Alternate Data Stream Manager (ADS Manager) is a simple, straightforward, and most importantly free utility for accessing and modifying so-called “alternate data streams” within any given file. This functionality is a little-known feature of the NTFS file system that allows one file to contain more than one stream of data. This allows your files to contain “hidden” data that will be invisible to other applications.
What are its uses?
ADS Manager allows you to open any file in a NTFS filesystem, and manage its alternate data streams, including creating, deleting, modifying, and renaming them. The program also allows you to search directories for files that have alternate data streams.
The following are some situations when you might want to access alternate data streams:
- You want to store “hidden” data along with a certain file. If a file that contains alternate data streams is opened in a normal editor, only the “primary” stream will be seen, and none of the alternate streams will show up. Even the Property pages for the file will not mention the alternate streams.
- You want to check whether a certain file contains alternate data streams. A particularly dangerous use of alternate streams is for distribution of rootkits and other malware. A file that appears innocuous can actually have alternate streams that contain very dangerous executable code. ADSManager can help you detect and analyze such files.
- You’re simply curious about some of the inner workings of NTFS, and want to see how alternate data streams are used in ordinary Windows files, not necessarily files infected with malware.
If you’re familiar with the concept of NTFS alternate data streams, then the controls in ADS Manager should be intuitive enough to use. Just in case, however, here are some step-by-step instructions for several basic procedures:
Adding an alternate stream to a regular file: Start the program. Drag-and-drop the file to which you want to add an alternate stream (or browse for it). Click the “New” button and give the new stream a name. Select the new stream, and click the “Load” button. Select the file whose contents will be written to the new stream. Voilà!
Removing an alternate stream from a file: Start the program. Drag-and-drop the file from which you want to remove an alternate stream (or browse for the file). Select the stream you want to remove. Click the “Delete” button. Done!
Searching for files that have alternate streams: Start the program. Click the “Search” tab. Select the directory to search by clicking the “…” button. Click the “Search” button. As the search proceeds, the results should start appearing in the “Search results” list. Double-click one of the files in the search results to view its alternate streams!
The functionality of Alternate Data Streams works only with NTFS file systems. If you add alternate streams to a file, and then copy the file to a partition that is not NTFS, the alternate streams will be lost.
Have you found it useful?
…or at least interesting? Then e-mail me a comment or a suggestion. Or, better yet, consider making a donation so I can continue to develop free, quality software, and keep it that way!