Introduction to Evimetry: the Controller
Evimetry is a digital forensics tool that will allow you to acquire and analyze digital evidence in conjunction with your incident response practices. In this Evimetry: The Controller course, we show you how to use the Evimetry Windows Controller interface. This is the first in a series of courses introducing Evimetry for data acquisitions.
The course introduces Evimetry “blessed” data storage drives and the difference between block-hash and traditional linear hashing for forensic images. It’s time to step up your forensic acquisition game with Evimetry. Come Run With Us.
- Have an internet-connected computer
- An “evidence drive”
- A storage drive (USB3 External)
- A hardware write-block if you are planning on doing real evidence collection
- Before any forensic acquisition you must document the evidence
- See my Cybrary course: “Evidence Handling: Do it the Right Way”
- You can get a full featured evaluation copy of Evimetry at https://my.evimetry.com/enquiry/eval
- Understand Advanced Acquisition & Live Analysis with the AFF4: https://my.evimetry.com/assets/docs/Advanced%20A&A%20AFF4-PUBLIC.pdf
By the end of this course, students should be able to:
- Understand the basic layout of the Evimetry Windows Controller
- Differentiate Evidence drives vs. “Blessed” drives
- Understand how to perform a full linear, forensic acquisition with Evimetry
- Recognize the different options for performing allocated only, allocated and remainder, non-linear partial or live disk access
Industry leader in digital evidence collection and forensics.
Complete this entire course to earn a Introduction to Evimetry: the Controller Certificate of Completion
This course covers using the creating an Evimetry Deadboot dongle to create a forensic image from ...
This course covers how to edit the configuration of an Evimetry Deadboot dongle so that ...