Forensically significant information contained in the alternative data streams
Authors: Pisanova V.A. | |
Published in issue: #7(84)/2023 | |
DOI: 10.18698/2541-8009-2023-7-919 | |
Category: Jurisprudence | Chapter: Civil and business law |
|
Keywords: special knowledge, forensic examination, computer technology, file system, alternative data streams, hidden information, forensically significant information, computer forensics |
|
Published: 24.07.2023 |
The article considers the concept and essence of the alternative data flows. Specific indicators are highlighted making it possible to transform the alternative streams into a convenient tool for intruders. It was established that alternative data streams could be used to hide data both by the user himself and also to store information unauthorized by the user. Specific examples of forensically significant information that could be contained in the alternative data streams were analyzed. A conclusion was made that alternative streams could be of great importance for detection, investigation and prevention of crimes; therefore, special attention in the course of computer forensics should be paid to them.
References
[1] Tsifrovaya kriminalistika [Digital forensics]. Ed. Vekhov V.B., Zuev S.V. Moscow, Yurayt Publ., 2021, 417 p. (In Russ.).
[2] Zametki o Windows. Al’ternativnye potoki dannykh v NTFS [Notes on Windows. Alternate Data Streams in NTFS]. URL: https://windowsnotes.ru/other/alternativnye-potoki-dannyx-v-ntfs/ (accessed May 05, 2023).
[3] Sokolov A.B., Shcherbina R.P., Shaevich A.A. Criminally significant information stored in alternative data streams of the NTFS file system. Forensics: yesterday, today, tomorrow, 2022, vol. 22, no. 2, pp. 159–169. (In Russ.). http://doi.org/10.55001/2587-9820.2022.88.70.016
[4] Dolgushina P.E., Karavaeva A.V., Molodtsova Yu.V. Opportunities to explore alternative data streams. Modern Science, 2022, no. 4–1, pp. 422–426. (In Russ.).
[5] Dolgushina P.E., Karavaeva A.V., Molodtsova Yu.V. Alternative data streams in the NTFS file system. Innovatsionnye protsessy v nauke, tekhnike i ekonomike. Mezhdunar. nauch.-prakt. konf.: sb. tr. [Innovation processes in science, technology and economics. International scientific-practical conference: collection of works]. Tyumen, IUT Publ., 2022, pt. 1, pp. 94–98. (In Russ.).
[6] Lyadovskaya N.I., Pisanova V.A. Opportunities for minors to file a statement of claim. Politekhnicheskiy molodezhnyy zhurnal, 2022, no. 10 (75). (In Russ.). http://dx.doi.org/10.18698/2541-8009-2022-10-830.html
[7] Al’ternativnye potoki dannykh NTFS, ili pochemu ne zapustilsya skript PowerShell [Alternative NTFS data streams, or why the PowerShell script didn’t run]. URL: https://www.outsidethebox.ms/17918/ (accessed May 20, 2023).
[8] Microsoft Security Intelligence. URL: https://www.microsoft.com/en-us/wdsi/threats (accessed May 13, 2023).
[9] AlternateStreamView v1.56. URL: https://www.nirsoft.net/utils/alternate_data_streams.html (accessed May 17, 2023).
[10] Obzor programmy NTFS Stream Explorer [Overview of NTFS Stream Explorer]. URL: https://clck.ru/fDti2 (accessed May 05, 2023).