Handling BitLocker and FileVault 2: Evimetry and Mount Image Pro
In this course we will look at forensic collection of fully encrypted Windows and Mac computers with Evimetry.
During the course we will collect a FileVault 2 encrypted MacBook Air in minutes without breaking a sweat using Evimetry. Once we have a series of fully encrypted forensic images will use GetData Mount Image Pro to decrypt our forensic images and make the data available for further forensic analysis.
- Before any forensic acquisition you must document the evidence
- See my Cybrary course: “Evidence Handling: Do it the Right Way”
- See my Cybrary course: “Basic Evimetry Deadboot Forensic Acquisition: Wired & Local”
- A full-featured, evaluation copy of Evimetry
- An evaluation copy of Mount Image Pro
- Internet connected computer
- An encrypted Mac computer
- A USB thumbdrive for dead booting
- A storage drive (USB3 External)
By the end of this course, students should be able to:
- How to identify a BitLocker’d or FileVault’d disk by signature
- Acquire a FileVault’d Mac with Evimetry
- Use Mount Image Pro to decrypt Windows and Mac encrypted volumes
Industry leader in digital evidence collection and forensics.
Complete this entire course to earn a Handling BitLocker and FileVault 2: Evimetry and Mount Image Pro Certificate of Completion
Evimetry is a digital forensics tool that allows you to acquire digital evidence as part ...
In your data forensics, do you need to make AFF4 images available in tools that ...