An Introduction to Alternate Data Streams (ADS)

A Hidden Layer of New Technology File System (NTFS)

Alternate Data Streams (ADS) is a New Technology File System (NTFS) feature that allows data to be associated with a file or directory without modifying its primary data or attributes.

Although introduced to provide enhanced functionality, ADS has also sparked debates due to its potential misuse in cybersecurity. This article explores ADS's technical nuances, exploring its design, use cases, and challenges.

What are Alternate Data Streams?

In NTFS, every file or directory consists of multiple data streams. By default, the file’s primary data is stored in the main data stream, also known as the default data stream.