Field Collection
Connect media, run approved profiles, and process evidence where the work starts without rebuilding configurations.
Shadow and Shield · Shield 399
Shadow and Shield launches with Shield 399: a field-ready forensic toolkit, touchscreen appliance, and network dashboard for acquisition, sanitization, analysis, case work, and repeatable tool execution.
Technical users configure profiles once. Operators run approved work from the appliance. Tool execution, case activity, metrics, and results remain reviewable from the dashboard.
excuses
The motto came from the resilience that has been required to keep moving this project forward.
When something is hard, unknown, or frustrating; find a way. Reset, approach differently, persist, and figure it out.
"I don't know the first thing about touch screens and microcontrollers." Find a way. "I don't know how to have a case manufactured or edit 3D models." Find a way. "I can't figure out why the screen is locking up." Find a way. "I have tried for weeks and it's not working..." Find a way.
Why It Exists
Shield 399 came from deployed work where data collection and processing outpaced operator capacity and every tool added another setup burden.
Built For
Designed for teams that collect, process, review, and hand off digital evidence across field and lab environments.
Connect media, run approved profiles, and process evidence where the work starts without rebuilding configurations.
Review tool execution, hashes, file listings, keyword results, reports, and exports from the dashboard with case context attached.
Manage users, roles, organizations, cases, selected metadata sync, and repeatable tool access across controlled teams and deployments.
Core Capabilities
Eight capability areas operators actually use — configured by a technical user, executed from the appliance, and reviewable with case context. Each one has a deeper page when you need the scope, caveats, and outputs.
Image connected media to E01, Ex01, AFF4, DD/RAW, or Synthetic E01 with hashing, verification, destination spillover, and one-to-many cloning.
02 / SanitizeUse Wipe/Overwriter for drive wiping, verification, SSD-aware erase options, and sanitization records where the drive path supports it.
03 / AnalyzeUse keyword, regex, hash comparison, encryption indicators, filesystem context, and drive-health signals where exposed.
04 / ConvertHandle disk cloning, drive migration, and selected image-conversion capabilities from the same operating surface.
05 / ManageKeep cases, evidence records, assignments, reports, and exports tied to tool execution and operator activity.
06 / ExecuteSave tool profiles, queue jobs, track dependencies, use Quick Add, and review execution history where supported.
07 / SyncManage users, organizations, roles, permissions, and selected operational metadata across configured deployments.
08 / OperateUse the touchscreen, network or paired-device access, configured port roles, and hardware-aware system services.
Operations Dashboard
Authorized review on an approved local network. Case context, queue state, execution history, and exportable records are paired with the field unit.
Pre-release Access
Shadow and Shield is in active development and pre-release testing. Get product progress, launch details, and availability updates from daarc.