NTFS Alternate Data Streams in Window
NTFS Alternate Data Streams in Window is a method where you can hide one file data into another file data. These is alternate data streams available only on the NTFS file system of window
Scenario: If you created a text file with the name firstfile.txt in notepad and write some matter inside the file. You can see what is written inside the file anytime. Now you create another file name secondfile.txt and you make some entries in this file. Is it possible to hide the second file matter into the first file. And if someone opens first file, should be unable to see hidden data into first file only first data should be visible. The answer is yes and it has happened with the NTFS stream. And you can see hidden matter when you want.
Create NTFS Alternate Data Streams
The NTFS file system provides applications the ability to create alternate data streams of information. By default, all data is stored in a file’s main unnamed data stream, but by using the syntax ‘file:stream’, you are able to read and write to alternates. Not all applications are written to access alternate streams, but you can demonstrate streams very simply. First, change to a directory on an NTFS drive from within a command prompt.
Next, open the terminal and type the following command
echo “This is data of first file > firstfile.txt
you have just created a file named firstfile.txt.
Next, run the following command to write stream.
echo “This is second data stream” > firstfile:scondfile
You’ve just created a stream named ‘secondfile’ that is associated with the file ‘firstfile’. Note that when you look at the first file you will find only enter text when opened in any text editor. To see your hidden stream run the following command.
more < firstfile:secondfile
Delete NTFS Alternate Data Streams from the file
NT does not come with any tools that let you see which NTFS files have streams associated with them, and cant has deleted this stream. So you have need some extra software to download software https://technet.microsoft.com/en-us/sysinternals/bb897440.aspx
Download software and extract zip file you will get an excutable file with stream.exe name run the following command to see hidden stream and delete stream
More detail: http://blogs.technet.com/b/askcore/archive/2013/03/24/alternate-data-streams-in-ntfs.aspx
MODULE 9:- Data Protection
- How to encrypt files and folders by EFS Windows 10
- How to Enable bitlocker windows 10 encryption – Full Guide
- How to use VeraCrypt portable, Truecrypt replacement in windows 10
- Data, file, full disk and Hard drive encryption software Veracrypt
- NTFS Alternate Data Streams For Beginner
- Top 10 steganography tools for Windows 10
I think you meant to write
echo “This is data of first file” > firstfile.txt
echo “This is second data stream” > firstfile.txt:secondfile
more < firstfile.txt:secondfile