Computer Forensics: Alternate Data Streams

1

Keatron Evans April 12, 2011 Forensics

Alternate Data Streams are a way to store data on a machine that is not readily accessible to users. Using ADS, files are not easily accessible by Windows operating system and they do not show up in any file directory. Windows generates it’s own ADS files and most P2P software typically utilize ADS.

In this video, one of the bonus labs from the InfoSec Institute Computer Forensics Online Training, we will examine Alternate Data Streams:

How to create them manually.
How to read them.
How to find them if you think they are on a system but are not sure where they might be.

We will also do a brief demonstration of ADS Spy, a tool specifically designed to locate Alternate Data Streams.

Hope this video helps,
Keatron

Incoming search terms:

computer-forensics forensics

About the Author

Keatron, one of the two lead authors of "Chained Exploits: Advanced Hacking Attacks From Start to Finish", is a Senior Instructor and Training Services Director at InfoSec Institute. Keatron is regularly engaged in training and consulting for members of the United States intelligence community, military, and federal law enforcement agencies. Keatron specializes in penetration testing and digital forensics. In addition to training, Keatron serves as Senior Security Researcher and Principle of Blink Digital Security which performs penetration tests and forensics for government and corporations.

Related Posts

One Comment

Meko April 12, 2011 at 3:37 pm - Reply

Nice video. Perhaps you could posts a ‘safe’ link to ADS Spy as well.

Leave A Response

Click here to cancel reply.

Back to Top Copyright © 2012 - InfoSec Institute