Versions:
NTFS Hidden Data Finder 1.1, published by Chris Long, is a lightweight investigative utility designed for system administrators and power users who need to audit NTFS-formatted volumes for metadata that is invisible to Windows Explorer. The program recursively scans a user-specified drive letter or folder, locating three classes of concealed objects—alternate data streams (ADS), extended attributes (EA), and reparse points—then exports a plain-text report that lists each item’s full path, size, creation time, and type of hidden data. Because malware frequently abuses ADS to stash payload code, the tool is routinely used to verify the integrity of servers and workstations before and after software deployment, as well as to satisfy compliance checks that require proof of data-stream inspection. Forensic teams also employ it to determine whether sensitive material has been tucked into seemingly innocuous files, while storage-migration projects use the generated log to identify reparse points that must be handled separately when transferring folders to non-NTFS destinations. The single-file executable runs on any NT-based Windows edition without installation, accepts command-line arguments for unattended batch scans, and produces non-proprietary text output that can be parsed by scripts or imported into SIEM dashboards. Version 1.1 represents the only public release to date, offering stable 32- and 64-bit compatibility across Windows 7 through Windows 11. NTFS Hidden Data Finder is available for free on get.nero.com, with downloads provided via trusted Windows package sources such as winget, always delivering the latest version, and supporting batch installation of multiple applications.
Tags: