Understanding Data Streams
Also known as file streams, the data stream is a series of bytes that are meant to store metadata of a specific file - such as the file's creator and other relevant information. Every functional file within the NTFS platform has at least one data stream, known as the default data stream, but it's possible for files to have more than stream. The additional inputs are known as alternate data streams.
The default data stream is unique because, while the data is stored in the -"Data" attribute, the name of the default data stream is intentionally left blank by the NTFS platform. As such, it's also referred to as the unnamed data stream. When files are viewed through the Windows OS, they are analyzed with their default data stream.
Conversely, alternate data streams always have a name. They are invisible to Windows Explorer and, as such, cannot normally be viewed by users with older versions of Windows. Users of Windows 8 or later, however, can use PowerShell to read ADS.
Benefits of Alternate Data Streams
Although they're not really beneficial to the average computer user, alternate data streams have many benefits when used in software development. Some of these benefits include:
While alternate data streams can be used safely and securely, and they can actually increase the performance of your system in some cases, they can be used for malicious purposes, too.
Drawbacks of Alternate Data Streams
When used by reputable software development teams, alternate data streams can be highly beneficial to programs operating on the NTFS platform. However, since it's so easy for hackers and other malicious users to exploit the NTFS platform via alternate data streams, they've gained a bad reputation in recent years.
Generally speaking, sophisticated hackers can use an ADS to inject a file with a Trojan that hides their toolkit in manner that makes it undetectable to other users. Likewise, tech-savvy criminals sometimes use alternate data streams to hide incriminating digital evidence.
Not only can this information be accessed with third-party software and advanced digital forensics techniques, but, as mentioned earlier, they're accessible via any versions of Windows 8 or later.
Should You Be Concerned About Alternate Data Streams?
Remember: alternate data streams are specifically a part of the NTFS platform. If you're not using NTFS, there's no need to worry about hackers or malicious users hiding their files within alternate data streams. For those who use NTFS as part of their Windows installation, particularly those using early versions of the popular OS, there is definitely a cause for concern.
You may read more about the NTFS file system and alternate data streams in Wikipedia: NTFS.