Read the original article: NTFS File Streams – What Are They?
NTFS file streams, also known as alternate data streams (ADS), are part of every file, as well as directories (folders), in a Windows NTFS volume. NTFS files and folders are comprised of attributes one of which is $Data. The content we normally associate with a file such as the text in a .txt file or the executable code in a .exe file is stored in the ‘default’ $Data attribute or ‘stream’. The name string of this default attribute is empty…
The post NTFS File Streams – What Are They? appeared first on Insider Threat Security Blog.
Read the original article: NTFS File Streams – What Are They?