lundi 29 août 2016

Scan your PC for alternate data streams with StreamArmor

If you’re manually checking a PC for malware then you could browse a folder in Explorer, look at file names, sizes, maybe open anything suspect to see what it contains. But you might be missing something… Drives formatted using NTFS store file information in attributes. The contents of a file are stored in the $DATA attribute, and that’s what you’ll see in Explorer, and view when you open the file in an application. The problem is that a file’s $DATA attribute can have alternate data streams which aren’t visible in Explorer, or most other file management tools. That zero-byte .tmp… [Continue Reading]


Aucun commentaire:

Enregistrer un commentaire