Alternate Data Streams (ADS)

Alternate Data Streams (ADS) is a feature in the Windows operating system that allows data to be associated and hidden within files. An ADS can be used to store additional information about a file, such as metadata or comments, without changing the file itself.

Read ADS overview here.

ADS is a feature that was introduced in the NTFS file system used by Windows, and it allows users to attach a second data stream to a file, which is invisible to most applications and users. The ADS is named using a colon, for example, “myfile.txt:ads.txt”.

ADS Spyware?

ADS can be used for legitimate purposes, such as adding metadata to a file, but it can also be used for malicious purposes, such as hiding malware or other sensitive information within a file. As a result, ADS has been used in some types of cyberattacks, such as those involving stealthy data exfiltration or command-and-control communications.

To view and manage ADS, you can use the Windows command prompt or third-party tools such as ADS Spy or ADS Scanner. It is important to be aware of the existence of ADS and to take appropriate security measures to protect against malicious use of this feature.

Want To Learn More?

Related Terms

Getting Started with Komprise:

Contact | Data Assessment