Course Content

Module 1: Introduction

4m
1.1 Introduction
4m
1.2 The Evimetry Stack and Controller Walkthrough

Module 2: Forensic Acquisition with Evimetry

8m
2.1Creating a "Blessed" Storage Drive
7m
2.2Evimetry Acquisition Modes Part 1
9m
2.3Evimetry Acquisition Modes Part 2: Block Hash vs. Linear Hash

Module 3: Conclusion

1m
3.1Course Summary

Course Description

The course introduces Evimetry “blessed” data storage drives and the difference between block-hash and traditional linear hashing for forensic images. It’s time to step up your forensic acquisition game with Evimetry. Come Run With Us.

Prerequisites

  • Have an internet-connected computer
  • An “evidence drive”
  • A storage drive (USB3 External)
  • A hardware write-block if you are planning on doing real evidence collection
  • Before any forensic acquisition you must document the evidence
  • See my Cybrary course: “Evidence Handling: Do it the Right Way”
  • You can get a full featured evaluation copy of Evimetry at https://my.evimetry.com/enquiry/eval
  • Understand Advanced Acquisition & Live Analysis with the AFF4: https://my.evimetry.com/assets/docs/Advanced%20A&A%20AFF4-PUBLIC.pdf

Course Goals

By the end of this course, students should be able to:

  • Understand the basic layout of the Evimetry Windows Controller
  • Differentiate Evidence drives vs. “Blessed” drives
  • Understand how to perform a full linear, forensic acquisition with Evimetry
  • Recognize the different options for performing allocated only, allocated and remainder, non-linear partial or live disk access

Instructed By

Instructor Profile Image
Brian Dykstra
CEO and President of Atlanta Data Forensics
Instructor

Delivered By

Atlantic Data Forensics

Industry leader in digital evidence collection and forensics.

Provided By

Cybrary

Certificate of Completion

Certificate Of Completion

Complete this entire course to earn a Introduction to Evimetry: the Controller Certificate of Completion