Stealth ADS: Enhanced framework for Alternate Data Streams

Abstract

Data hiding is the greatest need in today's computer world where computers have become home for all the sensitive and critical information. Data hiding needs to be done to prevent unauthorized access to our information. There exist different ways and software in the market for hiding data but for them we need to either purchase them or need to download them making it somewhat cumbersome task. Alternate Data Streams which is the feature in New Technology file system of Windows can be effectively used for this purpose. But with the improvement and risks associated with the Alternate Data Streams, few software are available in the market that can be effectively used for detecting the presence of Alternate Data Streams in New Technology File System. Even few antivirus are available that are capable enough to detect files hidden in Alternate Data Streams. So maintenance of stealth has become an important question in hiding files. In order to deal with this and to bring Alternate Data Streams back into action an approach is discussed in this paper with which one can hide any file without any risk or fear of getting detected. This approach is to bundle Alternate Data Streams technology with an external encoder which eventually improves its stealth to great extent. To prove this point, a comparative analysis indicating increase in stealth of Alternate Data Streams by adding encoder has been performed. This comparison is done between existing metasploit encoders and Alternate Data Streams encoder.