Redwood <anon@comments.header> wrote in news:QM3KT5C738967.8576851852
@twistycreek.com:

> "nemo_outis" <abc@xyz.com> wrote in
> news:Xns9837B47BD70FCabcxyzcom@127.0.0.1:
>
>> This may be old hat to some of you, but it may be new to others:
>> it is possible to create and/or mount an ADS (alternate data
>> stream) a
[snip]
>>
ADS streams are becoming better known but are still not
>> well-known - even to some sysadmins. Their day is passing as a
>> useful trick. Passing, but not yet past :-)
>
> This does nothing but hide it from the casual observer. That type
> of observer can be fooled by just naming it to look like a system
> file. If your computer is seized, the stream will be found. Any
> forensics specialist worth his salt will find it very easily as
> well as any admin even slightly knowledgable. It stands out like a
> red flag with the tools available. I'd have to say that you make
> it even easier to find by hiding it in a stream.

I agree, it's protection against your kid sister only - security through
obscurity, and we all know what that means! (Yuck!)

Incidently, this isn't a truecrypt "feature"; practically any OTFE system
will most likely allow this - not to mention conventional encryption
systems.