Alternate Data Streams are a way to store data on a machine that is not readily accessible to users. Using ADS, files are not easily accessible by Windows operating system and they do not show up in any file directory. Windows generates it’s own ADS files and most P2P software typically utilize ADS.

In this video, one of the bonus labs from the InfoSec Institute Computer Forensics Online Training, we will examine Alternate Data Streams:

  • How to create them manually.
  • How to read them.
  • How to find them if you think they are on a system but are not sure where they might be.

We will also do a brief demonstration of ADS Spy, a tool specifically designed to locate Alternate Data Streams.

 

Hope this video helps,
Keatron