Hey, I'm doing a class presentation on ADS's, and I have all the information about ADS's that I need to present, however I am looking to add in a few scenarios of real cases.
I was wondering if anyone could share some information! They do not have to go into detail, I just want to talk breifly about real scenarios someone may expect to see going into the field.
Thanks!
I presume you are refering to Alternate Data Streams.
One area you may wish to look at is on the Mac (HFS+) files are stored with data and resource forks. In theory ADS is very similar, but in my experience is not used that way. Only a few windows system files seem to use ADS.
Have a look at the way Vista and Windows 7 handle eml files. NTFS Last Modified timestamps can updated simply by searching for or single left-clicking on eml files in Windows Explorer. This happens when the eml file does not have an existing ADS, eg if you are exporting email from an image or converting it from a different format. I think you might need to have Windows Mail, Windows Live Mail or Outlook installed - we've only just noticed this abberant behaviour and haven't got to the bottom of it yet. Also - zone identifier ADS created when downloading files. They are found in lots of places.
As Sonj mentioned, the 'Zone Identifier' stream gets attached to files that are downloaded with Internet Explorer.
A 'Summary Information' stream can be added to a file using the Summary tab, of the properties dialog, opened through the file's context menu in Windows File Explorer.
A 'OECustomProperty' stream gets attached to an email file, as an NTFS Alternate Data Stream (ADS), when a user opens the file with MS Outlook Express or MS Mail.
I'm sure there are more examples, but these are the instances that we have seen.
Here are some related links
http//
http//
http//
http//
Thanks guys you added some new information that I can look into.
Thank you!
