We first discussed Alternate Data Streams in tip 0483.
CrucialADS freeware is a GUI based tool designed to quickly and easily detect the presence of Alternate Data Streams in NTFS files and directories. NTFS files contain one primary stream and, optionally, one or more alternate data streams. The problem is that NT/2000 comes with no utilities to list any stream other than the primary stream in a file. When viewing a directory with explorer, or using the dir command in cmd.exe, the information reported pertains to the primary stream only.
Tool Usage:
The tool will poll your system and find all the local and remote drives. You can choose to scan all local drives, or pick individually from the list. Hit start to initiate the scan. All diagnostic messages are sent to the output window. If an ADS is found, its name will appear in RED in the output window. The current directory is updated in real time at the bottom of the dialog box. The scan can be stopped at any time by pressing the stop button. Once the scan completes, naturally or manually, a Message Box is presented with statistics on the number of files scanned and the number of ADSs found. You can save the contents of the results window to a file with File->Save Results, or you can cut and paste the text into a text editor such as notepad.
NOTE: When running the tool on an IIS 5.0 server, it selected hundreds of image files. IIS obviously uses ADS to provide thumbnail image indexing.
