Understanding Alternate Data Streams

Authors: Chetan Giridhar, Rahul Verma

Did it ever cross your minds how you could create a file that is hidden and not visible on the hard disk even with ‘Show hidden files and folders’ option enabled? Add to that, what if this hidden file doesn’t consume any space on your system and you could write any amount of data into it? Cool! Isn’t it? But the question that would arise in our minds would be, “Is this possible?”.

The good news is Yes, it’s very much possible, with Alternate Data Stream concept of Windows NTFS Partition. This article discusses about the feature in detail along with its utilities and how this feature is used as an exploit by malware authors.

Read More…

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.