Finding and reading alternate data streams (ADS) with PowerShell on an NTFS partition

AlternateDataStreams.md

To find all streams within file.txt: Get-Item .\file.txt -Stream *

PSPath        : Microsoft.PowerShell.Core\FileSystem::C:\file.txt::$DATA
PSParentPath  : Microsoft.PowerShell.Core\FileSystem::C:\
PSChildName   : file.txt::$DATA
PSDrive       : C
PSProvider    : Microsoft.PowerShell.Core\FileSystem
PSIsContainer : False
FileName      : C:\file.txt
Stream        : :$DATA
Length        : 176

PSPath        : Microsoft.PowerShell.Core\FileSystem::C:\file.txt:Zone.Identifier
PSParentPath  : Microsoft.PowerShell.Core\FileSystem::C:\
PSChildName   : file.txt:Zone.Identifier
PSDrive       : C
PSProvider    : Microsoft.PowerShell.Core\FileSystem
PSIsContainer : False
FileName      : C:\file.txt
Stream        : Zone.Identifier
Length        : 104

We can then view that second stream: Get-Content .\file.txt:Zone.Identifier

[ZoneTransfer]
ZoneId=3
ReferrerUrl=http://10.10.1.15:8000/
HostUrl=http://10.10.1.15:8000/file.txt

Delete the stream with: Remove-Item .\file.txt -Stream Zone.Identifier

Add other streams with: Set-Content .\file.txt:Dank.Memes -Value "All your base"