Hiding files in ADS (Alternate Data Streams) in Windows

Alternate Data Streams exists in NTFS file streams which can be used to hide sensitive information, even worms, trojans etc. We can hide files in ADS of folders & files. Using ADS required little skill & this security issue is relatively unknown to people. To begin, open cmd & make a folder.
#mkdir C:\folder
#echo this is hidden text > folder:secret
Now, open the folder & check whether there is any file. You will find no file there. The file is in ADS of directory 'folder'.

To view the content,
#more < folder:secret
Similarly, you can use ADS of files to hide files.
#echo visible > C:\folder\file.txt
#echo invisible > C:\folder\textfile.txt:secrets.txt
Now, open the file 'file.txt'. It contains the expected text, but what about secrets.txt. Open it by executing this command.
#notepad.exe C:\folder\textfile.txt:secrets.txt
 Similar process can be followed in case of executables.
    #copy C:\windows\system32\calc.exe C:\folder\calc.exe
    #type C:\somefolder\worm.exe > C:\folder\calc.exe:ss.exe
    #start C:\folder\calc.exe:ss.exe
In task manager, the process will be either visible as calc.exe or calc.exe:ss.exe.
In next post, we will explore the ways to find or scan hidden files in ADS.

Reference :
http://www.flexhex.com/docs/articles/alternate-streams.phtml
http://www.windowsecurity.com/articles/Alternate_Data_Streams.html