Using ADS to hide a directory

Hi,

First of all let me complement you guys on your cool community. I didn't know you existed till today, and I'll def' be back, this is a very useful place

Ok, to buisness. I have reason to believe a threat may be made to the network I run for my company.
I believe a user is hiding a whole directory packed with illigal software on his computer, and I suspect it is hidden using ADS. Could this be?
Can you hide an entire directory full of files using Alternative Data Streams??

I know I could use LADS, but I can't move outside software into our networks for reasons of security. I'm in the process of writing a C# application to scan our servers for illigal ADS usage, but I thought I'd ask you guys if it could be done anyway.

Thanks

 

dear GMMorris, welcome to the forum. i'm glad you liked it. yes its possible.

 

Thanks.

Really? It is possible to hide an entire folder in ADS? How?

Is there a way for me to prevent users using File Streams?

 

well not directly but indirectly. i'd archive the whole directory using minimal compression to a single file and then add it normally using this ':' special COLON character. i'm lazy but you'll find a whole lot of tutorials on how to add ADS to a file or directory. you can't prevent it.

 

Thats basically adding a single file to a file or directory using ADS, what I'm searching for is an actual directory.
If all his files are in ZIP or something like that, he can't run programs out of it

And I don't need tutorials, I've done ADS several times before

 

dear GMMorris, i didn't know he was running his programs like that. it should be something else. otherwise it'd be detectable very easily. you can't hide directory as ADS directly.

 

ok, thanks. I'll keep searchin'