Handling BitLocker and FileVault 2: Evimetry and Mount Image Pro
If you’re pursuing a career in digital forensics, you’ll want to take this informative Evimetry course with Bryan Dykstra, CEO of Atlantic Data Forensics. In this part of his Cybrary course series, you will examine a forensic collection of fully encrypted Windows and Mac computers with Evimetry.
Already have an account? Sign In »

During the course we will collect a FileVault 2 encrypted MacBook Air in minutes without breaking a sweat using Evimetry. Once we have a series of fully encrypted forensic images will use GetData Mount Image Pro to decrypt our forensic images and make the data available for further forensic analysis.
Prerequisites
- Before any forensic acquisition you must document the evidence
- See my Cybrary course: “Evidence Handling: Do it the Right Way”
- See my Cybrary course: “Basic Evimetry Deadboot Forensic Acquisition: Wired & Local”
- A full-featured, evaluation copy of Evimetry
- An evaluation copy of Mount Image Pro
- Internet connected computer
- An encrypted Mac computer
- A USB thumbdrive for dead booting
- A storage drive (USB3 External)
Course Goals
By the end of this course, students should be able to:
- How to identify a BitLocker’d or FileVault’d disk by signature
- Acquire a FileVault’d Mac with Evimetry
- Use Mount Image Pro to decrypt Windows and Mac encrypted volumes


Industry leader in digital evidence collection and forensics.


Complete this entire course to earn a Handling BitLocker and FileVault 2: Evimetry and Mount Image Pro Certificate of Completion
CyberSecurity
Skillset
Domains
Topics