312-49 Question #465: Real Exam Question with Answer & Explanation

The correct answer is C: ADS. The command is attempting to use Alternate Data Streams (ADS), a feature of the NTFS file system in Windows. ADS allows data to be hidden within a file by appending a colon and a secondary stream name (e.g., 'file.txt:hidden.txt'). This technique is commonly used to conceal malic

Submitted by deeparc· Apr 18, 2026Disk Forensics

Question

What feature of Windows is the following command trying to utilize?

Options

AWhite space
BAFS
CADS
DSlack file

Explanation

The command is attempting to use Alternate Data Streams (ADS), a feature of the NTFS file system in Windows. ADS allows data to be hidden within a file by appending a colon and a secondary stream name (e.g., 'file.txt:hidden.txt'). This technique is commonly used to conceal malicious payloads or data because the hidden stream does not appear in standard directory listings or file size reports. Forensic investigators must be aware of ADS when examining NTFS volumes, as it is a known anti-forensics technique.

Topics

#Alternate Data Streams (ADS)#NTFS#Data hiding#Windows forensics

Community Discussion

No community discussion yet for this question.

Full 312-49 Practice Browse All 312-49 Questions