Skip main navigation

New offer! Get 30% off one whole year of Unlimited learning. Subscribe for just £249.99 £174.99. T&Cs apply

File size

Article detailing how malware can blend into your computer system by changing it's file size.

File size

A file actually has two different sizes. The first relates to the size of the file itself, referred to as the logical size, i.e., how big the file is. The second size relates to how much space has been allocated to the file on the actual disk, referred to as the physical size. The disk size allocated to a file will be larger than the logical size. The size of a file on disk actually relates to the the formatting of the file system being used that is to say, how many sectors per cluster.

It should be noted that depending on the file type, any malware code written to a file might not actually increase the logical or physical size of that file.

Additional information…

Files saved to the NT File System can also have more than one content. This additional content is known as an alternate data stream (ADS) or named stream. Such streams are not navigable via Windows Explorer nor does the logical or physical size of any such file containing an ADS change. Don’t worry though, antivirus solutions today scan named streams for malicious code – phew!

A directory on the NT File System is also treated as a file. Therefore a directory can also have content i.e., a named stream attached to it! All such streams need to be named so that the content can be called and accessed accordingly. You can view any named streams by utilizing console tools such as Command Prompt and PowerShell. Third party tools are also available.

Want to see some streams on your Windows computer? Open your Command Prompt and navigate to your Downloads folder. Providing you have downloaded content from the Internet previously type Dir /r to view content. A typical named stream attached to a downloaded file is called “Zone.Identifier”. The stream contains metadata regarding the downloaded file.

© PA Knowledge Ltd | 7Safe Training
This article is from the free online

Introduction to Digital Forensics: Malware Analysis and Investigations

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now