Phrozen ADS Revealer

Phrozen ADS Revealer is a legacy, free Windows security utility designed to scan and sanitize NTFS file systems against hidden data or malware concealed within Alternate Data Streams (ADS). Developed by Phrozen Software (a developer known for niche system monitoring and cybersecurity tools, distinct from the Phrozen 3D printing company), it provides a graphical interface to easily unearth data streams that are normally invisible to Windows File Explorer. Key Capabilities

Detects Hidden Malware: Malware authors frequently use Alternate Data Streams to hide malicious payloads or configuration files behind a completely legitimate-looking file (e.g., hiding an executable inside a simple .txt document) to evade basic security detection.

Identifies Bloated Content: Some programs write temporary data or metadata to data streams without cleaning them up, slowly eating away at hard drive capacity.

Mark of the Web (MoTW) Visibility: Windows uses ADS to apply the “Mark of the Web” flag to files downloaded from the internet. Phrozen ADS Revealer can show you exactly which files carry these parameters.

System Sanitization: It allows users to safely review the discovered streams and delete them to clean the file system without damaging the host file. Understanding Alternate Data Streams (ADS)

On Windows systems formatted with the NTFS file system, every file is built with a primary unnamed data stream (which contains the actual contents you see, like text or code). However, NTFS allows files to have additional, “named” streams attached to them. Because standard Windows tools don’t display these extra streams, they are a common hiding place for malicious activity or administrative metadata. Current Availability

Phrozen Software has discontinued active development on most of its standalone system utilities. However, the software can still be found archived on legacy tech repositories such as OlderGeeks or SnapFiles.

If you are using it for digital forensics or system triaging, it is highly recommended to run it alongside modern security solutions, as complex malware modernly relies on more sophisticated evasion tactics than standard ADS injection.

Are you looking to use this tool for a malware investigation, or are you trying to free up hidden storage space on a hard drive? Let me know, and I can walk you through the process or suggest modern alternatives!