Presentation is loading. Please wait.

Presentation is loading. Please wait.

Caleb Walter. Created when Microsoft made the NTFS File system in NT 3.1 Made for Compatibility with HFS HFS uses Data Forks ; NTFS uses File Extensions.

Published byMelissa Manning Modified over 8 years ago

Similar presentations

Presentation on theme: "Caleb Walter. Created when Microsoft made the NTFS File system in NT 3.1 Made for Compatibility with HFS HFS uses Data Forks ; NTFS uses File Extensions."— Presentation transcript:

1 Caleb Walter

2 Created when Microsoft made the NTFS File system in NT 3.1 Made for Compatibility with HFS HFS uses Data Forks ; NTFS uses File Extensions Many Applications use ADS to store Attributes about files Summary Files for Text are Prime Example

3 Can be used to pass on files attached secretly to others Not well Known to public Generally Hidden from All Users Not very many AVs can detect them accurately They can store any size and type of file Compromised / Corrupted Executable for Example

4 ADS can be created in multiple ways Creating an ADS in a File Hard Drive space goes down, File Size does not

5 First Command creates a File and appends some text to it Second command confirms that file has correct contents Third command creates a file inside of that file and has Notepad open it If ADS is successful Notepad will open a BLANK notepad file.

6 You can also create an ADS within an Entire Directory Easier Access to ADS Files as exact navigation isn’t needed

7 First Command Creates a Directory with C:\ Second Command navigates to said new Directory Third Command writes some text to a file that will be saved Fourth Command opens the File within NotePad All Contents should be Visible

8 Hiding Text is fun and all, but the real power comes in Hiding Executables Executables can be both hidden in and remotely executed inside an ADS Perfect Malware Hiding Spot

9 First Command creates the file that will have the ADS created Second Command inserts NotePad executable inside the file Third Command makes sure that only text appears when the file is opened Fourth Command confirms that while Notepad was put into the file, the reported file size remains the same

10 There are multiple programs that can be used to find ADS within Windows These programs tend to be standalone and either use CMD or a GUI to find ADS

11 ADS Spy is a Handy Tool that can scan for ADS within any level of the Windows operating system (Files, Folders, Directory, Drives) It can also calculate MD5 Checksum for all scanned Files to check for Integrity It can also delete the Alternate Data Streams without deleting the basefile

12 Select which Scanning width you desire Quick Scan only Scans the C:\Windows folder Full Scan scans all recorded NTFS Drives on the system Scan Only has you select a specific folder to scan

13 Scan Results are shown in the File Box on the bottom of GUI If ADS are detected you can now choose to remove them using the “Remove Selected Streams Button” Creating MD5 Checksum will also show within this box for every ADS Detected

14

15 HiJackThis is an award winning tool that can scan and detect the contents of the Windows Registry and Hard Drives Can Save Log Files and submit then for Online Analysis Includes Other Tools StartupList Ads Spy HOST File Manager

16 On Main Screen navigate to Misc Tools and select ADS Spy This is where you will also find all the other handy HiJackThis Tools; NT Service HOSTS Manager, etc There are multiple Similar Options here to use Quick Scan Ignore safe System File Calculate MD5

17

18 Results from any scan will show in Data Box Multiple Options for dealing with new found files Save Log to submit for Online Expert Analysis Remove Selected to remove selected streams

19 Hiding Executables inside files for Remote Execution Later Hiding Videos for transport inside a file

20 http://www.irongeek.com/i.php?page=security/altdsh ttp://www.forensicfocus.com/dissecting-ntfs-hidden- streams http://www.irongeek.com/i.php?page=security/altdsh ttp://www.forensicfocus.com/dissecting-ntfs-hidden- streams http://www.bleepingcomputer.com/tutorials/windows -alternate-data-streams/ http://www.bleepingcomputer.com/tutorials/windows -alternate-data-streams/

Download ppt "Caleb Walter. Created when Microsoft made the NTFS File system in NT 3.1 Made for Compatibility with HFS HFS uses Data Forks ; NTFS uses File Extensions."

Similar presentations

BRIDGE COURSE of INFORMATION & COMMUNICATION TECHNOLOGY

BRIDGE COURSE of INFORMATION & COMMUNICATION TECHNOLOGY
Microsoft Office 2007-Illustrated Introductory, Windows Vista Edition Windows XP Unit A.

Microsoft Office 2007-Illustrated Introductory, Windows Vista Edition Windows XP Unit A.
How to import and edit video clips in Windows Movie Maker

How to import and edit video clips in Windows Movie Maker
UNIT 12 LO4 BE ABLE TO CREATE WEBSITES Cambridge Technicals.

UNIT 12 LO4 BE ABLE TO CREATE WEBSITES Cambridge Technicals.
Microsoft Office 2007 Access Chapter 3 Maintaining a Database.

Microsoft Office 2007 Access Chapter 3 Maintaining a Database.
CPIT 102 CPIT 102 CHAPTER 1 COLLABORATING on DOCUMENTS.

CPIT 102 CPIT 102 CHAPTER 1 COLLABORATING on DOCUMENTS.
1 CA202 Spreadsheet Application Combining Data from Multiple Sources Lecture # 6.

1 CA202 Spreadsheet Application Combining Data from Multiple Sources Lecture # 6.
Windows XP Basics OVERVIEW Next.

Windows XP Basics OVERVIEW Next.
Creating a Form on a Web Page

Creating a Form on a Web Page
1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.

Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
The sequence of folders to a file or folder is called a(n) ________.

The sequence of folders to a file or folder is called a(n) ________.
5.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
WebCT CE-6 Assignment Tool. Assignment Tool and Assignment Drop Box Use “Assignment” button under Course Tools (your must be in “Build” mode) to: –Modify.

WebCT CE-6 Assignment Tool. Assignment Tool and Assignment Drop Box Use “Assignment” button under Course Tools (your must be in “Build” mode) to: –Modify.
Creating Tables in a Web Site Using an External Style Sheet HTML5 & CSS 7 th Edition.

Creating Tables in a Web Site Using an External Style Sheet HTML5 & CSS 7 th Edition.
Access Tutorial 3 Maintaining and Querying a Database

Access Tutorial 3 Maintaining and Querying a Database
Access Lesson 4 Creating and Modifying Forms

Access Lesson 4 Creating and Modifying Forms
Hearth Bulk Email System Divisional Secretaries’ Briefing 2012.

Hearth Bulk System Divisional Secretaries’ Briefing 2012.
Using Microsoft Outlook: E-mail Basics. Objectives Guided Tour of Outlook –Identification –Views E-mail Basics –Contacts –Folders –Web Access Q&A.

Using Microsoft Outlook: Basics. Objectives Guided Tour of Outlook –Identification –Views Basics –Contacts –Folders –Web Access Q&A.

Similar presentations

Ads by Google