LADS
Jump to navigation
Jump to search
Description
LADS is a tool developed by Frank Heyne. It lists all Alternate Data Streams (ADS) of an NTFS directory. It shows the ADS of encrypted files, even when these files were encrypted with another copy of Windows.
Installation
Download link: http://www.heysoft.de/download/lads.zip
Usage
Syntax
Usage: LADS [Directory] [/S] [/D] [/A] [/Xname]
Note
If Directory is ommited, current directory will be scanned
Options
- /S
- include Subdirectories
- /D
- Debug LADS
- /V
- Verbose error reports
- /A
- give a summary of All bytes used in the scanned directories (All files and directories are considered as uncompressed and all security decriptions are skipped for calculating this number!)
- /Xname
- eXclude any ADS "name"
- /Pfile
- read Parameters from "file"
Example
Let's create 3 streams in a text file as follows:
C:\malware>echo hidden text > test.txt:hidden.txt C:\malware>type res\test.exe > test.txt:hidden.exe C:\malware>type res\test.png > test.txt:hidden.png
LADS successfully detected the streams:
C:\malware>\tools\lads.exe
LADS - Freeware version 4.10
(C) Copyright 1998-2007 Frank Heyne Software (http://www.heysoft.de)
This program lists files with alternate data streams (ADS)
Use LADS on your own risk!
Scanning directory C:\malware\
size ADS in file
---------- ---------------------------------
32768 C:\malware\test.txt:hidden.exe
988061 C:\malware\test.txt:hidden.png
14 C:\malware\test.txt:hidden.txt
1020843 bytes in 3 ADS listed