Hide sensitive files with Alternate Data Streams

Scott dunn By Scott Dunn

Almost every small business and individual PC user has some sensitive or private files to keep away from prying eyes.

If you’re running a modern version of Windows, you can use a little-known feature called Alternate Data Streams to hide your confidential files inside other files or folders.

What the heck are Alternate Data Streams?

For many years, a feature called Alternate Data Streams (ADS) has been supported by drives formatted as NTFS (Microsoft’s so-called New Technology File System, which is typical of Windows NT, 2000, XP, and later).

Using NTFS, which is an improvement over the older FAT-32 file system, data can be stored in a separate “fork” or “stream” of any file or folder. This makes Windows more compatible with Mac operating system files (which consist of a resource fork and a data fork). The separate stream can also be used to store other things, such as information you can enter on the Summary tab of some files’ Properties dialog boxes.

When data is stored in an NTFS stream, it is essentially invisible to Windows Explorer, text searches, and most of Windows’ other routine file functions. For example, you can store a 5MB .zip file inside the stream of a 1K text file. When you do, Windows Explorer still displays the size of the text file as just 1K!

Because streams are such an effective hiding place, some malware may try to hide in the NTFS stream of an otherwise innocent-looking file. Fortunately for honest Windows users, the “stream” portion of a file is lost during browser and FTP downloads. This means that streams aren’t typically used by malware to distribute itself, but to hide files within streams only after the malware has already infected your system.

This article is part of our premium content. Join Now.

Already a paid subscriber? Click here to login.

= Paid content

All Windows Secrets articles posted on 2007-12-06: