Ready to Start Your Career?

Advanced Evimetry Forensic Acquisition: Allocated, Non-Linear Partial, and Live Images Course Review

Hugh Shepherd's profile image

By: Hugh Shepherd

May 20, 2021

In this course, Cybrary instructor Brian Dykstra, CEO of Atlantic Data Forensics, discusses advanced forms of disk imaging using Evimetry. As mentioned in the course lecture, advanced forms of disk imaging are extremely beneficial in cases where the forensic process will not require a full disk image. Also, it is useful in situations where only certain file types will be collected from a live system.

The course is straightforward and concise. The instructor provides a nice mix of lecture and on-screen “lab” walkthrough of the processes discussed. The processes are explained well, seem easy to conduct, and are relatively fast. Overall, this is an extremely informative course that provides very insightful and practical lessons on using Evimetry to conduct advanced forensic acquisition procedures. Even though it is a short course, quite a lot of material is covered. Nevertheless, the instructor proceeds at a pace that is very conducive to learning. He seamlessly progresses through the modules and keeps it so interesting that the course is over before you even know it.

This is an advanced-level course that provides 48 minutes of instruction (1 CEU/CPE). But this course is primarily intended for Computer Forensics professionals, Incident Responders, and Information Technology professionals in general. Even though this is an advanced-level course, anyone interested in computer forensics, the digital aspects of investigations, incident response, and the Evimetry product itself will benefit from this course. Additionally, the following prerequisites are recommended for the course:

  • Before any forensic acquisition, you must document the evidence. You have one chance to do this.
  • Reference the following Cybrary courses: “Evidence Handling: Do it the Right Way” and “Basic Evimetry Deadboot Forensic Acquisition: Wired & Local.”
  • A full-featured evaluation copy of Evimetry available at https://my.evimetry.com/enquiry/eval/
  • This is recommended to help with the learning process. It is imperative to follow along.
  • As a bonus, a link to an in-depth presentation by the founder of Evimetry, Dr. Bradley Schatz, titled “Advanced Acquisition & Live Analysis with the AFF4,” is included course syllabus. This supplemental material on the AFF4 is an excellent resource full of information on the framework and can help further knowledge on advanced forensics.
Start The "Advanced Evimetry Forensic Acquisition" Course Today >>

In addition to the prerequisites above, the following materials are also recommended to benefit from the course fully:

  • An Internet-connected computer
  • An “evidence” computer or drive
  • USB thumb drive for dead booting
  • An available network
  • DHCP source
  • Storage drive (USB3 External)

By the end of the course, students will have gained a general understanding of how to:

  • Create an Evimetry Allocated-Only Forensic Image in which you collect the necessary files and operating systems without having the blank space.
  • Create an Evimetry Non-Linear Partial Forensic Image (also referred to as a File-Type Image) and learn how to edit file type choices so that you can make custom file type queries.
  • Create an Evimetry Live Forensic Image of a Windows Target System in addition to learning how this process is different on a Mac or Linux system.
  • Examine the Downloadable Pull & Push Evimetry Live Agents and how to use them on a PC to collect digital evidence across the network for more convenience.

Cybrary offers numerous other learning resources related to information technology and related disciplines like digital forensics. You can explore and sign-up for these learning resources on the Cybrary website. Listed below are just a few related resources available on the Cybrary website:

  • Computer Hacking and Forensics

https://www.cybrary.it/course/computer-hacking-forensics-analyst/

  • Everyday Digital Forensics

https://www.cybrary.it/course/everyday-forensics/

  • Evidence Handling: Do it the Right Way

https://www.cybrary.it/course/evidence-handling-do-it-the-right-way/

  • Computer Forensics File Formats: Why you Should be Using AFF4

https://www.cybrary.it/course/computer-forensics-file-formats-why-you-should-be-using-aff4/

  • Evimetry: Interview with Dr. Bradley Schatz

https://www.cybrary.it/course/evimetry-interview-with-dr-bradley-schatz/

Schedule Demo