Handling BitLocker and FileVault 2: Evimetry and Mount Image Pro
Cybrary
Course
In this course we will look at forensic collection of fully encrypted Windows and Mac computers with Evimetry.
Time
35 minutes
Difficulty
Advanced
CEU/CPE
1
Time
35 minutes
Difficulty
Advanced
CEU/CPE
1
Course Content
Module 1: Introduction
Module 2: Handling BitLocker and FileVault 2: Evimetry and Mount Image Pro
Module 3: Conclusion
Course Description
During the course we will collect a FileVault 2 encrypted MacBook Air in minutes without breaking a sweat using Evimetry. Once we have a series of fully encrypted forensic images will use GetData Mount Image Pro to decrypt our forensic images and make the data available for further forensic analysis.
Prerequisites
- Before any forensic acquisition you must document the evidence
- See my Cybrary course: “Evidence Handling: Do it the Right Way”
- See my Cybrary course: “Basic Evimetry Deadboot Forensic Acquisition: Wired & Local”
- A full-featured, evaluation copy of Evimetry
- An evaluation copy of Mount Image Pro
- Internet connected computer
- An encrypted Mac computer
- A USB thumbdrive for dead booting
- A storage drive (USB3 External)
Course Goals
By the end of this course, students should be able to:
- How to identify a BitLocker’d or FileVault’d disk by signature
- Acquire a FileVault’d Mac with Evimetry
- Use Mount Image Pro to decrypt Windows and Mac encrypted volumes
Instructed By
Brian Dykstra
CEO and President of Atlantic Data Forensics
Instructor
Provider
Industry leader in digital evidence collection and forensics.
Provider
Certificate of Completion
Complete this entire course to earn a Handling BitLocker and FileVault 2: Evimetry and Mount Image Pro Certificate of Completion
Similar Content
