Advanced Evimetry Forensic Acquisition: Allocated, Non-Linear Partial, and Live Images
Advanced disk imaging is invaluable when it’s not ideal to acquire large amounts of unused disk space. Data forensics professional, Bryan Dykstra, shows how to create Evimetry allocated, non-linear partial, and live images. Digital forensics professionals and incident responders can benefit from this scenario-based forensic acquisition course.
Additionally, in this course we cover options for pulling or pushing the Evimistry live collection agent directly from the my.evimetry.com website to a running computer. We walk through each of these scenarios step-by-step using all the Evimetry tools.
- Before any forensic acquisition you must document the evidence
- See my Cybrary course: “Evidence Handling: Do it the Right Way”
- See my Cybrary course: “Basic Evimetry Deadboot Forensic Acquisition: Wired & Local”
- Get a full featured, evaluation copy of Evimetry (Link found in Syllabus)
- Internet connected computer
- An “evidence” computer or drive
- A USB thumbdrive for dead booting
- A network
- A DHCP source
- A storage drive (USB3 External)
By the end of this course, students should be able to:
- Create an Evimetry Allocated-Only Forensic Image
- Create an Evimetry Non-Linear Partial Forensic Image (File-Type Image)
- Create an Evimetry Live Forensic Image of a Windows Target System
- Examine the Downloadable Pull & Push Evimetry Live Agents
Industry leader in digital evidence collection and forensics.
Complete this entire course to earn a Advanced Evimetry Forensic Acquisition: Allocated, Non-Linear Partial, and Live Images Certificate of Completion