Using Alternate Data Streams to Persist on a Compromised Machine
Back in the days before Windows Vista, Alternate Data Streams used to be an acceptable way for malware authors to hide their malicious code. An Alternate Data Stream can be used to hide the presenc…
The Definitive Guide to File System Analysis: Key Concepts and Hands-on Techniques Most digital evidence is stored within the computer's file system, but understanding how file systems work is one … - Selection from File System Forensic Analysis [Book]
Although initially labeled as ransomware due to the ransom message that is displayed after infection, it appears now that NotPetya functions more as a destructive wiper-like tool than actual ransomware
Using Alternate Data Streams to Persist on a Compromised Machine | enigma0x3
Back in the days before Windows Vista, Alternate Data Streams used to be an acceptable way for malware authors to hide their malicious code. An Alternate Data Stream can be used to hide the presenc…