The Shadow 2 is a patented computer hardware device that is designed to aid the investigation of a computer's hard drive. It provides investigators with read write access from the host computer's perspective, while maintaining the original hard drive unchanged.
The Shadow actually redirects all writes to the Shadow 2, at the host-to-drive physical interface level. At any time, the investigator can 'Zero' the Shadow, thus forgetting all writes that occurred to the Shadow 2, which allows the investigator to begin again after only a few seconds.
One of the primary benefits of the Shadow is that it enables an investigator to boot and view a suspect's system on site, without threat of altering the evidence on the boot drive. You have the ability to install investigative tools to examine the suspect drive without ever changing the original. Boot and view the suspect system just as the suspect sees it.
Uses
Preview a drive prior to imaging in the field.
As an investigative tool, boot the suspect client and connect to their network.
Repeatable clean investigation of a suspect computer from the operating system perspective.
Lab tool to view the suspect system again and again, in seconds, without reimaging.
Can use multiple Shadows in a single system to view all hard drives in a single computer safely Enable investigators, juries and judges to see first hand what the suspect sees, without damaging or altering evidence.
