- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Alternate Data Streams: Out of the Shadows and into the Light
- Abstract
- Alternate Data Streams: Out of the Shadows and into the Light examines alternate data streams in NTFS. It provides a thorough technical background in alternate streams before proceeding to compare them to regular files and directories. There is then a study of several techniques by which alternate data streams can be exploited by malicious users. The paper then examines software from Microsoft and third-party vendors, evaluating each application's effectiveness in finding and manipulating alternate data streams. Finally, the paper presents a set of Windows shell extensions designed to make alternate stream information an integral part of the operating system and eliminate a loophole that malicious users can use to hide alternate data streams from current scanners.