Forensic Shadow Image Analysis

Immediate forensic investigation, on site or in the lab.  Boot and operate a suspect computer without changing the (hard drive) evidence.

  • Boot and operate Windows, Linux, Mac: any operating system

  • Run any application on suspect computer

  • Operate DVR’s and game consoles that boot SATA drives

  • Works with SATA and IDE hard drives and SSD’s

  • Investigate RAID systems (with one Shadow per drive)

  • Field Triage

  • Field Investigation

  • Lab Triage

  • Lab Investigation

  • Minutes to connect, investigate without limits

  • Present live in court, or produce print/video/screen shots directly from suspect computer – intuitive evidence presentation

  • Accepted in court

  • Confront suspect/defendent with powerful direct evidence before (or after) they get “lawyered up”

  • Immediate evidence/intelligence gathering

  • Allows suspect PC to decrypt data in many cases

  • Retains state of the computer between reboots, or ‘zero’ the Shadow to begin anew or to demonstrate repeatability of evidence gathering

  • Installs between the motherboard and hard drive.  Turn on the Shadow, wait a few seconds for ‘Ready’, then boot and operate suspect computer

  • Works with boot drives and secondary drives

Direct evidence is the best evidence.  See what the suspect sees, show to the judge, jury, prosecutor exactly what the suspect sees.