Caleb Walter. Created when Microsoft made the NTFS File system in NT 3.1 Made for Compatibility with HFS HFS uses Data Forks ; NTFS uses File Extensions.

Slides:



Advertisements
Similar presentations
BRIDGE COURSE of INFORMATION & COMMUNICATION TECHNOLOGY
Advertisements

Microsoft Office 2007-Illustrated Introductory, Windows Vista Edition Windows XP Unit A.
How to import and edit video clips in Windows Movie Maker
UNIT 12 LO4 BE ABLE TO CREATE WEBSITES Cambridge Technicals.
Microsoft Office 2007 Access Chapter 3 Maintaining a Database.
CPIT 102 CPIT 102 CHAPTER 1 COLLABORATING on DOCUMENTS.
1 CA202 Spreadsheet Application Combining Data from Multiple Sources Lecture # 6.
Windows XP Basics OVERVIEW Next.
Creating a Form on a Web Page
1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
The sequence of folders to a file or folder is called a(n) ________.
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
WebCT CE-6 Assignment Tool. Assignment Tool and Assignment Drop Box Use “Assignment” button under Course Tools (your must be in “Build” mode) to: –Modify.
Creating Tables in a Web Site Using an External Style Sheet HTML5 & CSS 7 th Edition.
Access Tutorial 3 Maintaining and Querying a Database
Access Lesson 4 Creating and Modifying Forms
Hearth Bulk System Divisional Secretaries’ Briefing 2012.
Using Microsoft Outlook: Basics. Objectives Guided Tour of Outlook –Identification –Views Basics –Contacts –Folders –Web Access Q&A.
1 Access Lesson 1 Microsoft Access Basics Microsoft Office 2010 Introductory Pasewark & Pasewark.
Microsoft Office Illustrated Fundamentals Unit B: Understanding File Management.
OPERATION SYSTEM (WINDOWS) VIRUS REMOVAL. COMPUTER VIRUS - Type of malware that, when executed, replicates by inserting copies of itself (possibly modified)
XP New Perspectives on Microsoft Access 2002 Tutorial 41 Microsoft Access 2002 Tutorial 4 – Creating Forms and Reports.
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
XP New Perspectives on Introducing Microsoft Office XP Tutorial 1 1 Introducing Microsoft Office XP Tutorial 1.
1 Access Lesson 1 Microsoft Access Basics Microsoft Office 2010 Introductory.
1 Lesson 6 Exploring Microsoft Office 2007 Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.
Installing the SAFARIODBC.EXE For use with Excel May 3, 2002.
Working with a Database
1 CA201 Word Application Increasing Efficiency Week # 13 By Tariq Ibn Aziz Dammam Community college.
Microsoft ® Word 2010 Core Skills Lesson 1: Getting Started Courseware #: 3240 Microsoft Office Word 2010.
Chapter 1 Databases and Database Objects: An Introduction
Batch File Basics Automate repetitive computer processes Friday, March 12, 2014 Presented by Thomas Redd, STS, Granite School District.
Chapter 6 Generating Form Letters, Mailing Labels, and a Directory
Interfacing with Computer ADE100- Computer Literacy Lecture 05.
With Windows 7 Introductory© 2011 Pearson Education, Inc. Publishing as Prentice Hall1 Windows 7 Introductory Chapter 2 Managing Libraries Folders, Files.
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 23 Shared Folders 1.
Word Lesson 17 Customizing Settings Microsoft Office 2010 Advanced Cable / Morrison 1.
Installing and Using Active Directory Written by Marc Zacharko.
Fall 2005 Using FrontPage to Enhance Blackboard - Darek Sady1 Using FrontPage to Enhance Blackboard 1.Introduction 2.Starting FrontPage 3.Creating Documents.
HTML Concepts and Techniques Fourth Edition Project 7 Creating a Form on a Web Page.
Windows XP: Continue Files and Folders. Files & Directories n We store programs and data on secondary storage devices using a file system. n These are.
Microsoft Office 2007 Access Chapter 6 Using Macros, Switchboards, PivotTables, and PivotCharts.
XP New Perspectives on Microsoft Access 2002 Tutorial 1 1 Microsoft Access 2002 Tutorial 1 – Introduction To Microsoft Access 2002.
Lesson 11: Looking at Files and Folders what a file or folder is on the computer how to recognize a file or folder on the desktop how to recognize the.
Click your mouse to continue. The Office Shortcut Bar The Office Shortcut Bar contains program buttons that, when clicked, start new documents or start.
CMPF124: Basics Skills for Knowledge Workers Manipulating Windows GUI.
Lesson 3: Changing the Appearance of Worksheets. 2 Learning Objectives After studying this lesson, you will be able to:  Change the view of an Excel.
Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.
Hyper-V Recovery Software Ideal Application to Get Data from VHD v2.1.
1 Lesson 9 Windows Management Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.
1. Using word you can create the document and edit them later, as and when required,by adding more text, modifying the existing text, deleting/moving.
Fundamentals of Windows Mouse n 4 Basic Operations: –Pointing –Clicking –Double Clicking –Dragging.
Lesson 9: SOFTWARE ICT Fundamentals 2nd Semester SY
Lesson 11 Exploring Microsoft Office 2007
Word Lesson 1 Microsoft Word Basics
Word Lesson 1 Word Basics
Using Macros, Switchboards, PivotTables, and PivotCharts
Maintaining a Database
Microsoft Windows 7 - Illustrated
Understanding File Management
CS3015 Beacon Module 4 Messenger & Setting Preferences
Microsoft Excel 2007 – Level 1
Multi-host Internet Access Portal (MIAP) Enhancement Guide
Lesson 9 Windows Management
Windows Tutorial 7 Managing Multimedia Files
Microsoft Office Illustrated Fundamentals
Using Microsoft Outlook: Outlook Support Number
Access Lesson 1 Microsoft Access Basics
Presentation transcript:

Caleb Walter

Created when Microsoft made the NTFS File system in NT 3.1 Made for Compatibility with HFS HFS uses Data Forks ; NTFS uses File Extensions Many Applications use ADS to store Attributes about files Summary Files for Text are Prime Example

Can be used to pass on files attached secretly to others Not well Known to public Generally Hidden from All Users Not very many AVs can detect them accurately They can store any size and type of file Compromised / Corrupted Executable for Example

ADS can be created in multiple ways Creating an ADS in a File Hard Drive space goes down, File Size does not

First Command creates a File and appends some text to it Second command confirms that file has correct contents Third command creates a file inside of that file and has Notepad open it If ADS is successful Notepad will open a BLANK notepad file.

You can also create an ADS within an Entire Directory Easier Access to ADS Files as exact navigation isn’t needed

First Command Creates a Directory with C:\ Second Command navigates to said new Directory Third Command writes some text to a file that will be saved Fourth Command opens the File within NotePad All Contents should be Visible

Hiding Text is fun and all, but the real power comes in Hiding Executables Executables can be both hidden in and remotely executed inside an ADS Perfect Malware Hiding Spot

First Command creates the file that will have the ADS created Second Command inserts NotePad executable inside the file Third Command makes sure that only text appears when the file is opened Fourth Command confirms that while Notepad was put into the file, the reported file size remains the same

There are multiple programs that can be used to find ADS within Windows These programs tend to be standalone and either use CMD or a GUI to find ADS

ADS Spy is a Handy Tool that can scan for ADS within any level of the Windows operating system (Files, Folders, Directory, Drives) It can also calculate MD5 Checksum for all scanned Files to check for Integrity It can also delete the Alternate Data Streams without deleting the basefile

Select which Scanning width you desire Quick Scan only Scans the C:\Windows folder Full Scan scans all recorded NTFS Drives on the system Scan Only has you select a specific folder to scan

Scan Results are shown in the File Box on the bottom of GUI If ADS are detected you can now choose to remove them using the “Remove Selected Streams Button” Creating MD5 Checksum will also show within this box for every ADS Detected

HiJackThis is an award winning tool that can scan and detect the contents of the Windows Registry and Hard Drives Can Save Log Files and submit then for Online Analysis Includes Other Tools StartupList Ads Spy HOST File Manager

On Main Screen navigate to Misc Tools and select ADS Spy This is where you will also find all the other handy HiJackThis Tools; NT Service HOSTS Manager, etc There are multiple Similar Options here to use Quick Scan Ignore safe System File Calculate MD5

Results from any scan will show in Data Box Multiple Options for dealing with new found files Save Log to submit for Online Expert Analysis Remove Selected to remove selected streams

Hiding Executables inside files for Remote Execution Later Hiding Videos for transport inside a file

ttp:// streams ttp:// streams -alternate-data-streams/ -alternate-data-streams/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.