Understanding Alternate Data Streams


Authors: Chetan Giridhar, Rahul Verma

Did it ever cross your minds how you could create a file that is hidden and not visible on the hard disk even with ‘Show hidden files and folders’ option enabled? Add to that, what if this hidden file doesn’t consume any space on your system and you could write any amount of data into it? Cool! Isn’t it? But the question that would arise in our minds would be, “Is this possible?”.

The good news is Yes, it’s very much possible, with Alternate Data Stream concept of Windows NTFS Partition. This article discusses about the feature in detail along with its utilities and how this feature is used as an exploit by malware authors.

Read More…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s