Alternate data streams - the hidden file feature you didn’t know about
How many of you are aware that it is quite easy to hide a second file, even a program, inside another file in any Windows XP or Vista system that uses NTFS? NTFS has pretty much replaced FAT as the file system for most PCs, unless you are running Windows 98/Me, and it has a little-known feature called “Alternate Data Streams” (ADS). This feature is what the technical types call a “fork” or an additional data set associated with a file. For one thing ADS can be used to store some of the metadata that you can see when looking at the properties sheet for a file. Another use is labeling a downloaded file to indicate the Internet Zone from which it was downloaded. However, for the most part, the ADS and their data are hidden. The information is not available to many Windows functions. It isn’t listed in Windows Explorer, its size isn’t added to the listed file size, it isn’t listed by a normal “dir” command. To learn more about ADS and how to find and manage them go to this article at my education site.
This post was triggered by an article at Windows Secrets
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.