2.4 Evimetry Deadboot Forensic Acquisition Tools

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

37 minutes
Video Transcription
All right. Welcome to basic elementary, dead boot forensic acquisition. And let's get right into this.
All right, Sy Berry viewers or Saira, what do we call you? Can't go to Sai Berry. And I think it's the people here. Right? You guys are Siberians and I were here in the beautiful side. Very studio in College Park, Maryland. Ah, so cyber rights separates now we'll work on this anyway, a couple of the items that we need here. So
got the dead boot dongle that I made things is one of our standard dead mood consoles.
I like to mark him with a little tag, so I confined him later. We put the version of Ephraim entry dead Buddha agent we're using on it things like that. But you can see nothing particularly special. Just your average little SanDisk thumb drive kind of handy. Um, we have our elementary boot dongle here.
Um, I don't know if you guys do this, but this is Ah,
a trick. We use it.
Atlantic data Forensics dangles air so easy to lose in the back of machines and get left and servers and things like this. So we hooked these
big dangly obnoxiously colored. Uh, we have been reds and bright yellows and oranges and stuff like this to him so that we don't lose our very valuable dong gal's for our licensing. They're, like, said Standard, not too much to get excited about. Blessed
Western digital USB drive
s not much. Do that. Um, this little nook here, this intel nook is going to be our our target computer. So this would be the computer will acquire a forensic image of not much to be said about that standing little device. And then, uh, this mess of
cables and things that we have here on the table that you can't quite see
thanks to the edge of it, we just have ah, little links is to provide us with with, ah, network connection. Normal is to be a client's, you know, actual wired network plugged into the wall, things like that. And this is also acting as our d c p server so that we have i p connectivity between our
our target system and our controller system.
So with that, we're gonna go ahead, take this dead boot agent, and we're going to go ahead and boot our, um, our little target system here. Not much to this. Go ahead, plug your your blessed USB drive in.
Get that in there, get my dead boot agent in there
and because we're gonna do this first. Locally, I don't have to use my license dongle locally on this system so that elementary will know that I'm licensed to go ahead and collect. So that's pretty straightforward. Just plugging in USB devices and then we'll get this fired up.
We'll show you the actual local boots screen for every metric.
Up Next