NFTS data streams and data streams

NFTS data streams and data streams

NFTS data stream

NTFS exchange data stream (ADS) is a feature of the NTFS disk format. In the NTFS file system, each file can have multiple data streams, in other words, in addition to the main file stream, many non-main file streams can also be hosted in the main file stream. It uses resource derivation to maintain file-related information. Although we cannot see the data stream file, it actually exists in our system. The method for creating a data exchange stream file is simple. The command is "host file: Prepare the data stream file associated with the host file ".

Hiding files using NFTS data streams

1. Create a folder named MyTest under drive C. (It is best to create a new folder. Otherwise, it will be troublesome. For more information, see the following)

In this directory, create a new TXT file, test.txt. Write the data "this is test for ntfs .".

Right-click the attribute to view its 22-byte size, which occupies 4 kb of space.

2. Press win + r to start running and Enter cmd. Go to c: \ MyTest

Input: echo: This is data stream> test.txt: shujuliuwenjian.txt

Region.

3. Enter the dircommand in the window to see the created data flow file shujuliuwenjian.txt.

Check the directory c: \ mytestin the resource manager. You cannot see shujuliuwenjian.txt.

The size of test.txt is not changed.

Is it amazing? Shujuliuwenjian.txt is hidden.

Why did shujuliuwenjian.txt show its prototype?

4. follow me...

Enter notepad test.txt: shujuliuwenjian.txt in cmd.

In the notepad, you can see the data written into the data stream "this is the data stream ".

5. Next, the problem arises...

Delete shujuliuwenjian.txt from the shortcut menu?

If you have followed my advice to create a folder named MyTest, you can simply delete the folder.

What ?! What data stream files do you create directly in the root directory or system directory?

Well, you can only use tools to delete it. Click here to download the tool

This tool needs to be run in cmd

Enter stream.exe to view the running parameters.

The stream.exe-d data stream file directory used to delete a data stream File

6. You can also create a stream that does not depend on files.

For example, echo "This is data stream">: shujuliuwenjian2.txt.

View the content using notepad: shujuliuwenjian2.txt

In this way, the NFTS data stream is used to hide files.

Data Stream files are not limited to text files. Any files can be used as Data Stream files, including executable programs, images, and sounds.

Introduction to file streams on msdn:

Http://msdn.microsoft.com/library/aa364404.aspx

What Is NTFS data stream?

The NTFS partitioned data stream is a sub-file system that allows additional data to be connected to a special file. The current FAT file system format does not support the data stream format.
Simply put, a tag is added to a file in the NTFS partition format. The NTFS Stream Generated by Kaspersky is mainly generated after the first scan, when You Run Kaspersky scan again later, Kaspersky first detects the NTFS stream and skips the next file scan if it has not changed, which can shorten the scan time.
Select clear when uninstalling.

Why is the NTFS data stream file?

On this webpage (the point in the middle), you can have a detailed explanation of this data stream file!
Topic.csdn.net/t/20050403/22/3905586.html