Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
Overview
This course is our first in a series introducing Evimetry for forensic data acquisitions. We start with the Evimetry Windows Controller interface and perform a basic full linear (bit-for-bit) acquisition directly from the Controller. The course also introduces Evimetry “blessed” data storage drives and the difference between block-hash and traditional linear hashing for forensic images. It’s time to step up your forensic acquisition game with Evimetry. Come Run With Us.
Course Content
Module 1: Introduction
Module 2: Forensic Acquisition with Evimetry
Module 3: Conclusion
Course Description
Prerequisites
- Have an internet-connected computer
- An “evidence drive”
- A storage drive (USB3 External)
- A hardware write-block if you are planning on doing real evidence collection
- Before any forensic acquisition you must document the evidence
- See my Cybrary course: “Evidence Handling: Do it the Right Way”
- You can get a full featured evaluation copy of Evimetry at https://my.evimetry.com/enquiry/eval
- Understand Advanced Acquisition & Live Analysis with the AFF4: https://my.evimetry.com/assets/docs/Advanced%20A&A%20AFF4-PUBLIC.pdf
Course Goals
By the end of this course, students should be able to:
- Understand the basic layout of the Evimetry Windows Controller
- Differentiate Evidence drives vs. “Blessed” drives
- Understand how to perform a full linear, forensic acquisition with Evimetry
- Recognize the different options for performing allocated only, allocated and remainder, non-linear partial or live disk access
Instructed By
Brian Dykstra
Instructor
Provided By
Certificate of Completion
Complete this course and earn a Introduction to Evimetry: the Controller Certificate of Completion
Competency Areas