Alternate Data Streams have been around since 1993, when they were introduced in NTFS on Windows NT 3.1.  They were introduced as a mechanism to store resource information separate from the actual file data.  This allows programs to associate metadata with the file without changing the actual file contents. It is also a simple and effective way of hiding information.  Most people are unaware of this feature, most likely due to it being an NTFS only feature under Windows.  Malicious software can use this feature to hide their files. Alternate Data Streams are amazingly simple to create.  This is an example using notepad. First,...