Alternate File Streams allows a user to embed hidden content within any NTFS file. That file can be a TXT file, or MOV for example. Some may consider this a form of steganography, and therefore the same auditing principals may apply. On the other hand, some applications such as Exchange and SMTP uses these streams extensively for legitimate purposes.
Do Alternate File Streams get any special treatment within your organisation?
What are the main reasons you would, or would not audit AFS file access?
If you scan for these files explicitly, what do you look for? How do you respond?