Alternate data streams (ADS) are a feature of Microsoft's Windows NTFS file system that can be used to add data to existing files, for instance text to a text file that does not become visible if the original file is opened in a text editor.
The hidden nature of alternate data streams has made them attractive for malicious use among other things.
Attacks may hide malicious code in alternate data streams to make them harder to detect by the user of the operating system and security software.
Streamarmor is an easy to use software program for the Windows operating system that scans the content of a hard drive for alternate data streams.
You may select a root directory for the scan, and have Streamarmor scan all files in the directory and subdirectories automatically.
The program checks each file for alternate data streams, and reports hits in its interface. The program has been designed to detect the actual file type rather than go by file extension for a variety of important file types. This ensures that the right file type is detected for these files.
You may furthermore configure the program to ignore known streams and streams with zero size to speed up the time it takes to scan and analyze.
While that is useful in itself, the rating it applies to each file makes it even more so. Streams are rated as dangerous, suspicious, or needs analysis for instance, so that it is easy enough to concentrate efforts on those first.
A snapshot of the data stream as well as additional information is displayed in the interface as well. You may sort the listing based on various parameters including name, threat level or content type.
Streamarmor uses the three online services Virus Total, Threat Expert and Malware Hash to scan streams found by the program. Just select one of the discovered streams in the program interface and hit the "check online" button to do that. Virustotal is selected by default, but you may activate the two other services in the program options.
Another useful option provided by StreamArmor is the ability to execute a stream in virtual environments directly from the program interface.
The alternate data streams can also be viewed completely or saved to a file on the local system. An export option allows you to save the report of the discovered streams as a html file.
Streamarmor is an excellent software to scan a computer system for alternate data streams. The integration of online threat scanners makes the program easy to work with. The tool is available for 32-bit and 64-bit editions of the Windows operating system.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.