Course Content

Module 1: Introduction

1.1 Introduction

Module 2: Preparing for the Acquisition

2.1 Create an Evimetry Deadboot USB
2.2 Creating a Blessed Storage Drive
2.3 Two Methods of Deadboot Acquisition
2.4 Evimetry Deadboot Forensic Acquisition Tools

Module 3: Using Evimetry Deadboot for Forensic Acquisition

3.1 Evimetry Deadboot Operation: Getting Started
3.2 Acquisition Summary
3.3 Managing the Acquisition Process from the Controller

Module 4: Course Summary

4.1 Course Summary

Course Description


  • Before any forensic acquisition you must document the evidence
  • See my Cybrary course: “Evidence Handling: Do it the Right Way”
  • See my Cybrary course: “Introduction to the Evimetry Controller”
  • Internet connected computer
  • An evaluation copy of Evimetry
  • An “evidence” computer or drive
  • A CAT5 or CAT6 wired network
  • A DHCP source
  • A storage drive (USB3 External)

Course Goals

By the end of this course, students should be able to:

  • Create an Evimetry Deadboot USB dongle
  • Deadboot a target computer for Evimetry Acquisition
  • Use the Evimetry License Dongle to perform a local acquisition from the Deadboot dongle
  • Utilize the Evimetry Deadboot USB dongle and Evimetry Controller to manage a forensic acquisition across a wired network

Instructed By

Instructor Profile Image
Brian Dykstra

Provided By

Cybrary Logo

Certificate of Completion

Certificate Of Completion

Complete this entire course to earn a Basic Evimetry Deadboot Forensic Acquisition: Wired and Local Certificate of Completion