Course Content

Module 1: Introduction

04:10
1.1 Introduction
04:59
1.2 The Evimetry Stack and Controller Walkthrough

Module 2: Forensic Acquisition with Evimetry

08:53
2.1 Creating a "Blessed" Storage Drive
07:48
2.2 Evimetry Acquisition Modes Part 1
09:52
2.3 Evimetry Acquisition Modes Part 2: Block Hash vs. Linear Hash

Module 3: Conclusion

01:06
3.1 Course Summary

Course Description

Prerequisites

  • Have an internet-connected computer
  • An “evidence drive”
  • A storage drive (USB3 External)
  • A hardware write-block if you are planning on doing real evidence collection
  • Before any forensic acquisition you must document the evidence
  • See my Cybrary course: “Evidence Handling: Do it the Right Way”
  • You can get a full featured evaluation copy of Evimetry at https://my.evimetry.com/enquiry/eval
  • Understand Advanced Acquisition & Live Analysis with the AFF4: https://my.evimetry.com/assets/docs/Advanced%20A&A%20AFF4-PUBLIC.pdf

Course Goals

By the end of this course, students should be able to:

  • Understand the basic layout of the Evimetry Windows Controller
  • Differentiate Evidence drives vs. “Blessed” drives
  • Understand how to perform a full linear, forensic acquisition with Evimetry
  • Recognize the different options for performing allocated only, allocated and remainder, non-linear partial or live disk access

Instructed By

Instructor Profile Image
Brian Dykstra
CEO and President of Atlanta Data Forensics
Instructor

Provided By

Cybrary Logo

Certificate of Completion

Certificate Of Completion

Complete this entire course to earn a Introduction to Evimetry: the Controller Certificate of Completion