We are committed to providing fast, efficient, and affordable software solutions that set new standards in the software development industry.
  • What are alternate data streams

Understanding Data Streams
Also known as file streams, the data stream is a series of bytes that are meant to store metadata of a specific file - such as the file's creator and other relevant information. Every functional file within the NTFS platform has at least one data stream, known as the default data stream, but it's possible for files to have more than stream. The additional inputs are known as alternate data streams.

The default data stream is unique because, while the data is stored in the -"Data" attribute, the name of the default data stream is intentionally left blank by the NTFS platform. As such, it's also referred to as the unnamed data stream. When files are viewed through the Windows OS, they are analyzed with their default data stream.

Conversely, alternate data streams always have a name. They are invisible to Windows Explorer and, as such, cannot normally be viewed by users with older versions of Windows. Users of Windows 8 or later, however, can use PowerShell to read ADS.

Benefits of Alternate Data Streams
Although they're not really beneficial to the average computer user, alternate data streams have many benefits when used in software development. Some of these benefits include:

  • Storing keyword data or file summaries
  • Verifying the safety or security of a file
  • Maintaining file integrity
  • Increasing software performance

While alternate data streams can be used safely and securely, and they can actually increase the performance of your system in some cases, they can be used for malicious purposes, too.

Drawbacks of Alternate Data Streams
When used by reputable software development teams, alternate data streams can be highly beneficial to programs operating on the NTFS platform. However, since it's so easy for hackers and other malicious users to exploit the NTFS platform via alternate data streams, they've gained a bad reputation in recent years.

Generally speaking, sophisticated hackers can use an ADS to inject a file with a Trojan that hides their toolkit in manner that makes it undetectable to other users. Likewise, tech-savvy criminals sometimes use alternate data streams to hide incriminating digital evidence.

Not only can this information be accessed with third-party software and advanced digital forensics techniques, but, as mentioned earlier, they're accessible via any versions of Windows 8 or later.

Should You Be Concerned About Alternate Data Streams?
Remember: alternate data streams are specifically a part of the NTFS platform. If you're not using NTFS, there's no need to worry about hackers or malicious users hiding their files within alternate data streams. For those who use NTFS as part of their Windows installation, particularly those using early versions of the popular OS, there is definitely a cause for concern.

You may read more about the NTFS file system and alternate data streams in Wikipedia: NTFS.

Data Recovery Feedback
372 feedbacks
Rating: 4.8 / 5
I have used R-studio with USB Stabilizer,Rapid-spar,Deep spar, Pc3000, MRT.I am thoroughly satisfied.Now i have made head maps to isolate bad heads of hard disk when used with mounted disks.
I was completely lost. My Mac seemed to have eaten my 4TB external USB drive - was formatted APFS encrypted. The volume just disappeared while running and I had to reboot and when it came back the volume could not be unlocked / mounted natively. I tried a whole heap of methods (https://github.com/libyal/libfsapfs/, drat and many others) to no avail. R-Studio data recovery was able to recover the entire volume - a complete life saver, worth every cent!
I really love your R-Studio product, I am doing Data Recovery as a professional, I used RS since the early versions and I loved the product, as far as I can tell, R-Studio, especially the Tech Version (but including the standard) is one of the best and excellent tools for a pro to have in the arsenal of tools in a pro DR lab, especially combining with the specialized Data Recovery hardware providers like DeepSpar, and PC3000, the rest of `wannabees` out there are waste of time, strongly recommend
I lost more than 200K files from my NAS due to a mistake. I tried 3 different recovery solutions over the 4 TB raid disks, and all of them performed ok but to be honest none of them were able to Raw recover the files and rename them with meaningful names out of the Metadata like R-TT did, then I was able to sort again my files and pictures and kind of restore all of them.

R-TT may not be the easiest or most user-friendly solution, but the algorithm used for the renaming saved me THOUSAND of hours of opening ...
Just recovered my old ext4 partition with R-Studio after trying testdisk and R-Linux without success. That partition was overwritten by another ext4 partition and I was losing my hope until I tried R-Studio demo. It detected all my files and directories again!

Bought it and 100% recommend it for anyone with a similar issue.