Criminally significant information stored in alternative data streams of the NTFS file system

Within the framework of the article, an attempt was made to gain new knowledge in criminology in terms of studying the essence and functioning of alternative data streams of the NTFS file system. The main objective of the study is to establish the sequence and content of the actions of the law enforcement officer to detect criminalistically significant information stored on electronic media by implementing the possibilities of studying the contents of alternative data streams of the NTFS file system. In the process of studying regulatory legal acts regulating relations in the field under study, law enforcement activities and legal and technical literature, the essence of alternative data streams of the NTFS file system was determined, as a method of storing criminally significant information. The informative aspect of the investigator’s activity on the detection of such information is presented. The features of the use of criminally significant information obtained in proving during the investigation of crimes committed using information and telecommunication technologies or in the field of computer information are established. The study concludes that one of the likely ways to conceal criminally significant information is to use alternative data streams of the NTFS file system. The use of knowledge about the considered technology as a potential effective way to detect traces (results) of a crime in the activities of law enforcement agencies is not excluded, however, this requires further study of this area, including by forensic scientists.