Posts Tagged ‘ntfs’

Read ext4 partitions from Windows 7

Thursday, October 25, 2012 posted by CSch

Linux partitions are usually not visible under Windows operating systems. While it’s not recommended to write on a Linux partition from Windows, you can read files from there without too much of a great danger. However, a tool is needed for that – an example for that is DiskInternals Linux Reader.

You can download the reader at DiskInternals’ homepage: http://www.diskinternals.com/linux-reader/

To browse the files on the Linux filesystems, you need to install the application and browse them through it – they’re not shown in the Windows explorer as the other hard disks and partitions are. Download the application and follow the installer to correctly install it. You’ll find an overview of all the available file systems listed:

To read or save files to a Windows system, just double- or right-click the item and select the appropriate action!

There is a feature in NTFS data system that lets you easily hide your files from nosy people using your computer which is called Alternate Data Streams. What they basically do is to hide files behind others, using them as a “container”, but they only are executable if you enter a specific syntax in your command line. I will show you in a few examples.
I have the text document mysecrets.txt which I want to hide inside the legal.txt document. They are both placed directly on my C:\ drive to simplify things. To achieve that, I open a command line and type in:

type C:\mysecrets.txt >C:\legal.txt:mysecrets.txt

With the type command, you can stuff any file into an alternate data stream. Next you give the file to hide, followed by a greater-than sign, followed by the the path where you want to hide the file – here, give the file you want to stuff things in, a colon, and the hidden file’s name (this can basically be any, you call the hidden file by this given name then). The colon is the trademark of an alternate data stream, every file separated from another file with a colon will become the first file’s alternate data stream.

Text files are not the only files you can hide away with alternate data streams, basically you can do it with any file, even executables. However you cannot open every file from an alternate data stream – starting executables for example has been disabled for security’s sake because, as you might have noticed, AltDS can be used to build pretty evil malware. To open a hidden file, you just pick the program to do so and open it the usual way through the command line, for example like this:

notepad C:\legal.txt:mysecrets.txt

You can also do this for videos, music, whatever, just pick the appropriate application. For executables however, this is no longer possible. However there are some slightly more complicated workarounds to do this. You can either have a symlink of the hidden file made, which is then executable and deletable afterwards, or write commands into the hidden file which can be executed by the shell, creating another executable or whatever you want to do with it.
Be aware however that alternate data streams will be lost after moving their containers to another server! It is not possible to mail multi-streamed files, even if the receiving file system is NTFS formatted.
To uncover alternate data streams on Windows Vista or later, direct your command line tool to the folder you want to check and enter

dir /r C:\path\to\your\folder

You cannot hide whole folders in alternate data streams, except if they are compressed.
The easiest way to delete alternate data streams is to copy the whole file onto another data system via explorer, ftp or mail. However there is also software to detect and deal with them.