Basic Evimetry Deadboot Forensic Acquisition: Wired and Local
Evimetry is a digital forensics tool that allows you to acquire digital evidence as part of your incident response practices. In this Basic Evimetry Deadboot Forensice Acquisition: Wired and Local course, we walk you through creating a Deadboot dongle from a bootable thumb drive and creating a forensic image from the target computer.
In this course we will do the more common practice of creating a forensic image on the local computer but managing the entire process across a CAT6 network from the Evimentry Windows Controller. We’ll also revisit writing our forensic images to “blessed” storage media.
- Before any forensic acquisition you must document the evidence
- See my Cybrary course: “Evidence Handling: Do it the Right Way”
- See my Cybrary course: “Introduction to the Evimetry Controller”
- Internet connected computer
- An evaluation copy of Evimetry
- An “evidence” computer or drive
- A CAT5 or CAT6 wired network
- A DHCP source
- A storage drive (USB3 External)
By the end of this course, students should be able to:
- Create an Evimetry Deadboot USB dongle
- Deadboot a target computer for Evimetry Acquisition
- Use the Evimetry License Dongle to perform a local acquisition from the Deadboot dongle
- Utilize the Evimetry Deadboot USB dongle and Evimetry Controller to manage a forensic acquisition across a wired network
Industry leader in digital evidence collection and forensics.
Complete this entire course to earn a Basic Evimetry Deadboot Forensic Acquisition: Wired and Local Certificate of Completion
In this course we will look at forensic collection of fully encrypted Windows and Mac ...
This free course covers advanced forms of disk imaging that can be invaluable in cases ...