Voom Shadow 3 User manual
Voom Shadow 3™
User Guide
Portable Computer Forensic Test Lab
For Immediate Real-Time Computer
Investi ation
Voom Shadow 3™ User Guide
Shadow 3 is a registered trademark of Voom Technologies, Inc.
All other brand names, product names, and compan names in this document
are trademarks or registered trademarks of their owners.
Third Edition
2 August 2018
(Based on the Shadow 3 v1-04 release)
NOTICE OF PROPRIETARY RIGHTS
The equipment described herein including hardware, firmware, and
software is manufactured from designs that are the propert of Voom
Technologies, Inc.
Reproduction or reverse engineering of an part of this equipment
without express written permission of Voom Technologies, Inc. is
prohibited.
Cop right © 2004-2018 Voom Technologies, Inc.
All Rights Reserved
Printed in U.S.A.
Shadow 3 is designed, developed, and manufactured in the USA.
Voom Technolo ies, Inc.
1000 Westgate Dr Suite 150-I
St. Paul, MN 55114
Telephone 651-998-1618
Voom Technologies, Inc. © 2004-2018 Proprietar www.voomtech.com
Table of Contents
1 Information..........................................................................................1
1.1 Patents...........................................................................................................1
1.2 Technical Documentation.............................................................................1
1.3 Data Protection.............................................................................................1
2 Technical Support..............................................................................2
2.1 Support by Telephone..................................................................................2
2.2 Support by E-Mail.........................................................................................2
2.3 Technical Support Tips.................................................................................2
3 Preface................................................................................................3
3.1 Product Contents..........................................................................................3
3.2 System Requirements..................................................................................3
3.3 Overview........................................................................................................3
3.4 Definitions.....................................................................................................5
3.4.1 General.........................................................................................................................5
3.4.2 Shadow.........................................................................................................................5
4 Shadow Setup..................................................................................... 6
4.1 Sin le Hard Drive System............................................................................6
4.2 Multiple Hard Drive System.........................................................................8
4.2.1 Use Multiple Shadows................................................................................................8
4.2.2 Use Third Party Write Blockers.................................................................................8
4.3 Operatin the Host Computer......................................................................8
5 Command Description.......................................................................9
5.1 Zero Shadow Command...............................................................................9
5.2 Wipe Shadow Command..............................................................................9
5.3 Park Drives Command..................................................................................9
5.3.1 Spin Drives Command................................................................................................9
5.4 Lock Shadow Command..............................................................................9
Voom Technologies, Inc. © 2004-2018 Proprietar www.voomtech.com
5.5 To le Ctrl Blk Command............................................................................9
6 Button Interface................................................................................11
6.1 Zero Shadow Procedure.............................................................................12
6.2 Wipe Shadow Procedure............................................................................12
6.3 Park Drives Procedure...............................................................................13
6.4 Lock Shadow Procedure............................................................................13
6.5 To le Ctrl Blk Procedure..........................................................................14
7 Serial Interface..................................................................................15
7.1 Zero Shadow Procedure.............................................................................16
7.2 Wipe Shadow Procedure............................................................................16
7.3 Park Drives Procedure...............................................................................16
7.3.1 Spin Drives Procedure..............................................................................................17
7.4 Lock Shadow Procedure............................................................................17
7.5 To le Ctrl Blk Procedure..........................................................................17
8 Shadow Internal Hard Drive Replacement.....................................18
8.1 Step 1 - Internal Hard Drive Removal........................................................18
8.2 Step 2 - Internal Hard Drive Installation....................................................18
8.3 Step 3 – Internal Hard Drive Introduction.................................................19
9 Warranty............................................................................................20
9.1 Limited Warranty.........................................................................................20
9.2 Warranty Return Instructions....................................................................21
10 Specifications.................................................................................22
10.1 CE...............................................................................................................22
10.2 FCC Exemption.........................................................................................22
Voom Technologies, Inc. © 2004-2018 Proprietar www.voomtech.com
1 Information
1.1 Patents
Shadow 3 is protected b patent number US 6,345,346; other patents pending.
1.2 Technical Documentation
Specifications and information contained in this manual are furnished b Voom
Technologies, Inc. for informational use onl and are subject to change at an
time without notice and should not be construed as a commitment b Voom
Technologies, Inc. Voom Technologies, Inc. assumes no responsibilit or liabilit
for an errors or inaccuracies that ma appear in this manual; including the
products, firmware and included accessories.
1.3 Data Protection
The user must be aware that an improper s stem configuration can lead to data
corruption. Please read the Shadow Setup chapter of this manual carefull
before attempting to investigate a suspect computer. Voom Technologies, Inc. is
not responsible for an loss of data resulting from the use, disuse or misuse of
this product.
1
Voom Technologies, Inc. © 2004-2018 Proprietar www.voomtech.com
2 Technical Support
2.1 Support by Telephone
Technical support is available to registered owners of Voom Technologies, Inc.
products b telephone Monda through Frida 8:00am to 4:00pm, Central Time
Zone at 651-998-1618.
2.2 Support by E-Mail
Voom Technologies, Inc. technical support is available b e-mail at
2.3 Technical Support Tips
Call from a telephone where ou have access to our computer. Please be
prepared to provide the following information:
●Name, telephone number, e-mail address
●Serial Number and version of the Voom Shadow product
●Make and model of our computer
●Operating s stem and version
●S mptoms of the problem
2
Voom Technologies, Inc. © 2004-2018 Proprietar www.voomtech.com
3 Preface
3.1 Product Contents
1 Voom Shadow 3 S stem
1 DC power cable (Shadow to suspect hard drive)
1 0.5m SATA Cable (Used for all configurations)
1 Auto-ranging AC Power Suppl
1 Standard serial interface cable
1 User Guide
SATA Laptop Adapter Kit:
1 SATA Extension Cable
IDE Adapter Kit:
1 IDE to SATA Adapter
1 SATA to IDE Adapter
3.2 System Requirements
The Voom Shadow 3 product is designed to operate on computers that boot from
a SATA hard drive. Shadow 3 supports drives of sizes up to 2 TB. For
computers with multiple hard drives, a separate Shadow 3 unit is required for
each hard drive. Via a IDE to SATA adapter Shadow 3 ma support PATA/IDE
hard drives. A separate IDE bus is required for each IDE drive to be shadowed.
3.3 Overview
The investigation of a computer hard drive is often a ver time consuming
process. Because it is absolutel essential that the evidence on a suspect hard
drive not be altered in an wa , investigation and anal sis of the data on the hard
drive is often times done in a lab environment.
Imagine if ou could boot and use the suspect computer all the while preventing
an alteration of the suspect hard drive. Voom Shadow 3 is an investigative tool
that is designed to enable investi ation of the hard drive in place inside the
suspect computer, while preventing an alteration of the hard drive during the
investigation.
Here’s how it works. After connecting a Shadow 3 s stem to each hard drive on
the suspect computer, the investigator will use the suspect computer to search
the contents of the hard drive(s) using an software tool alread on the computer,
including Word, Excel, File Browsers, Internet and Email browsers, picture
viewers etc... as well as view internet histor , last files accessed, last files altered
– all b simpl using the tools on the suspect computer. Investi ators may also
3
Voom Technologies, Inc. © 2004-2018 Proprietar www.voomtech.com
install any forensic software they choose to assist in the investi ation.
With Shadow, all writes that occur during the investigative process are written to
the internal Shadow hard drive. The suspect hard drive is not altered in an wa
during the investigative process.
S stem operating integrit is maintained because the Shadow remembers where
the writes occurred, and reads from the Shadow drive whenever the suspect
computer reads data from a block that the Shadow has written.
4
Voom Technologies, Inc. © 2004-2018 Proprietar www.voomtech.com
3.4 Definitions
3.4.1 General
AHCI: Advanced Host Controller Interface. Defines the operation of Serial ATA
host bus adapters in a non-implementation-specific manner. This interface is the
native interface for SATA.
Applications: Software programs such as Microsoft Word.
Boot Partition: The C:\ partition is commonl the boot partition that contains the
operating s stem. Man computers are set up with just one C:\ partition.
Remaining hard drive space, if an , is unallocated.
Ctrl: The ke board control ke .
HD or HDD: Hard Drive, also called the Hard Disk Drive.
Jumper: Refers to the hard drive jumper located at the back of the hard drive.
This jumper configures the hard drive as a slave or master hard drive based on
the number of hard drives used and the hard drive cable used.
Host Computer: The computer the Suspect/Source hard drive is located in.
Master Hard Drive: A IDE hard drive that is configured as master through
jumper setting or cable select connection.
Motherboard: The main computer circuit board, sometimes called the
mainboard.
OS: Refers to the Operating S stem. Examples include Microsoft Windows
2000 Professional and Microsoft Windows XP Home.
Partition: Partitions can be created on a hard drive so that each partition acts
like a separate hard drive. In Microsoft Windows, partitions are commonl
referred to as drive letters, such as C:\.
Slave Hard Drive: A IDE hard drive that is configured as slave through jumper
setting or cable select connection.
GB: Gigab te: 1000000000 b tes.
MB: Megab te: 1000000 b tes.
KB: Kilob te. 1024 b tes.
3.4.2 Shadow
Locked: When Shadow is locked, all writes to the Shadow hard drive are
blocked – this in effect causes the Shadow to act as a traditional write blocker.
Disabled: The Shadow reports Shadow disabled when an error has
occurred, such as when a cable is not connected properl ; a cable is damaged,
or an other event that causes the Shadow to be unable to operate.
Zero: This term applies to zeroing the Shadow hard drive – that is, to make the
Shadow forget about an previous writes.
5
Voom Technologies, Inc. © 2004-2018 Proprietar www.voomtech.com
4 Shadow Setup
This chapter describes how to connect the Shadow 3 to a computer s stem.
Caution for multiple hard drive systems:
Shadow 3 prevents data from being written to a
single computer hard drive. If more than one
hard drive is used in a suspect computer, then
please refer to the Multiple Hard Drive System
section.
4.1 Sin le Hard Drive System
This section describes how to connect Shadow to a standard SATA s stem.
Please use the picture on the next page as a reference during setup.
Step 1: Suspect Computer Preparation
1. Disconnect the computer AC power cable, and remove the computer
cover.
2. Disconnect the DC power cable from the suspect hard drive.
3. Disconnect the SATA cable from the suspect hard drive. Leave it
connected to the motherboard.
Step 2: Shadow Setup
1. Connect the SATA cable that was disconnected from the hard drive in
Step 1-3 to the Shadow 3 port labeled “Motherboard”.
2. Connect one end of the Voom supplied SATA cable to the Shadow 3
port labeled “Suspect Drive,” and connect the other end to the suspect
hard drive.
3. Connect the Voom supplied DC power cable from the Shadow 3 to the
Suspect drive.
4. Plug the Voom supplied AC adapter between the Shadow 3 and an AC
power outlet. (Not shown in picture.)
5. Reconnect the suspect computer AC power.
6. Turn on the Shadow 3.
7. Once the Shadow 3 is turned on and reports ready the suspect
s stem ma be booted.
6
Table of contents
