An alternate data stream (ADS) is a feature of Windows New Technology File System NTFS that contains metadata for locating a specific file by author or title.

Alternative Data Stream support was added to the NTFS file system(Windows NT,2000,XP,7,8) to help support Macintosh Hierarchical File System (HFS) which uses resource forks to store icons and other information for a file. While this is the intended use there are other uses that should concern system administrators and security professionals.

Using Alternative Data Streams can easily hide files that can go undetected unless close inspection is done on the file.

This is classed as Steganography as it embeds data within data that is hard to detect, note I wrote an article about using Steghide which uses images or audio files to encrypt data within them and protected using a password, you can read about that here

Creating AltDS Text File

Making an AltDS is fairly simple and doesn’t require any application to be installed, just a Microsoft Windows operating system with an NTFS filesystem. Drop to a elevated command line and execute the following after “C:>”

Create Plain Text File

C:>echo Plain Text For A Normal File > text.txt

Embed Data to Plain Text File

C:>echo Password.or.what.ever.you.want.to.embed > secret.txt
C:>notepad text.txt:secret.txt

Note the size of text.txt did not increase in size

Data Loss

Don’t use this for critical data as backup software might not migrate the data when the copy occurs, also the data might not be recoverable should you try and recover data from a broken NTFS table.

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.