![]() Users sometimes create these shortcuts intentionally for convenient access to particular items, but more often Windows creates link files automatically in an attempt to assist the user and speed up operations. LNK extension) are simply shortcuts, which point to another file or folder. Pittman, Dave Shaver, in Handbook of Digital Forensics and Investigation, 2010 Link Files In summary, Alternate Data Streams are commonly overlooked by investigators and therefore can be a nice hiding location for files. The drawback is by leaving this feature on may seriously slow your normal antivirus scans by as much as 10x, which is why many antivirus vendors leave it disabled by default. If it is supported by your antivirus software you can enable this feature on an as-needed basis. If you’re performing forensics investigations, ensure your vendor provides this very important feature its antivirus suite. ![]() It also is important to note that most antivirus software packages by default do not scan Windows Alternate Data Streams for virus, trojans, and other malicious code. Once again, we can run a directory listing and we see no evidence of either of the Alternate Data Streams: ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |