Name: Introduction to Evimetry: the Controller
Rating: 5 (2 reviews)

Create Free Account

NEED TO TRAIN YOUR TEAM? LEARN MORE

Time

36 minutes

Difficulty

Beginner

CEU/CPE

This course is our first in a series introducing Evimetry for forensic data acquisitions. We start with the Evimetry Windows Controller interface and perform a basic full linear (bit-for-bit) acquisition directly from the Controller.

Create Free Account

NEED TO TRAIN YOUR TEAM? LEARN MORE

Already have an account? Sign In »

1.1 Introduction

1.2 The Evimetry Stack and Controller Walkthrough

2.1Creating a "Blessed" Storage Drive

2.2Evimetry Acquisition Modes Part 1

2.3Evimetry Acquisition Modes Part 2: Block Hash vs. Linear Hash

3.1Course Summary

The course introduces Evimetry “blessed” data storage drives and the difference between block-hash and traditional linear hashing for forensic images. It’s time to step up your forensic acquisition game with Evimetry. Come Run With Us.

Prerequisites

Have an internet-connected computer
An “evidence drive”
A storage drive (USB3 External)
A hardware write-block if you are planning on doing real evidence collection
Before any forensic acquisition you must document the evidence
See my Cybrary course: “Evidence Handling: Do it the Right Way”
You can get a full featured evaluation copy of Evimetry at https://my.evimetry.com/enquiry/eval
Understand Advanced Acquisition & Live Analysis with the AFF4: https://my.evimetry.com/assets/docs/Advanced%20A&A%20AFF4-PUBLIC.pdf

Course Goals

By the end of this course, students should be able to:

Understand the basic layout of the Evimetry Windows Controller
Differentiate Evidence drives vs. “Blessed” drives
Understand how to perform a full linear, forensic acquisition with Evimetry
Recognize the different options for performing allocated only, allocated and remainder, non-linear partial or live disk access