NTFS Alternate File Streams

On NTFS, a file can be composed of multiple strams. One stream is used for actual file data and is created by default, whereas the alternate streams can be used for anything else, such as storing a description of the file or storing search words.

You can insert data into an alternate stream as follows.

C:\> echo "Evil Data" > mydoc.txt:AttackerStream:$DATA

Adopted from the book Assessing Network Security by Ben Smith, David LeBlanc, Kevin Lam.