Jan 7 2008

How to hide a beer recipe using an NTFS alternate data stream

If you're new here, you may want to start with my most popular posts. Then, subscribe to my RSS feed to stay updated. Thanks for visiting!

Searchmarked.com Tip

So you don’t want to actually delete that secret beer recipe? No problem, you can hide it in plain site using an NTFS alternate data stream. As part of my MBA Thesis, I researched different ways to hide data on Windows-based PC’s. An NTFS alternate data stream was one :) .

So what exactly is an NTFS alternate data stream? Well, the short answer is that it is a feature of the NTFS file system used to maintain compatibility with Apple’s HFS file system. To see an example of an NTFS alternate data stream, look at the properties of a word document. If the author and other extra properties are filled in, they are stored in an alternate data stream. This meta-data (data describing data) does not appear to take up space in Windows explorer, yet it is stored in the file system. It is that little side-effect that makes NTFS alternate data streams really useful for hiding secret beer recipes. If you would like to find out more about NTFS alternate data streams, take a look at my MBA Thesis. Otherwise, let’s hide something!

-Start by opening the Windows command prompt by clicking “Start -> Run” and typing “cmd” . Then, press enter.

-Now navigate to the Windows system32 directory by typing the following at the command-line and pressing “enter”.
cd %systemroot%\system32

-Have the path to your beer recipe file? Good.

-Now, pick a text file in the system32 directory to attach an alternate data stream to. I picked eula.txt because nobody ever reads those anyway.

-Now for the fun part. Let’s hide your beer recipe. In this example I am hiding a file called beer.txt in the C:\beer directory.

-Type the following at the command-line to hide your file.
type c:\beer\beer.txt > eula.txt:beer.txt

The part after the colon is the alternate data stream name. I just called it beer.txt for consistency. You can call it anything you want.

-Open eula.txt by typing the following at the command-line:
notepad eula.txt

You will notice that your secret beer recipe is not there. You will also notice that the file size for eula.txt has not changed if you look at its properties.

-To read your secret beer recipe again, simply type the following at the command-line.
notepad eula.txt:beer.txt

This will open up the NTFS alternate data stream named “beer.txt” intact.

Since this method will copy C:\beer\beer.txt into the NTFS alternate data stream and not move it, be sure to securely delete the original file.

That’s it! You now have a hidden beer recipe. Now go drink some beer! Happy Brewing!

Technorati Tags: , , ,

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.



Subscribe Form

Subscribe to Blog


Recent Readers

                  Computers Blogs - Blog Top Sites