Course Content

Module 1: Introduction

1.1 Introduction
1.2 The Evimetry Stack and Controller Walkthrough

Module 2: Forensic Acquisition with Evimetry

2.1 Creating a "Blessed" Storage Drive
2.2 Evimetry Acquisition Modes Part 1
2.3 Evimetry Acquisition Modes Part 2: Block Hash vs. Linear Hash

Module 3: Conclusion

3.1 Course Summary

Course Description


  • Have an internet-connected computer
  • An “evidence drive”
  • A storage drive (USB3 External)
  • A hardware write-block if you are planning on doing real evidence collection
  • Before any forensic acquisition you must document the evidence
  • See my Cybrary course: “Evidence Handling: Do it the Right Way”
  • You can get a full featured evaluation copy of Evimetry at
  • Understand Advanced Acquisition & Live Analysis with the AFF4:

Course Goals

By the end of this course, students should be able to:

  • Understand the basic layout of the Evimetry Windows Controller
  • Differentiate Evidence drives vs. “Blessed” drives
  • Understand how to perform a full linear, forensic acquisition with Evimetry
  • Recognize the different options for performing allocated only, allocated and remainder, non-linear partial or live disk access

Instructed By

Instructor Profile Image
Brian Dykstra
CEO and President of Atlanta Data Forensics

Provided By

Cybrary Logo

Certificate of Completion

Certificate Of Completion

Complete this entire course to earn a Introduction to Evimetry: the Controller Certificate of Completion