AlternateStreamView is a free, lightweight utility by NirSoft that allows Windows users to find, view, and extract hidden data stored within Alternate Data Streams (ADS) on NTFS drives. What Are Alternate Data Streams (ADS)?
The NT File System (NTFS) uses Alternate Data Streams to store metadata alongside a file’s primary content. For example, when you download a file from the internet, Windows attaches a hidden “Zone.Identifier” stream to mark it as potentially unsafe.
While ADS is a legitimate system feature, it can also be exploited. Because standard tools like Windows Explorer or the standard command prompt command dir do not display these streams, malicious actors can use them to hide unauthorized code, scripts, or large files directly inside a benign file without changing its apparent size. Key Features of AlternateStreamView
Deep Scanning: Scans entire drives, specific folders, or subfolders for hidden streams.
Stream Management: Allows users to view stream content, export data, or delete unwanted streams.
Execution Prevention: Helps system administrators locate and remove hidden executable binaries.
Portable Software: Runs instantly from an executable file without requiring a system installation. How to Use AlternateStreamView
Download and Launch: Download the zip file from the official NirSoft website, extract it, and run AlternateStreamView.exe as an Administrator.
Configure the Scan: A “Scan Options” window will appear. Select the target drive or folder you want to inspect.
Analyze Results: The tool displays a list of all detected streams, showing the associated file name, stream name, stream size, and full file path.
Take Action: Right-click on any detected entry to export the hidden content to a text file, open it, or permanently delete the stream from your drive. Conclusion
AlternateStreamView is an essential tool for system administrators, forensic analysts, and tech-savvy users who want complete visibility over their storage. By uncovering hidden data streams, the utility ensures that nothing remains buried or unnoticed on your Windows file system. If you want to dive deeper into this tool, Explain the command-line arguments for automating scans.
Provide a guide on how to manually create and find ADS using PowerShell.
Leave a Reply