Skip main navigation

File size

Article detailing how malware can blend into your computer system by changing it's file size.
© PA Knowledge Ltd | 7Safe Training

File size

A file actually has two different sizes. The first relates to the size of the file itself, referred to as the logical size, i.e., how big the file is. The second size relates to how much space has been allocated to the file on the actual disk, referred to as the physical size. The disk size allocated to a file will be larger than the logical size. The size of a file on disk actually relates to the the formatting of the file system being used that is to say, how many sectors per cluster.

It should be noted that depending on the file type, any malware code written to a file might not actually increase the logical or physical size of that file.

Additional information…

Files saved to the NT File System can also have more than one content. This additional content is known as an alternate data stream (ADS) or named stream. Such streams are not navigable via Windows Explorer nor does the logical or physical size of any such file containing an ADS change. Don’t worry though, antivirus solutions today scan named streams for malicious code – phew!

A directory on the NT File System is also treated as a file. Therefore a directory can also have content i.e., a named stream attached to it! All such streams need to be named so that the content can be called and accessed accordingly. You can view any named streams by utilizing console tools such as Command Prompt and PowerShell. Third party tools are also available.

Want to see some streams on your Windows computer? Open your Command Prompt and navigate to your Downloads folder. Providing you have downloaded content from the Internet previously type Dir /r to view content. A typical named stream attached to a downloaded file is called “Zone.Identifier”. The stream contains metadata regarding the downloaded file.

© PA Knowledge Ltd | 7Safe Training
This article is from the free online

Introduction to Digital Forensics: Malware Analysis and Investigations

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education