Alternate Data Streams (ADS) Scan Engine is a tool which scans for, detect, display, remove and export Alternate Data Streams. ADS are invisible for Windows Explorer and most file browser and can be a security risk.

Information about ADS:

A popular method used in Windows Systems is the use of Alternate Data Streams (ADS). A relatively unknown compatibility feature of NTFS, ADS is the ability to fork file data into existing files without affecting their functionality, size, or display to traditional
file browsing utilities like dir or Windows Explorer. Found in all version of NTFS, ADS capabilities where originally conceived to allow for compatibility with the Macintosh Hierarchical File System, HFS; where file information is sometimes forked into separate  resources. Alternate Data Streams have come to be used legitimately by a variety of programs, including native Windows operating system to store file information such as attributes and temporary storage.

Alarmingly, files with an ADS are almost impossible to detect using native file browsing techniques like command line or windows explorer. In our example, the file size of calc.exe will show as the original size of 90k regardless of the size of the ADS anyfile.exe. The only indication that the file was changed is the modification time stamp, which can be relatively innocuous.

Once injected, the ADS can be executed by using traditional commands like type, or start or be scripted inside typical scripting languages like VB or Perl. When launched, the ADS executable will appear to run as the original file – looking undetectable to process viewers like Windows Task Manager. Using this method, it is not only possible to hide a file, but to also hide the execution of an illegitimate process.

Unfortunately, it is virtually impossible to natively protect your system against ADS hidden files if you use NTFS. The use of Alternate Data Streams is not a feature that can be disabled and currently there is no way to limit this capability against files that the user already has access to.

adsengine1

adsengine2 adsengine3

Compatible to Windows 2000/2008/XP (32/64), Vista (32/64), 7 (32/64)

ADS Scan Engine comes in 2 editions:
- The FREE Lite Edition (function limited), see Downloads
- The Full Pro Edition (with support and updates)

Please note: The FREE Lite Edition can scan and show the content of ADS, but cannot remove them. To remove ADS, please upgrade to the Pro Edition.

Buy now for only $11 (for a limited period of time only).