LADS

From aldeid
Jump to navigation Jump to search

Description

LADS is a tool developed by Frank Heyne. It lists all Alternate Data Streams (ADS) of an NTFS directory. It shows the ADS of encrypted files, even when these files were encrypted with another copy of Windows.

Installation

Download link: http://www.heysoft.de/download/lads.zip

Usage

Syntax

Usage: LADS [Directory] [/S] [/D] [/A] [/Xname]
Note
If Directory is ommited, current directory will be scanned

Options

/S
include Subdirectories
/D
Debug LADS
/V
Verbose error reports
/A
give a summary of All bytes used in the scanned directories (All files and directories are considered as uncompressed and all security decriptions are skipped for calculating this number!)
/Xname
eXclude any ADS "name"
/Pfile
read Parameters from "file"

Example

Let's create 3 streams in a text file as follows:

C:\malware>echo hidden text > test.txt:hidden.txt
C:\malware>type res\test.exe > test.txt:hidden.exe
C:\malware>type res\test.png > test.txt:hidden.png

LADS successfully detected the streams:

C:\malware>\tools\lads.exe
 
LADS - Freeware version 4.10
(C) Copyright 1998-2007 Frank Heyne Software (http://www.heysoft.de)
This program lists files with alternate data streams (ADS)
Use LADS on your own risk!

Scanning directory C:\malware\

      size  ADS in file
----------  ---------------------------------
     32768  C:\malware\test.txt:hidden.exe
    988061  C:\malware\test.txt:hidden.png
        14  C:\malware\test.txt:hidden.txt

   1020843 bytes in 3 ADS listed

Comments