Alternate data streams in NTFS allow additional data to be associated with a file, making it challenging for forensic analysis to identify and recover hidden information. This property has sometimes been exploited by hackers for stealth and covert activities. (option B)
The use of alternate data streams (ADS) in NTFS is favored by hackers primarily to make forensic analysis challenging. ADS enables the hiding of additional data within a file, making it difficult for traditional forensic tools to detect or recover hidden information.
This covert storage method enhances stealth, allowing malicious actors to conceal their activities and evade detection. It is not employed to support MacOS files (A), attract hackers for honeypots (C), or necessarily to obey the law (D). Instead, the intent is to impede forensic investigations, contributing to the clandestine nature of certain cyber activities.
The correct answer is option B.
The complete question is:
NTFS supports alternate data stream that is a favorite of hackers because it is almost impossible to recover such files. The reason it is used is
A. to support MacOS files.
B. to make it harder to do forensics.
C. to attract hackers for honeypots.
D. obey Law.