Re-think standard forensic practices, make the shift to The Shadow
Paradigm. View suspect computers at the scene of the investigation in
real time without prior need to image hard drives and without the need
for clumsy virtual viewing software; all with absolutely no risk of
corrupting the evidence.
Uses
- Operate and investigate suspect hard drive (HDD) in the field at the crime scene in minutes, prior to imaging.
With ever increasing HDD sizes the time savings in prioritizing the
order of HDDs to image or even eliminating the need to image certain
HDDs at a multi HDD capture site becomes paramount.
- Investigate and analyze suspect HDD again and again in the forensics lab - in seconds, without re-imaging.
- View evidence in its native environment, just as the suspect would see it.
- In the courtroom - present evidence comprehensible to lay persons on the suspect's own computer.
- Present evidence to suspect in effort to gain guilty plea before the suspect has a chance to get "lawyer-ed up."
- Use Shadow defensively too. When illicit activity such as overnight
downloading sensitive files is suspected, use Shadow to verify the
activty and preserve the timestamps.
This completely unique and patented forensic tool allows you to boot and
run a suspect computer on the spot and in minutes without compromising
evidence - no drive imaging required. Run all applications, upload
forensics software, operate suspect's customized programs, present
evidence in its native environment and ensure easy comprehension by
laypersons.
Works with all operating systems: Macintosh, Linux, Unix,
Microsoft (from DOS to Windows 7). Eliminate software or hardware
incompatibility issues between the investigator's computer and the
suspect computer commonly introduced in virtual viewing environments.
Guarantee suspect hard drive is forensically preserved with built-in
hardware write-blocker . . . not one bit is altered!
The Shadow provides read/write access from the host computer's
perspective, while maintaining the original HDD unchanged and
forensically sound. The Shadow redirects all writes to its internal
drive, at the host-to-drive interface level. Clear ('zero') the Shadow's
drive at anytime and begin a clean investigation of the suspect
computer within seconds.
Simply connect the Shadow and turn it on, after a few seconds (green
light) boot the suspect computer. Operate the suspect computer in the
same fashion as any user would. The Shadow ensures the suspect computer
never receives a write and remains forensically sound. Since the Shadow
only writes to its own internal drive, when it is removed the suspect
computer remains in this pristine, unaltered state.
For Use By
- District Attorneys/Prosecutors
- Defense Attorneys
- Computer Forensics Expert Witnesses
- Federal, State & Local Law Enforcement Agencies
- Private Investigators
- Computer Forensics Examiners
- Cyber-crime First Responders
- Cyber-crime Investigators
- Computer Forensics Labs
Other Known Uses
- The study of viruses and how they affect computers.
- Try out an install before committing to it.
- Try out Windows Registry cleanup/editing before committing to it.
- Use Shadow on your boot drive while connecting a questionable external drive to protect vs. viruses.
Accesories Included
Everything included with the Shadow 3 Portable Forensic Test Lab plus:
- 1 Aluminium Case with custom foam insert.