Vshadow (vshadow.exe) is a command line utility for managing volume shadow copies included within the Windows SDK and signed by Microsoft. It allows for executing scripts and invoking commands in support of volume shadow snapshot management, which can be abused for privileged-level evasion, persistence, and file extraction. The tool supports the -exec parameter for executing binaries or scripts without command arguments.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
TestDisk is a free data recovery software that can recover lost partitions and undelete files from various file systems.
A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.
A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.
A library for accessing and parsing Microsoft Internet Explorer cache files (index.dat) to extract URLs, timestamps, and cached content for digital forensic analysis.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
Zenduty's platform provides real-time operational health monitoring and incident response orchestration to improve incident response times and build a solid on-call culture.
Free software for extracting Microsoft cabinet files, supporting all features and formats of Microsoft cabinet files and Windows CE installation files.
A library to access FileVault Drive Encryption (FVDE) encrypted volumes on Mac OS X systems.