Del via

Practical Guide to Alternative Data Streams in NTFS

  • Artikkel

Alternative Data Stream support was added to NTFS (Windows NT, Windows 2000 and Windows XP) to help support Macintosh Hierarchical File System (HFS) which uses resource forks to store icons and other information for a file. While this is the intended use (as well as a few Windows internal functions) there or other uses for Alternative Data Streams that should concern system administrators and security professionals. Using Alternative Data Streams a user can easily hide files that can go undetected unless closely inspection. This tutorial will give basic information on how to manipulate and detect Alternative Data Streams.

https://www.irongeek.com/i.php?page=security/altds

The bad story about this is, that most of the scan engines and removal tools will fail detecting malware "protected" in alternate streams.
Urs

Comments

  • Anonymous
    July 31, 2007
    The comment has been removed
  • Anonymous
    July 31, 2007
    The comment has been removed
  • Anonymous
    January 12, 2009
    Identity theft has brought great tensions to the corporate world causing many companieslosses each year. Everyone is scared of their personal information not leaked out tosome strangers. Not only offices but individuals at home should also purchase onefor safety.