Digital forensics

Computer Forensics: Alternate Data Streams

April 12, 2011 by Keatron Evans

Alternate Data Streams are a way to store data on a machine that is not readily accessible to users. Using ADS, files are not easily accessible by Windows operating system and they do not show up in any file directory. Windows generates it’s own ADS files and most P2P software typically utilize ADS. In this video, one of the bonus labs from the InfoSec Institute Computer Forensics Online Training, we will examine Alternate Data Streams:

  • How to create them manually.
  • How to read them.
  • How to find them if you think they are on a system but are not sure where they might be.

We will also do a brief demonstration of ADS Spy, a tool specifically designed to locate Alternate Data Streams.   Hope this video helps, Keatron

Posted: April 12, 2011
Keatron Evans
View Profile

Keatron Evans is regularly engaged in training, consulting, penetration testing and incident response for government, Fortune 50 and small businesses. In addition to being the lead author of the best-selling book, Chained Exploits: Advanced Hacking Attacks from Start to Finish, you will see Keatron on major news outlets such as CNN, Fox News and others on a regular basis as a featured analyst concerning cybersecurity events and issues. For years, Keatron has worked regularly as both an employee and consultant for several intelligence community organizations on breaches and offensive cybersecurity and attack development. Keatron also provides world-class training for the top training organizations in the industry, including Infosec Skills live boot camps and on-demand training.