NTFS Alternate Data Streams, a Guide For Beginner 2021

By Vijay KumarUncategorized
ntfs alternate data streams

NTFS Alternate Data Streams in Window

NTFS Alternate Data Streams in Window is a method where you can hide one file data into another file data. These is alternate data streams available only on the NTFS file system of window

 Scenario:  If you created a text file with the name firstfile.txt in notepad and write some matter inside the file. You can see what is written inside the file anytime. Now you create another file name secondfile.txt and you make some entries in this file. Is it possible to hide the second file matter into the first file. And if someone opens first file, should be unable to see hidden data into first file only first data should be visible. The answer is yes and it has happened with the NTFS stream. And you can see hidden matter when you want.

Create NTFS Alternate Data Streams

The NTFS file system provides applications the ability to create alternate data streams of information. By default, all data is stored in a file’s main unnamed data stream, but by using the syntax ‘file:stream’, you are able to read and write to alternates. Not all applications are written to access alternate streams, but you can demonstrate streams very simply. First, change to a directory on an NTFS drive from within a command prompt.

Next, open the terminal and type the following command

echo “This is data of first file > firstfile.txt

you have just created a file named firstfile.txt.

Next, run the following command to write stream.

echo “This is second data stream” > firstfile:scondfile

alternate data streams

You’ve just created a stream named ‘secondfile’ that is associated with the file ‘firstfile’. Note that when you look at the first file you will find only enter text when opened in any text editor. To see your hidden stream run the following command.

more < firstfile:secondfile

retreieving data from hidden file

Delete NTFS Alternate Data Streams from the file

NT does not come with any tools that let you see which NTFS files have streams associated with them,  and cant has deleted this stream. So you have need some extra software to download software https://technet.microsoft.com/en-us/sysinternals/bb897440.aspx

remove alternate data streams

Download software and extract zip file you will get an excutable file with stream.exe name run the following command to see hidden stream and delete stream

More detail: http://blogs.technet.com/b/askcore/archive/2013/03/24/alternate-data-streams-in-ntfs.aspx

MODULE 9:- Data Protection 

  1. How to encrypt files and folders by EFS Windows 10
  2. How to Enable bitlocker windows 10 encryption – Full Guide
  3. How to use VeraCrypt portable, Truecrypt replacement in windows 10
  4. Data, file, full disk and Hard drive encryption software Veracrypt
  5. NTFS Alternate Data Streams For Beginner
  6. Top 10 steganography tools for Windows 10

 

If you like our content, please consider buying us a coffee.
Thank you for your support!

BUY ME A COFEE

One thought on “NTFS Alternate Data Streams, a Guide For Beginner 2021

  1. I think you meant to write

    echo “This is data of first file” > firstfile.txt

    echo “This is second data stream” > firstfile.txt:secondfile

    more < firstfile.txt:secondfile

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *