ShaunC Posted May 25, 2021 Report Share Posted May 25, 2021 Apologies if this was already requested/discussed elsewhere - I did a few searches and didn't find anything. Going by the user guide, Intella is already somewhat aware of ADS, as it is capable of grabbing the zone.identifier information to show the URL where a file was downloaded from Quote 14.1.2. Features - Page 130 Downloaded from Internet: Indicates items that may have been downloaded from the Internet. Intella determines such items by looking at the Zone.Identifier alternate stream in NTFS file systems. Where possible, Intella will extract the URL the file was downloaded from. This URL can hen be found in the Raw Data tab While not very common, people can still hide data in ADS, so it would be good if Intella could recognise such attempts at obfuscation. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.