The NTFS file system enables data to be stored in alternative data streams, which are also called alternate data streams or ADS.
Enlarge
Hide text in alternate data streams
© Microsoft
Alternative data streams belong to a file, but are not visible in Windows Explorer. Windows uses this ADS, for example, to save the favicons in favorites lists (bookmarks for the browser) as streams in the URL files.
Text, such as a TXT file with passwords, can be easily hidden in these alternative data streams. You can only extract the hidden information if you know in which file and which data stream is located. However, there are programs that can display all files with information in ADS. Still, it’s a good way to hide information.
That’s how it’s done:
You need a text file with the information you want to hide, for example the “Secret.txt” file. And you need a carrier file in any file format. This can be a picture, for example “Foto.jpg”. Using commands in the Windows command prompt, you can copy the information from the text file into the data stream of the photo and display it again. The commands required for this are “type” and “more”. The “type” command outputs the content of a text file on the screen by default. With the pipeline command “>”, however, this output can also be redirected – for example to an ADS. The ADS can have any name, such as “hidden”. The format for this is such that the name of the file is mentioned first. This is followed by a colon and the name of the ADS, for example “Foto.jpg: hidden”.
Make sure that both files are in the same folder and then open the Windows command prompt. This is done by entering cmd in the Windows 10 search field and then selecting the command from the start menu using the mouse or the Enter key. Next, use the cd command to switch to the folder with the two files.
If you only have type
Secret.txt
at the command prompt, the text of the file is displayed on the screen.
You write the text from the text file “Secret.txt” into the file “Photo.jpg” with the following command. This hides the text in the ADS.
type secret.txt> photo.jpg: hidden
You can then copy or move the “Foto.jpg” file to another folder.
To copy the text information back out of the photo, simply enter the following command:
more
Caution:
If you move a file with attached information to a partition without NTFS, for example to a USB stick in FAT32 format, the attached data streams are completely lost.
You can also use the type command to hide any other file format as a stream in a file, for example PDF files with important documents. With Windows alone, however, it is not possible to get these files out again.
Important:
From the outside, Windows Explorer cannot tell whether a file is hosting a data stream. Therefore, there is a great risk that you will forget about the hidden content. Although there is a “dir / r” command that shows you all the data streams in a folder, you must at least know the folder to do this.
Tip:
Encryption: The Best Free Data Safes
