The program divides the information into four panes and a header area that provides access to a quick partition browser and program help. The other panes are displaying the directory structure, the files and folders in the currently active directory including the amount of streams of each file and folder, detailed information about each stream and a hex viewer that is displaying the contents of each stream.

The default stream is the one that gets executed when the user (double-)clicks on the file. The main advantage of Stream Explorer is that it displays all information in one window.

Related posts

• Hide Information in Files (0)
• Remove Ntfs Timestamps to speed up Vista (7)
• NTFS Alternate Data Streams (3)
• Zoom It (4)
• Zip Repair (3)

Basically anything can be added to an existing file (and directory) which brings up an interesting method of hiding important data on the system. Say you want to keep your passwords on the computer but do not want to use a text document to have them in the open. Using Alternate Data Streams to hide them from prying eyes could be a relative secure method of storing the password list on the computer.

They are detectable if the right software is being used. Windows Vista users can also use the dir *.txt /R which is further explained at Bart De Smet’s on-line blog.

To add textual information to any file in Windows you could use the command notepad filename:name for example notepad image.jpg:secret. This would open up Notepad and a blank text file at the first run. Any text that is added and saved during that session will the shown if the user opens the text document with the same command at a later time.

Executable files or other binary files can be added with the type command like this: type c:\text.exe > hello.txt:text.exe which can be executed with the start command start .\hello.txt:text.exe.

Related posts

• Stream Explorer (0)
• Windows XP exFAT File System Driver (21)
• Surun beats all Sudo like applications in Windows (5)
• Still running Fat32 ? Time to convert to NTFS (3)
• Remove Ntfs Timestamps to speed up Vista (7)

Creating NTFS Alternate Data Streams is not complicated at all. You can use the “type” command to do that. To fork the file virus.exe into calc.exe you would use the command type virus.exe > calc.exe:virus:exe if they are in the same directory. Add the path if they are not. The size of the calculator does not change, the only indicator is that the file changed stamp is altered.

But executing those files must be harder, right ? Wrong again. To execute virus.exe you use the command “start”, in our example it would be start calc.exe:virus:exe.

A software like Stream Explorer can find those NTFS Alternate Data Streams on your hard drive. An alternative is List Alternate Data Streams

Related posts

• Stream Explorer (0)
• Introduction to new phishing techniques (0)
• Hide Information in Files (0)
• Windows XP exFAT File System Driver (21)
• Which Programs Should I Run To Scan A Computer For Malicious Software? (13)