Stream Detector v1.0 (Freeware): Discover NTFS Hidden Alternate Data Streams

We've recently released a new useful tool:

Read more & download here:
http://www.novirusthanks.org/products/stream-detector/

 

Looks interesting thanks.

BTW, please don't make the NoVirusThanks tools open the browser after install, I hate that, and would love it if ERP could block this.

 

Ah, nice tool.

 

very handy tool ; good job NVT !

 

Thank you for your smart and amazing job! Chapeau.

 

What's exactely 'extract stream' function ? Who can explain a little more ?

 

With "Extract Stream" function you can extract the stream, like the file that has been joined in the host file. Rustock Rootkit A used to hide its driver as a Alternate Data Stream, with the "Extract Stream" function you are able to extract, for example, the driver of Rustock Rootkit A for further analysis. Or if an user has used ADS to hide a document or file, you can extract\dump it.

 

Andreas , what happen if i decide to delete all streams on my system? (question just for educational purposes ^^ )

 

It should not cause problems, the OS uses Zone.Identifier ADS to store non-important data, more info here:
https://msdn.microsoft.com/en-us/library/dn392609.aspx

 

Stream Detector v1.2 Released (January 16, 2018)
Website