Are alternate data streams being used by legitimate system f

Are alternate data streams being used by legitimate system files?

Whould law enforcement be interested in using ADS Spy? why?

Why would ADS Spy have the option for calculating MD5 digest for the stream\'s content?

Solution

Anyone who is in the security arena should know about Windows Alternate Data Streams, otherwise known as ADS.ADS was created for compatibility with the Mac world, it is not solely used for that purpose. Many applications use ADS to store attributes of a file in them. For example if you make a text document, and right click and go into its properties you will see a summary page. This summary information is attached to the file via ADS.

Yes Alternate Data Streams can be used by legitimate file systems for darker intentions. But may face the below problems

- There are few programs that detect ADS.
- Removing ADS can be difficult.
- Explorer and Dir when determining free space do not calculate the space used by   ADS.
- You can hide an executable as an ADS.

Spy tools are legal and used for competitive intelligence. So law enforcement uses ADS spy tools for gathering the hidden information of a person or organization without their knowledge. But these ADS or other spy tools can be used only in a legal and lawful manner in accordance with all applicable laws and regulations

The MD5 cryptographic algorithm is a widely used hash function producing a 128-bit hash value. It can be used as a checksum to verify data integrity, but only against unintentional corruption. ADS spy uses MD5 digest to maintain the data integrity of the stream, and also it can be used for creation and verification of digital signature for authorization.