Hidden files using Alternative Data Streams - this is what the cops look for

Hidden files and Alternative Data Streams in Windows - what are the Digital Forensics and Incident Response (DFIR) implications?

♥️ SUBSCRIBE for more videos: https://www.youtube.com/bluemonkey4n6...


Difficulty Level: Intermediate
Prerequisites: basic understanding of Windows Command Prompt.
Prerequisites: basic understanding of PowerShell.

In this video, we will look at hidden files and folders within Windows and the implications from a Digital Forensics and Incident Response standpoint.


Video timeline
00:00 intro
00:40 What is a hidden file?
01:30 Hidden System Files
02:42 Secret Files - Alternate Data Streams (ADS)
04:13 ADS access with the command prompt (dir /r)
05:36 ADS access with the command prompt (filename:stream_name)
07:46 How do you create Alternate Data Streams?
12:52 ADS access with PowerShell (get-item -stream)
15:04 ADS access with PowerShell (get-content -stream)
15:32 ADS access with PowerShell (set-content -stream)
16:25 ADS access with PowerShell (clear-content -stream)
17:00 ADS access with PowerShell (remove-item -stream)
17:25 ADS access with PowerShell (unblock-file)
18:22 ADS using FTK Imager


⭕️ For other videos about the Windows forensic tools, watch this series:    • Windows Forensics Tools  

Icons made by freepik from @flaticon http://www.flaticon.com/authors/freepik

Icons made by Smashicons from @flaticon http://www.flaticon.com/authors/smash...

Video (optical mouse) by Coverr-Free-Footage from Pixabay
Video (hands ) by mephala1980 from Pixabay
Video (wireless keyboard and mouse) by Coverr-Free-Footage from Pixabay
Video (mac keyboard) by Vimeo-Free-Videos from Pixabay

DISCLAIMER: Links in this video description might be affiliate links. If you purchase a product or service using one of these links, I may receive a small commission at no additional cost to you. Thank you!

#DFIR #windowshacks #alternatedatastreams