Advanced Evimetry Forensic Acquisition: Allocated, Non-Linear Partial, and Live Images
This free course covers advanced forms of disk imaging that can be invaluable in cases where acquiring large amounts of unused disk space is not ideal, and where only certain file types are needed when you need to collect data from a live system.
Additionally, in this course we cover options for pulling or pushing the Evimistry live collection agent directly from the my.evimetry.com website to a running computer. We walk through each of these scenarios step-by-step using all the Evimetry tools.
- Before any forensic acquisition you must document the evidence
- See my Cybrary course: “Evidence Handling: Do it the Right Way”
- See my Cybrary course: “Basic Evimetry Deadboot Forensic Acquisition: Wired & Local”
- Get a full featured, evaluation copy of Evimetry (Link found in Syllabus)
- Internet connected computer
- An “evidence” computer or drive
- A USB thumbdrive for dead booting
- A network
- A DHCP source
- A storage drive (USB3 External)
By the end of this course, students should be able to:
- Create an Evimetry Allocated-Only Forensic Image
- Create an Evimetry Non-Linear Partial Forensic Image (File-Type Image)
- Create an Evimetry Live Forensic Image of a Windows Target System
- Examine the Downloadable Pull & Push Evimetry Live Agents
Industry leader in digital evidence collection and forensics.
Complete this entire course to earn a Advanced Evimetry Forensic Acquisition: Allocated, Non-Linear Partial, and Live Images Certificate of Completion
This course is our first in a series introducing Evimetry for forensic data acquisitions. We ...
In this free course we will explore how to use the temporarily licensed, Evimetry Dongle-less ...