1.2 The Evimetry Stack and Controller Walkthrough

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

36 minutes
Video Transcription
All right, This is introduction. Ever met tree the controller?
All right. So the elementary stacks of basically the set of tools around ever met tree
you have here on your on your far left hand side. Uh, the the actual image or acquisition peace. There's a dead boot agent, which means I have a computer that I'm targeting. That I'm gonna boot it from a cold start up into a U. S. Beer or CD media, Um,
and all that's part of what we're gonna do today. We're gonna win and deal with the acquisition side of that. They also have cloud agents.
I can load them into my azure eight of us instances in and grabs images that way, which is a huge advantage. We'll definitely do that in the future. Course. Lots of fun. And then live acquisition this'll we honestly don't use in the commercial setting too much.
But I knew in the law enforcement, sometimes in the d. O. D settings and things like this,
they use the live agent, so you can, you know, preview your acquisition before actually acquiring it. So I'm trying to get really quick information, things like that, and then Of course, all that gets dumped into the F F for image container at the bottom there. So that's our basic set of options.
All right, so Ah, nice little picture of the ever metric controller here. And we'll go ahead and actually start our walk through of this, and I have a copy of it running right here.
And, Lou, that looks just like on the on the slide. Not a whole lot to that. Um, pretty straightforward. I've got my own hard drive here. Uh, the internal hard drive. I've got that external hard drive that I was talking to you about the USB drive, which is right there
and course my target acquisition drive, which is that small USB thumb drive
right there.
So we're gonna talk about quickly. We're gonna talk about just some of the tool features the adding local repositories, sharing an image, verifying local image calculating limiter. Linear hash is and how that's different.
Different from the block hashing that Demetri does. Converting our images to other file formats will go to the preferences, and it will just take a quick look at our
license information. Sofa popped back over here.
All right, so headed right up to tools. They're so adding a local repositories. That's essentially adding a location where my, uh, evidence container is going to be my effort for image. My forensic image is going to be a drop, too.
I can actually share an image across the network via ice cosy. I just select an image,
and I can share that out to other computers on the network. That could make a nice, cozy connection, which is kind of interesting. We use that. Sometimes when we're trying to present an image to bit locker decrypt or something like that will will share the image out bit locker decrypted across the network. Things like this,
um, verifying the local image. So I have an ability to go ahead and select my image and and verify it.
Calculon Leonard Hashes will get into that in a bit and converting images over. We'll come back around to that. Let me address preferences right here. So there's ah number of different preferences. They're all mostly set by default. I tend to not mess with these Um this is for, you know, our default. I scuzzy pours things like that
on the default port would be listening on if we were doing a
a, uh, capture of an image across the network of managing that image across the network. I can I can set interfaces, certificates. Everything is course t l s encrypted when we're managing a, uh,
acquisition across the network. So there's a control channel for that.
Um, I have a whole bunch of different options in here for setting default names and default. How? I'd like things to be ah, acquired. I can set up a bunch of defaults if I if I always do my acquisitions one way, I can set that sort of stuff up. I can change out my default algorithms for hashing so forth.
Um, I can make some changes here about, you know, the devices and how they're handled.
I can set up permanent repositories amount. So if I had some sort of network share or something like this, it was gonna be a permanent positive, and I was gonna acquire two There. You go ahead and set that up. Um, or maybe a big multi driver Ray or something like this. Image conversions when I'm gonna write those out to what my default formats gonna be.
I set up all that stuff right here
and then Internet connection. If I need to proxy something that's all available to me, right there also.
Um, but this much fun is that is why don't we, uh, jump right into ah,
to creating an image.
Up Next
Introduction to Evimetry: the Controller

This course is our first in a series introducing Evimetry for forensic data acquisitions. We start with the Evimetry Windows Controller interface and perform a basic full linear (bit-for-bit) acquisition directly from the Controller.

Instructed By