Voom Shadow 3 User manual

Voom Shadow 3™

User Guide

Portable Computer Forensic Test Lab

For Immediate Real-Time Computer

Investi ation

Voom Shadow 3™ User Guide

Shadow 3 is a registered trademark of Voom Technologies, Inc.

All other brand names, product names, and compan names in this document

are trademarks or registered trademarks of their owners.

Third Edition

2 August 2018

(Based on the Shadow 3 v1-04 release)

NOTICE OF PROPRIETARY RIGHTS

The equipment described herein including hardware, firmware, and

software is manufactured from designs that are the propert of Voom

Technologies, Inc.

Reproduction or reverse engineering of an part of this equipment

without express written permission of Voom Technologies, Inc. is

prohibited.

Printed in U.S.A.

Shadow 3 is designed, developed, and manufactured in the USA.

Voom Technolo ies, Inc.

1000 Westgate Dr Suite 150-I

St. Paul, MN 55114

Telephone 651-998-1618

Table of Contents

1 Information..........................................................................................1

1.1 Patents...........................................................................................................1

1.2 Technical Documentation.............................................................................1

1.3 Data Protection.............................................................................................1

2 Technical Support..............................................................................2

2.1 Support by Telephone..................................................................................2

2.2 Support by E-Mail.........................................................................................2

2.3 Technical Support Tips.................................................................................2

3 Preface................................................................................................3

3.1 Product Contents..........................................................................................3

3.2 System Requirements..................................................................................3

3.3 Overview........................................................................................................3

3.4 Definitions.....................................................................................................5

3.4.1 General.........................................................................................................................5

3.4.2 Shadow.........................................................................................................................5

4 Shadow Setup..................................................................................... 6

4.1 Sin le Hard Drive System............................................................................6

4.2 Multiple Hard Drive System.........................................................................8

4.2.1 Use Multiple Shadows................................................................................................8

4.2.2 Use Third Party Write Blockers.................................................................................8

4.3 Operatin the Host Computer......................................................................8

5 Command Description.......................................................................9

5.1 Zero Shadow Command...............................................................................9

5.2 Wipe Shadow Command..............................................................................9

5.3 Park Drives Command..................................................................................9

5.3.1 Spin Drives Command................................................................................................9

5.4 Lock Shadow Command..............................................................................9

5.5 To le Ctrl Blk Command............................................................................9

6 Button Interface................................................................................11

6.1 Zero Shadow Procedure.............................................................................12

6.2 Wipe Shadow Procedure............................................................................12

6.3 Park Drives Procedure...............................................................................13

6.4 Lock Shadow Procedure............................................................................13

6.5 To le Ctrl Blk Procedure..........................................................................14

7 Serial Interface..................................................................................15

7.1 Zero Shadow Procedure.............................................................................16

7.2 Wipe Shadow Procedure............................................................................16

7.3 Park Drives Procedure...............................................................................16

7.3.1 Spin Drives Procedure..............................................................................................17

7.4 Lock Shadow Procedure............................................................................17

7.5 To le Ctrl Blk Procedure..........................................................................17

8 Shadow Internal Hard Drive Replacement.....................................18

8.1 Step 1 - Internal Hard Drive Removal........................................................18

8.2 Step 2 - Internal Hard Drive Installation....................................................18

8.3 Step 3 – Internal Hard Drive Introduction.................................................19

9 Warranty............................................................................................20

9.1 Limited Warranty.........................................................................................20

9.2 Warranty Return Instructions....................................................................21

10 Specifications.................................................................................22

10.1 CE...............................................................................................................22

10.2 FCC Exemption.........................................................................................22

1 Information

1.1 Patents

Shadow 3 is protected b patent number US 6,345,346; other patents pending.

1.2 Technical Documentation

Specifications and information contained in this manual are furnished b Voom

Technologies, Inc. for informational use onl and are subject to change at an

time without notice and should not be construed as a commitment b Voom

Technologies, Inc. Voom Technologies, Inc. assumes no responsibilit or liabilit

for an errors or inaccuracies that ma appear in this manual; including the

products, firmware and included accessories.

1.3 Data Protection

The user must be aware that an improper s stem configuration can lead to data

corruption. Please read the Shadow Setup chapter of this manual carefull

before attempting to investigate a suspect computer. Voom Technologies, Inc. is

not responsible for an loss of data resulting from the use, disuse or misuse of

this product.

2 Technical Support

2.1 Support by Telephone

Technical support is available to registered owners of Voom Technologies, Inc.

products b telephone Monda through Frida 8:00am to 4:00pm, Central Time

Zone at 651-998-1618.

2.2 Support by E-Mail

Voom Technologies, Inc. technical support is available b e-mail at

[email protected].

2.3 Technical Support Tips

Call from a telephone where ou have access to our computer. Please be

prepared to provide the following information:

●Name, telephone number, e-mail address

●Serial Number and version of the Voom Shadow product

●Make and model of our computer

●Operating s stem and version

●S mptoms of the problem

3 Preface

3.1 Product Contents

1 Voom Shadow 3 S stem

1 DC power cable (Shadow to suspect hard drive)

1 0.5m SATA Cable (Used for all configurations)

1 Auto-ranging AC Power Suppl

1 Standard serial interface cable

1 User Guide

SATA Laptop Adapter Kit:

1 SATA Extension Cable

IDE Adapter Kit:

1 IDE to SATA Adapter

1 SATA to IDE Adapter

3.2 System Requirements

The Voom Shadow 3 product is designed to operate on computers that boot from

a SATA hard drive. Shadow 3 supports drives of sizes up to 2 TB. For

computers with multiple hard drives, a separate Shadow 3 unit is required for

each hard drive. Via a IDE to SATA adapter Shadow 3 ma support PATA/IDE

hard drives. A separate IDE bus is required for each IDE drive to be shadowed.

3.3 Overview

The investigation of a computer hard drive is often a ver time consuming

process. Because it is absolutel essential that the evidence on a suspect hard

drive not be altered in an wa , investigation and anal sis of the data on the hard

drive is often times done in a lab environment.

Imagine if ou could boot and use the suspect computer all the while preventing

an alteration of the suspect hard drive. Voom Shadow 3 is an investigative tool

that is designed to enable investi ation of the hard drive in place inside the

suspect computer, while preventing an alteration of the hard drive during the

investigation.

Here’s how it works. After connecting a Shadow 3 s stem to each hard drive on

the suspect computer, the investigator will use the suspect computer to search

the contents of the hard drive(s) using an software tool alread on the computer,

including Word, Excel, File Browsers, Internet and Email browsers, picture

viewers etc... as well as view internet histor , last files accessed, last files altered

– all b simpl using the tools on the suspect computer. Investi ators may also

install any forensic software they choose to assist in the investi ation.

With Shadow, all writes that occur during the investigative process are written to

the internal Shadow hard drive. The suspect hard drive is not altered in an wa

during the investigative process.

S stem operating integrit is maintained because the Shadow remembers where

the writes occurred, and reads from the Shadow drive whenever the suspect

computer reads data from a block that the Shadow has written.

3.4 Definitions

3.4.1 General

AHCI: Advanced Host Controller Interface. Defines the operation of Serial ATA

host bus adapters in a non-implementation-specific manner. This interface is the

native interface for SATA.

Applications: Software programs such as Microsoft Word.

Boot Partition: The C:\ partition is commonl the boot partition that contains the

operating s stem. Man computers are set up with just one C:\ partition.

Remaining hard drive space, if an , is unallocated.

Ctrl: The ke board control ke .

HD or HDD: Hard Drive, also called the Hard Disk Drive.

Jumper: Refers to the hard drive jumper located at the back of the hard drive.

This jumper configures the hard drive as a slave or master hard drive based on

the number of hard drives used and the hard drive cable used.

Host Computer: The computer the Suspect/Source hard drive is located in.

Master Hard Drive: A IDE hard drive that is configured as master through

jumper setting or cable select connection.

Motherboard: The main computer circuit board, sometimes called the

mainboard.

OS: Refers to the Operating S stem. Examples include Microsoft Windows

2000 Professional and Microsoft Windows XP Home.

Partition: Partitions can be created on a hard drive so that each partition acts

like a separate hard drive. In Microsoft Windows, partitions are commonl

referred to as drive letters, such as C:\.

Slave Hard Drive: A IDE hard drive that is configured as slave through jumper

setting or cable select connection.

GB: Gigab te: 1000000000 b tes.

MB: Megab te: 1000000 b tes.

KB: Kilob te. 1024 b tes.

3.4.2 Shadow

Locked: When Shadow is locked, all writes to the Shadow hard drive are

blocked – this in effect causes the Shadow to act as a traditional write blocker.

Disabled: The Shadow reports Shadow disabled when an error has

occurred, such as when a cable is not connected properl ; a cable is damaged,

or an other event that causes the Shadow to be unable to operate.

Zero: This term applies to zeroing the Shadow hard drive – that is, to make the

Shadow forget about an previous writes.

4 Shadow Setup

This chapter describes how to connect the Shadow 3 to a computer s stem.

Caution for multiple hard drive systems:

Shadow 3 prevents data from being written to a

single computer hard drive. If more than one

hard drive is used in a suspect computer, then

please refer to the Multiple Hard Drive System

section.

4.1 Sin le Hard Drive System

This section describes how to connect Shadow to a standard SATA s stem.

Please use the picture on the next page as a reference during setup.

Step 1: Suspect Computer Preparation

1. Disconnect the computer AC power cable, and remove the computer

cover.

2. Disconnect the DC power cable from the suspect hard drive.

3. Disconnect the SATA cable from the suspect hard drive. Leave it

connected to the motherboard.

Step 2: Shadow Setup

1. Connect the SATA cable that was disconnected from the hard drive in

Step 1-3 to the Shadow 3 port labeled “Motherboard”.

2. Connect one end of the Voom supplied SATA cable to the Shadow 3

port labeled “Suspect Drive,” and connect the other end to the suspect

hard drive.

3. Connect the Voom supplied DC power cable from the Shadow 3 to the

Suspect drive.

4. Plug the Voom supplied AC adapter between the Shadow 3 and an AC

power outlet. (Not shown in picture.)

5. Reconnect the suspect computer AC power.

6. Turn on the Shadow 3.

7. Once the Shadow 3 is turned on and reports ready the suspect

s stem ma be booted.

Table of contents

Popular Test Equipment manuals by other brands

Ambit

Ambit P.F. Series instruction manual

Megger

Megger BMM500 Series user guide

RJG

RJG Lynx Sensor Tester operating instructions

Mark-10

Mark-10 TT02 Series user guide

Martel

Martel 3001 Operator's manual

ElproSys

ElproSys DiagProg4 instruction manual

Redtech

Redtech TRAILERteck T05 user manual

Venmar

Venmar AVS Constructo 1.0 HRV user guide

Test Instrument Solutions

Test Instrument Solutions SafetyPAT operating manual

Hanna Instruments

Hanna Instruments HI 38078 instruction manual

Kistler

Kistler 5495C Series instruction manual

Waygate Technologies

Waygate Technologies DM5E Basic quick start guide

StoneL

StoneL DeviceNet CK464002A manual

Seica

Seica RAPID 220 Site preparation guide

Kingfisher

Kingfisher KI7400 Series Training manual

Kurth Electronic

Kurth Electronic CCTS-03 operating manual

SMART

SMART KANAAD SBT XTREME 3G Series user manual

Agilent Technologies

Agilent Technologies BERT Serial Getting started