- Improve the coverage of shadow copy recovery.
- Cut the time and cost of recovering shadow copies.
- Add more value for the client.
- Extract what you want with a user friendly interface
- No need to create a virtual machine of an acquired Win7 image to extract Shadow Copies
- No need to do hacks like mklink+robocopy to extract Shadow Copies
*Microsoft .Net 4.0 Framework
"Standard" is free and will remain free. Value add features will likely be bundled in to a non free version in the future.
I have tested on Windows7 x64. As a new tool I hope you will send bug reports and check ShadowKit against your current tools/process and send me feedback! Thanks
Hundreds of hours of research, tinkering, coding and various articles have made it possible to create this tool. I hope to add more links in short order.
*Some write-ups on the Windows Incident Response blog stoked my interest and started my journey to find a better way to get at shadows.
*ShadowExplorer showed it could be done. I just wanted to make an interface tailored for forensics with more features.
*MSDN is a great resource.