Practical Guide to Alternative Data Streams in NTFS

Alternative Data Stream support was added to NTFS (Windows NT, Windows 2000 and Windows XP) to help support Macintosh Hierarchical File System (HFS) which uses resource forks to store icons and other information for a file. While this is the intended use (as well as a few Windows internal functions) there or other uses for Alternative Data Streams that should concern system administrators and security professionals. Using Alternative Data Streams a user can easily hide files that can go undetected unless closely inspection. This tutorial will give basic information on how to manipulate and detect Alternative Data Streams.

The bad story about this is, that most of the scan engines and removal tools will fail detecting malware "protected" in alternate streams.

Comments (3)

  1. Industrial Shredders says:

    Identity theft has brought great tensions to the corporate world causing many companieslosses each year. Everyone is scared of their personal information not leaked out tosome strangers. Not only offices but individuals at home should also purchase onefor safety.

Skip to main content