Skip to content
/ ShadowTrace Public

ShadowTrace is a safe, evidence-based forensic correlation tool for Windows systems. It is designed to reconstruct execution history, inventory files, and identify suspicious patterns in a fully transparent, non-invasive, and legal manner.

discord.gg/pkBDtqQHMe

License

View license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

inset777/ShadowTrace

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
Inset777-ShadowTrace.7z
Inset777-ShadowTrace.7z
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
inquiries.md
inquiries.md
 
 

Repository files navigation

ShadowTrace – Inset777

ShadowTrace is a safe, evidence-based forensic correlation tool for Windows systems.
It reconstructs execution history, inventories files, and identifies suspicious patterns in a transparent, non-invasive, and legal manner.
This tool is intended for administrative auditing and forensic analysis only.Designed for administrative auditing, security research, and fair-play enforcement, providing insights for review and investigation only. I updated my old version from 2024 and published it

How to Use

1. Place the Script

  • Navigate to your main Windows drive (usually C:\).
  • Go to C:\Users\<Administrator> (replace <Administrator> with your admin account folder).
  • Place the ShadowTrace.ps1 script in this folder.

2. Run PowerShell as Administrator

  • Right-click PowerShellRun as Administrator.

3. Set Execution Policy

  • This allows the script to run temporarily.
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
# Press "Yes to All" when prompted

4. Run the Script

.\ShadowTrace.ps1

5. View the Automated Reports

  • The script automatically creates an output folder in the same location, for example:
    Inset-ShadowTrace_635099da-608e-4f80-a286-d879d938045a
  • Inside this folder, you will find all generated reports:
    • forensic_log.txt
    • forensic_findings.txt
    • drivercheck.txt
    • datchecker.txt
    • reviewer_notes.txt
    • confidence_explanation.txt
    • evidence_heatmap.txt
    • LICENSE.txt

License

This product is proprietary and fully licensed to INSET.
All rights reserved.

Restrictions:

  • Do not copy, distribute, sell, or create derivative works from this script.
  • Use is limited to legal auditing and forensic review only.

Important Notes

  • Always run as administrator for full functionality.
  • The tool is non-invasive and does not modify system files or memory.
  • Do not move or modify the output folder while the script is running.

Tips

  • Keep your PowerShell execution policy set to bypass temporarily only for running this tool.
  • Review the generated reports carefully—this tool provides insights, not verdicts.
  • The evidence heatmap helps visualize suspicious activity over time.

Quick Copy Commands

  • Copy and paste the following directly into PowerShell:
# Set execution policy temporarily
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
# Run INSETCHECKER
.\ShadowTrace.ps1

About

ShadowTrace is a safe, evidence-based forensic correlation tool for Windows systems. It is designed to reconstruct execution history, inventory files, and identify suspicious patterns in a fully transparent, non-invasive, and legal manner.

discord.gg/pkBDtqQHMe

Topics

game scanner forensics anti-cheat

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published