How can the `vshadow` tool be obtained, and why is it useful in penetration testing?

The `vshadow` tool is not included by default in Windows; it can be obtained from the Microsoft Windows SDK (e.g., version 7.2 for Server 2003/XP, or SDK for Server 2008 R2/7). It is useful because it allows manual creation of Volume Shadow Copies from the command line, enabling attackers to either copy locked files (like NTDS.dit) or launch binaries that disappear after deletion of the shadow copy and symbolic link.