A Group of Cyber Security Specialists
Header

Shadow 3

Shadow3 ForensicThe Shadow Paradigm

Re-think standard forensic practices, make the shift to The Shadow Paradigm. View suspect computers at the scene of the investigation in real time without prior need to image hard drives and without the need for clumsy virtual viewing software; all with absolutely no risk of corrupting the evidence.

Uses

Operate and investigate suspect hard drive (HDD) in the field at the crime scene in minutes, prior to imaging. With ever increasing HDD sizes the time savings in prioritizing the order of HDDs to image or even eliminating the need to image certain HDDs at a multi HDD capture site becomes paramount.

  • Investigate and analyze suspect HDD again and again in the forensics lab – in seconds, without re-imaging.
  • View evidence in its native environment, just as the suspect would see it.
  • In the courtroom – present evidence comprehensible to lay persons on the suspect’s own computer.
  • Present evidence to suspect in effort to gain guilty plea before the suspect has a chance to get “lawyer-ed up.”
  • Use Shadow defensively too. When illicit activity such as overnight downloading sensitive files is suspected, use Shadow to verify the activty and preserve the timestamps.


This completely unique and patented forensic tool allows you to boot and run a suspect computer on the spot and in minutes without compromising evidence – no drive imaging required. Run all applications, upload forensics software, operate suspect’s customized programs, present evidence in its native environment and ensure easy comprehension by laypersons. Works with all operating systems: Macintosh, Linux, Unix, Microsoft (from DOS to Windows 8). Eliminate software or hardware incompatibility issues between the investigator’s computer and the suspect computer commonly introduced in virtual viewing environments. Guarantee suspect hard drive is forensically preserved with built-in hardware write-blocker . . . not one bit is altered!

The Shadow provides read/write access from the host computer’s perspective, while maintaining the original HDD unchanged and forensically sound. The Shadow redirects all writes to its internal drive, at the host-to-drive interface level. Clear (‘zero’) the Shadow’s drive at anytime and begin a clean investigation of the suspect computer within seconds.

Simply connect the Shadow and turn it on, after a few seconds (green light) boot the suspect computer. Operate the suspect computer in the same fashion as any user would. The Shadow ensures the suspect computer never receives a write and remains forensically sound. Since the Shadow only writes to its own internal drive, when it is removed the suspect computer remains in this pristine, unaltered state.

For Use By

  • District Attorneys/Prosecutors
  • Defense Attorneys
  • Computer Forensics Expert Witnesses
  • Federal, State & Local Law Enforcement Agencies
  • Private Investigators
  • Computer Forensics Examiners
  • Cyber-crime First Responders
  • Cyber-crime Investigators
  • Computer Forensics Labs

Other Known Uses

  • The study of viruses and how they affect computers.
  • Try out an install before committing to it.
  • Try out Windows Registry cleanup/editing before committing to it.
  • Use Shadow on your boot drive while connecting a questionable external drive to protect vs. viruses.