±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 0 Overall: 36583
New Yesterday: 6 Visitors: 154

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Alternate Data Streams related cases

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2 


Re: Alternate Data Streams related cases

Post Posted: Feb 25, 09 19:25

- forenz
Hi, i'm writing a paper on ADSes and was wondering if anyone could point me to documentation that contains details of cases that have involved these in the past - malware, stolen documents for example.

Not going to reveal case specifics, but one malware case I worked involved the collection of data prior to archiving and exfiltration by using ADS. Each file to be exfiltrated was copied as an ADS to a single folder, those streams RAR'd, and the RAR transmitted out.  


Re: Alternate Data Streams related cases

Post Posted: Mar 01, 09 14:54


Page 2 of 2
Page Previous  1, 2