Time
58 minutes
Difficulty
Beginner
CEU/CPE
1

Video Transcription

00:00
I question five here. Uh, okay. So, uh, what's your favorite ever met tree future? Right.
00:08
Um, that's my favorite feature. Uh,
00:13
I think my favorite feature at the moment would have to be our collective support.
00:18
I'm not sure if you're not sure if you're using it yet, but, um oh, my God. A feature of my using.
00:25
Um Well, let me know. Um, but I think it's really only this year that we've we've, uh, launched it. So,
00:33
um, you know, computer forensics dangles or everywhere Ever met trees don't well based, unfortunately, But, you know, that's the hard decision we had to make. The
00:46
collective feature has taken what used thio involve a bunch of third party tooling steps to make life a whole lot more streamlined. So,
00:58
um, with our collective feature, we can
01:02
plugger driving Thio windows, computer running. You've met tree controller. We can
01:07
within 30 seconds, depending on the hard drive. We can actually format that drive as a as an admit tree, dead boot. Prevision it with a profile off what particular artifacts he wanted to collect. And with what priority
01:25
on Beacon Burn a license that's paired with that particular hard drives
01:30
into the hard drive, and then you can walk away and plug it into a computer and do an acquisition without needing to connect it with the controller. Ah, without even needing to do much at all at the keyboard because it XP reconfigured
01:45
and without importantly, needing to dangling. So,
01:49
you know, if you're dealing with acquisitions of surface pros, et cetera, that have only got one USB
01:56
Um, and, uh, the keyboard is a little bit dodgy, just plugging in 11 drive and booting into it and then walking away. And five minutes later, having a full image is a pretty convenient. All right, So I told you gotta test that when I get back to the office. I'm all about that.
02:14
Um,
02:15
no, I mean, because that's one of those topics that comes up all the time with, uh, I'm sure you take these phone calls people like, Well, can't you just do the forensic collection remotely for me?
02:25
And it's like if you had if you had a stable platform. We've tried a lot of different solutions for doing that,
02:32
but you know,
02:34
if you have a working solution for for that where you could just plug it in and let go. That's that's awesome.
02:42
Yeah, that's Ah, that's that's that's super convenient. Um, the other one, that sort of talking about the remote
02:51
is, uh, that we like using for kind of
02:55
pre screening, whether or not cases worth taking on, sometimes he's too. D'oh
03:01
is to use our cloud based agent and a live agents to do kind of a remote triage. So,
03:10
um well, quite regularly spin up, eh?
03:15
Server in in I ws or whatever, that's running the elementary cloud agent
03:20
um and then we'll get a remote session on a PC. That's a few hours drive away
03:27
will install the elementary live agent there, and then we'll kick off a,
03:31
um a normally a partial acquisition of all the high value stuff on, and that'll get us
03:39
most of the artifacts that we would name for a
03:43
I think theft investigation, enough to really get an idea of whether or not that computers that way we want to either have sent to us. So we want to go for a long drive on, do a full acquisition off
03:55
from that ability to do focused acquisitions using the normal in your stuff. Is gimmickry powerful?
04:03
Yeah, absolutely. Um, actually, we're doing
04:08
cloud acquisition as part. Of course, nine. The next one after after this one. Get a lot of the other permutations in there. But, uh,
04:15
socialist, um,
04:17
you know, if this is gonna sound like stupid compared to what you just said, but, uh,
04:23
my favorite feature honestly, um, is and I don't mind ogles at all because I got, you know, dogs for days, right?
04:30
Um, but ah. Treated too.
04:33
Uh, we all. D'oh. Uh, do you do you live in constant fear? Losing a dongle?
04:41
Uh, yes. Like especially we're on the road. We do daily dog accounts, like, OK, just to make sure we still got five. Right?
04:50
Uh, when When I'm flying, I have a special patch that might always go in and exactly way do the same thing with this little bag. You know, all my dog goes through this bag, I can't lose his bag.
05:03
Oh, I have labels. Checklists. Yeah, big. We have big flaming Landers on ours. Like all multi bright colored stuff like this. You don't accidentally set one down. It's, um yeah, it's just everything you could do to keep But anyway, going to rack around. What about true love? Being able to is
05:23
popping on the network to guys, you know, stagger hard drives.
05:28
And one guy manages all the collections from the controller
05:33
and, you know, the other guys just out there popping, you know, dead brute agents in across the network. And you know, we've got
05:42
10 or 15 go into the time, and you're basically just on this constant rotation. Just just watching that data just just stream through and
05:50
nice set of finished Dr Stacking up over here.
05:55
It's
05:57
that's kind of revolutionary,
06:00
you know,
06:00
and it allows us to finish. You know, those
06:02
there's on site collections like that that you used to be. Let's face it, those were not a lot of fun.
06:08
Um, you know, days and she was doing that. And, you know, sometimes you know, we have finished 50 60 70 computers in a day. Easy.
06:17
That's great. Yeah, it's without killing yourself yourself
06:24
or wanted to kill yourself. How How would you have you? Have you done that? Done the math on how much time slash costs That saving
06:35
from a zit,
06:40
You know, as you know, no two jobs are exactly the same, even if it's to same. But if you did have to, we're each 40 computers apiece or something like that. There would be something in there that would, you know, throw that off. But but no, haven't haven't haven't really compare that, I think which we got started. And we really incorporated a veteran. You know,
06:58
this is our core tool for our collections.
07:00
Um, I don't think I ever looked back, and I just
07:04
It's just just better and easier. This kept kept going forward with it.
07:11
Gonna love to hear that.
07:13
I know, right? It's like trying to sell your tool or something crazy.
07:16
All right. Um

Up Next

Evimetry: Interview with Dr. Bradley Schatz

In this free course we talk to the co-author of AFF4 and creator of Evimetry, Dr. Bradley Schatz. We’ll hear from Dr. Schatz on his involvement in working on both while learning what’s next for Evimetry and Dr. Schatz’s favorite Evimetry feature.

Instructed By

Instructor Profile Image
Brian Dykstra
CEO and President of Atlantic Data Forensics
Instructor