the two operating systems. Does this mean that there was file corruption when the image was restored?

The reports indicate only one file is different. This is the Windows\System32\Config\SYSTEM file. This file is the HKLMSYSTEM registry hive file.

This is a system file which was thought to be corrupted by Ghost, however what was thought to be ‘corruption’ is actually an ‘update’ done by Ghost. The \Windows\System32\Config\SYSTEM file is changed when using the –IR switch. The System file is associated with the HKLM\SYSTEM registry hive file.  Ghost only updates the System file with needed information.  This information could be as little as a Date and Time stamp or as much as configuration changes applied post restore, like driver retargeting depending upon what other Tasks are involved during the restore. 

 Ghost updates the registry for the configurations changes which are applied post restore and driver retargeting.

Ghost loads the system hive to read the information stored in it, and even if it does not make any change to it, once the hive is unmounted the SYSTEM file on the disk will have a different time stamp. The MD5 hash generation application used may consider the time stamps to generate the hashes.  Such applications usually have an option to turn off the time stamp consideration while calculating hashes.

 As long as the Ghost CRC checks are fine you should not have to worry about this hash report.