Alternate Data Streams (ADS) is a feature of Microsoft Windows NTFS file system. It allows a means of hiding files, data, and even applications on a system. It is difficult to detect ADS material without specialized tools. Microsoft doesn't say very much about it, but some information on ADS is available in this
MSDN article, under the section about Multiple File Streams.
An
overview of ADS can be found on the WindowSecurity.com site. Another ADS review is available from
Infosecwriters.com.
A
FAQ, with specific questions and points about Alternate Data Streams, is available from Frank Heyne, who also wrote
LADS, a tool for determining the existence of ADS in a directory. Another utility is
adsdump.
More...