Pronounced as separate letters, ADS is an acronym for alternate data stream. An ADS is a function of Microsoft Windows New Technology File System (NTFS), in which one file can be embedded in another but remains invisible to other users in Windows Explorer. This means the ADS does not affect the size, function, or display of the main file to which the ADS is attached. ADS was originally introduced in 1993 to ensure file server compatibility with the Macintosh Hierarchical File System (HFS).
Uses of ADS
ADS files may be used for a number of purposes. In legitimate applications, an ADS can be used in a variety of ways, including:
- Protecting sensitive files
- Enhancing antivirus programs
- Storing file thumbnails
- Storing file summary information
- Attaching a favicon to a site identity
In more malicious circumstances, an ADS can be used to launch a Denial of Service (DOS) attack, embed executable files with viruses and trojan horses, or otherwise store illegal materials/records of illegal activity. As a result, ADS files are a common source of evidence for digital forensic scientists. Fortunately, Windows Vista introduced a native tool for identifying these such files and malware scanners have become attuned to preventing these types of attacks.