---------- Forwarded message ---------- Date: Thu, 19 Mar 1998 12:09:13 +0000 From: Charles White <charliewat_private> Reply-To: c.whiteat_private To: NTBUGTRAQat_private Subject: NTFS Alternate Data Streams NTFS Alternate Data Streams --------------------------- The existence of NTFS Alternate Data Streams and their potential for misuse has recently been publicised in various NT related newsgroups and mailing lists. These streams can be used to hide the existence of data of any size and type (eg confidential data, pornographic images, etc) which may be damaging to your organization. Legitimate uses of streams have also been included in recent editions of some UK PC magazines. The current problem with streams is that many Windows NT users (including administrators) are not aware that streams exist and even if they know of them have no simply method of detecting them. Microsoft does not provide tools for reporting what streams exist ! MARCH Information Systems has developed a command line utility which solves the problem of hidden data by checking a machine for the existence of non-default streams (a 'data' and 'security descriptor' stream exists on every NTFS file and directory). The utility searches an NTFS disc locating and reporting the size and, more importantly, the name of every alternate data stream detected. If desired it will even report the sizes of the standard streams. The FREE utility, together with a paper giving further details of the threats posed by streams, can be download from http://www.march.co.uk Regards, Charles White | Tel: +44 (0)118 930 4224 March Information Systems Ltd., | Fax: +44 (0)118 930 5802 14 Brewery Court, High Street, Theale, | Berkshire, England, RG7 5AJ | Email: c.whiteat_private <Security Manager & EventLog Manager - NT & UNIX Security solutions>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:46:30 PDT