ShadowKit


ShadowKit is a tool to aid in the recovery of Windows Volume Shadow Copy files in Windows7.  The pain and time involved in recovering shadow copy files made it clear a better way was needed. A lot of hard work and testing has gone in to making this tool. I hope you like it.

Project Goals
  • Improve the coverage of shadow copy recovery.
  • Cut the time and cost of recovering shadow copies.
  • Add more value for the client.

Advantages
  • Extract what you want with a user friendly interface
  • No need to create a virtual machine of an acquired Win7 image to extract Shadow Copies
  • No need to do hacks like mklink+robocopy to extract Shadow Copies



REQUIREMENTS:
*Microsoft .Net 4.0 Framework
*Administrator privileges


DOWNLOAD
-changelog

Download ShadowKit

LICENSE
"Standard" is free and will remain free. Value add features will likely be bundled in to a non free version in the future.

DISCLAIMER
I have tested on Windows7 x64. As a new tool I hope you will send bug reports and check ShadowKit against your current tools/process and send me feedback! Thanks

ACKNOWLEDGEMENTS
Hundreds of hours of research, tinkering, coding and various articles have made it possible to create this tool. I hope to add more links in short order.
*Some write-ups on the Windows Incident Response blog stoked my interest and started my journey to find a better way to get at shadows.
*ShadowExplorer showed it could be done. I just wanted to make an interface tailored for forensics with more features.
*MSDN is a great resource.

2 comments:

  1. This comment has been removed by the author.

    ReplyDelete

  2. This comment has been removed by a blog administrator.

    ReplyDelete

Subscribe to: Posts (Atom)