Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

19 minutes
Video Transcription
right. Welcome to the seventh in our series of Ah, cyber recourse is here. This is the ever Met refile system bridge. Um, and we're gonna talk about making ah,
making your f f four forensic image is actually available to forensics tools and things like this.
So I'm Bryan Dykstra, CEO of Atlantic Data Forensics. I was when the co founders of Mandiant used to be a cyber crime and structured at the FBI academy at Quantico. Military intelligence, background, as you might expect, pull bunch of different certifications, things like that.
And if you have any question about this course or any of our courses
ah, you can go ahead and email me directly at cyber ery at Atlantic D f dot com and I will actually respond to U. S. O. Asked me your weird questions.
All right. Uh, Atlantic data forensics were founded in 2007. We're headquartered in Elkridge from Maryland, Just off the 95 out near the Baltimore Washington International Airport. Nice area out there.
Ah, Where do computer forensics for civil and criminal litigation. Ah, we also have a full scale he discovery practice for doing large scale. Um, you know,
law, firm type engagements were doing hundreds of mailboxes and things like this, and I need to put it in tow, review platforms and provided out other other attorneys. Things like this. We have 24 7 Incident Response Service is So we're doing all your data breach work both for
for clients as well as just call ins. Things like that.
Um, we do internal corporate nature, our investigations. Ah, we do a great bit of, ah, incident, response, training and exercises with our clients. Just making them better, faster, stronger and what they do. We also have offices out in Denver and Detroit because who doesn't love a good Detroit office? I mean, seriously, Detroit.
All right.
It's good enough for M and M. It's good enough for us, right?
All right. Pre rex for this one again. Can't stress this enough. Document all your evidence before you get into collecting it onto hard drives and touch and equipment, things like it's pull out that evidence documentation. Fill it all in, make sure you've got everything
in there that you're gonna need, doesn't do any good to collect a bunch of data and have worthless documentation. So we can't use it later on.
You have questions about how to do that, or you're not sure what you're the evidence. Documentation a chain of custody should look like. See my cyber a course on evidence handling, doing it the right way. Um, the most important part of collecting evidence is documenting it. Um,
if you have questions about how to use every metric because we're sort of into the advanced end of it at this point, um, you know, I have a whole series of, of course, is on from basic into advanced uses of every metric. Here on the Cyber network now is a cyber network. I think it is.
It is. Now I've made it. The Cyber network. Brian Dykstra coming to you live on the cyber network.
All right. You can get your full featured evaluation copy of ever men Tree. Ah, their website. It's a 30 day evil. Gives you all the features. Lots of fun if you want to play along at home. And then if you have questions about how that FF format that f a f F four format that we're going to be using
throughout is ah, works And how the hashing works and how it's, you know,
superior to some of the expert witness formats and things like that out there.
Um, seriously suggest you read the effort for public pdf over the elementary site. It's a great walk through of all that, and you really get toe get a good idea of how it works and where it came from and all that sort of stuff.
All right. Course materials gonna need today. Ah, Internet connected computer. Ah, an evil copy of ever Met tree, Um, and F f four forensic image that you previously acquired using one of the various methods that we've we've walked through here in the last few courses and hopefully that's all on a storage drive.
I'm just using a
run of the mill $69 western digital USB three external here. You don't need anything fancy. Just just someplace that you can access the your material from
target audience. As always, computer friends, professionals, you know, just trying to help you out out there. Come on, get with us. Um, instant responders. Because if you do and I are work out there, God bless you. You like me? You're never home on weekends or holidays.
You're gonna be doing a lot of this stuff to you gonna be doing this this forensic collection stuff on a pretty regular basis.
And of course, you know, the I t folks that are out there, information technology professionals who just get round, you know, rounded up and stuck into having to do this without, you know, all the all the tools that we have available on things like this is the great where if you learned how to do this also,
all right are learning objectives for two day pretty straightforward. We're gonna learn how to use the elementary file system bridge. We'll use the elementary follow system bridge to actually access a previously acquired effort for forensic image on. And then we're going to review Ah,
those programs out there right now that already have ah built in f F four support. So
more and more forensics tools are starting to incorporate as before, as Thea as one of their format options.
Um, and if you didn't get that picture right there, that is a bridge being supported. Get it? I know it's not funny if you have to explain it,
but it made me chuckle. So live with that.
All right, Where are we in that whole elementary stack here? Um, it's kind of kind of not in any of this year, so we're not actually collecting anything. We're not doing the cloud agent stuff. Whenever we've been doing alive, we're really just down here at the bottom. Well, we're using the controller at the top because the bridge comes along with the controller
and an R F f for image containers down there, the bottoms or
we're really not in the middle. Just the top in the bottom on this particular one.
Up Next