Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
Shadow v1.0 User Guide SECRET
more direct control over. Otherwise, Shadow will not function with no drives to utilize and
send packets.
3.4 (U) Post-deployment
• (S) To post-process the collected Shadow data, you must use the Shadow Postprocessor.
This will take multiple files, and an output folder-- It will then create a directory with the
packet's origination ID, then a directory containing the date-time stamp of collection, then the
collected files in the same directory structure as they were collected or the directory/survey
collects.
• (S) It's possible that some packets were lost or not transported along with this drive, in
which case, the files will have missing chunks- In a hex viewer, you will see
*MISSING_CHUNK* for the data that's missing. If these packets are later received, they
will fill this missing data provided you give the postprocess the same output folder.
SECRET
5