An alternate data stream (ADS) is a feature of Windows New Technology File System NTFS that contains metadata for locating a specific file by author or title.
Alternative Data Stream support was added to the NTFS file system(Windows NT,2000,XP,7,8) to help support Macintosh Hierarchical File System (HFS) which uses resource forks to store icons and other information for a file. While this is the intended use there are other uses that should concern system administrators and security professionals.
Using Alternative Data Streams can easily hide files that can go undetected unless close inspection is done on the file.
This is classed as Steganography as it embeds data within data that is hard to detect, note I wrote an article about using Steghide which uses images or audio files to encrypt data within them and protected using a password, you can read about that here
Creating AltDS Text File
Making an AltDS is fairly simple and doesn’t require any application to be installed, just a Microsoft Windows operating system with an NTFS filesystem. Drop to a elevated command line and execute the following after “C:>”
Create Plain Text File
C:>echo Plain Text For A Normal File > text.txt
Embed Data to Plain Text File
C:>echo Password.or.what.ever.you.want.to.embed > secret.txt C:>notepad text.txt:secret.txt
Note the size of text.txt did not increase in size
Don’t use this for critical data as backup software might not migrate the data when the copy occurs, also the data might not be recoverable should you try and recover data from a broken NTFS table.
Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.