Javascript must be enabled to download our products and perform other essential functions.

Buy Now Download Free Trial

This help page is for version 8.3. The latest available help is for version 8.4.

File Sight - Alternate Data Streams

Alternate Data Streams are a feature of Microsoft's NTFS file system. Basically they are files within a file, with specially formatted information at the end of the file name to indicate which 'file' within the file is being specified. Some applications (including the operating system) uses these data streams, and some do not.

You can read more about them at:

Data streams often look like the following example:

    C:\Documents\Financial Data\Payroll.xls:38FJLK2KA81FJLA:$DATA

The data that is saved in a data stream is completely dependent on the operating system and/or the application. Sometimes it it meta data (such as author information), sometimes it might be tracking data, etc. The data in the streams may or may not be visible to the end user (meaning they might not know the alternate stream data is being changed by what they are doing).

PA File Sight sees these file streams being accessed just like any other normal file. For your alerting and reporting purposes PA File Sight lets you specify how you want to treat file stream data. The options are:

  • Show stream access - This is the default, so for the example above you could see accesses happening to the shown stream as well as separate actions on the base Payroll.xls file
  • Truncate stream - Instead of showing the complete file stream name in the example above, PA File Sight can truncate the name to the base file (C:\Documents\Financial Data\Payroll.xls in the example)
  • Ignored streams - When a file stream is detected, it is completely ignored

PA File Sight

Help Map