Windows How To DoYour Windows Knowledge Base

This post will show you how to hide file in Alternate Data Streams.

ADS (Alternate Data Streams) is a “feature” of the NTFS that permit files to be completely hidden from the system.

Lets say we have  secret.txt file that contains confidential info and it is placed in C:\Test folder . We want to hide secret.txt file from unwanted eyes and hidden file attribute is too simple solution for us.

In this case we can use ADS feature to completely hide it from system. Lets fork secret.txt file to C:\Windows\Zapotec.bmp file which is one of desktop backgrounds installed by default on Windows XP.

To fork it press “Start” > “Run”, type cmd and press “OK”.

In command line window type:

type c:\test\secret.txt > c:\Windows\Zapotec.bmp:secret.txt

Press “Enter”.

Ok, you forked secret.txt file to zapotec.bmp.

Now go to c:\Test folder and delete secret.txt file. Yep, you got it right, delete it.

After that you can start windows Search and try to locate secret.txt file. No traces… it is gone…

And now the Magic moment!

Open command line and type:

notepad c:\Windows\Zapotec.bmp:secret.txt

and press “Enter”

Secret info file is there and it is hidden pretty well this time.

Well done!

If you ever wandered is there a quick way to find cluster size of volume this shorty how to post is for you. To check volume C: cluster size open command line on your Windows 2003 server or Windows XP and type:

fsutil fsinfo ntfsinfo C: