Introduction

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
19 minutes
Difficulty
Intermediate
Video Transcription
00:00
>> Welcome to the seventh in
00:00
our series of Cybrary courses here.
00:00
This is the Evimetry File System Bridge.
00:00
We're going to talk about making
00:00
your AFF4 forensic images actually
00:00
available to forensics tools and things like this,
00:00
so I'm Brian Dykstra,
00:00
CEO of Atlantic Data Forensics.
00:00
That was one of the co-founders and Mandiant,
00:00
used to be cybercrime instructor at
00:00
the FBI Academy at Quantico.
00:00
Military intelligence background, as you might expect.
00:00
A whole bunch of
00:00
different certifications, things like that,
00:00
and if you have any question about
00:00
this course or any of our courses,
00:00
you can go ahead and e-mail me
00:00
directly at cybrary@atlanticdf.com,
00:00
and I will actually respond to you.
00:00
Ask me a weird questions.
00:00
Atlantic Data Forensics, we were founded in 2007.
00:00
We're headquartered in Oak Ridge, Maryland,
00:00
just off the 95
00:00
out near the Baltimore-Washington
00:00
>> International Airport.
00:00
>> Nice area out there.
00:00
We do computer forensics for
00:00
civil and criminal litigation.
00:00
We also have a full-scale e-discovery
00:00
>> practice for doing
00:00
>> large scale law firm type engagements
00:00
where we're doing a hundreds of
00:00
mailboxes and things like this,
00:00
and I need to put it into review platforms,
00:00
and provide it out to
00:00
other attorneys, and things like this.
00:00
We have 24/7 incident response services.
00:00
We're doing all your data breach work,
00:00
both for clients as
00:00
well as just call-ins and things like that.
00:00
We do internal corporate and HR investigations.
00:00
We do a great bit of
00:00
incident response training and
00:00
exercises with our clients,
00:00
just making them better, faster,
00:00
stronger at what they do.
00:00
We also have offices out in
00:00
Denver and Detroit because
00:00
who doesn't love a good Detroit office?
00:00
I mean, seriously, Detroit.
00:00
If it's good enough for Eminem,
00:00
>> it's good enough for us.
00:00
>> Prereqs for this one.
00:00
Again, I can't stress this enough,
00:00
document all your evidence before you get
00:00
into collecting it onto
00:00
hard drives and touch an equipment and things like is.
00:00
Pull out that evidence documentation,
00:00
fill it all in.
00:00
Make sure you've got everything
00:00
in there that you're going to need.
00:00
Doesn't do any good to collect a bunch of
00:00
data and have worthless documentation,
00:00
so we can't use it later on.
00:00
If you have questions about how to
00:00
do that or you're not sure what
00:00
your evidence documentation or
00:00
chain of custody should look like,
00:00
see my Cybrary course on
00:00
Evidence Handling: Doing it the Right Way.
00:00
The most important part of
00:00
collecting evidence is documenting it.
00:00
If you have questions about how to use Evimetry,
00:00
because we're into the
00:00
>> advanced end of it at this point.
00:00
>> I have a whole series of courses from basic into
00:00
advanced uses of Evimetry here on the Cybrary network,
00:00
known as the Cybrary network. I think it is.
00:00
It is now. I've made it the Cybrary network.
00:00
Brian Dykstra coming to you live on the Cybrary network.
00:00
You can get your full featured evaluation copy
00:00
of Evimetry, their website.
00:00
It's a 30-day eval.
00:00
Gives you all the features,
00:00
lots of fun if you want to play along at home.
00:00
If you have questions about how that AFF4 format that
00:00
we're going to be
00:00
using throughout is works and how the hashing works,
00:00
and how it's superior to some of
00:00
the expert witness formats
00:00
and things like that out there.
00:00
Seriously suggest you read
00:00
the AFF4 public pdf over the Evimetry site.
00:00
It's a great walk-through of all that,
00:00
and you really get to get
00:00
a good idea of how it
00:00
works and where it came
00:00
>> from and all that sort of stuff.
00:00
>> Course materials is going to need today
00:00
: Internet connected computer,
00:00
an eval copy of Evimetry,
00:00
an AFF4 forensic image that
00:00
>> you previously acquired using
00:00
>> one of the various methods that
00:00
we've walked through here in the last few courses,
00:00
and hopefully that's all on a storage drive.
00:00
I'm just using a run of the mill,
00:00
$69 Western Digital USB 3 external here.
00:00
You don't need anything fancy
00:00
just to someplace that you can access
00:00
your material from. Target audience.
00:00
As always, computer forensics professionals,
00:00
just trying to help you out out there,
00:00
come on, get with us,
00:00
incident responders because if
00:00
you're doing IR work out there,
00:00
God bless you like me,
00:00
you're never home on weekends or holidays.
00:00
[LAUGHTER] You're going to
00:00
be doing a lot of this stuff too.
00:00
You're going to be doing this forensic collection stuff
00:00
on a pretty regular basis.
00:00
And of course, you know,
00:00
the IT folks that are out there,
00:00
information technology professionals who just
00:00
get rounded up and stuck
00:00
>> into having to do this without,
00:00
>> all the tools that we
00:00
have available and things like this.
00:00
This is a great way for you
00:00
>> to learn how to do this also.
00:00
>> Our learning objectives for today,
00:00
pretty straightforward.
00:00
We're going to learn how to use
00:00
the Evimetry file system bridge.
00:00
Will use the Evimetry file system bridge to actually
00:00
access a previously acquired AFF4 forensic image,
00:00
and then we're going to review those programs
00:00
out there right now that already
00:00
have built-in AFF4 support,
00:00
so more and more forensics tools are starting to
00:00
incorporate AFF4 as the one of their format options.
00:00
If you didn't get that picture right there,
00:00
that as a bridge being supported, get it.
00:00
I know it's not funny if you have to explain it,
00:00
but it made me chuckle,
00:00
so live with that.
00:00
Where are we in that whole Evimetry stack here?
00:00
Not in any of this here.
00:00
We're not actually collecting anything.
00:00
We're not doing the Cloud Agents stuff.
00:00
We're not even doing it live.
00:00
We're truly just down here at the bottom.
00:00
Well, we're using the controller at
00:00
the top because the bridge comes along with
00:00
a controller and our AFF4 image
00:00
containers down there at the bottom.
00:00
We're really not in the middle,
00:00
just the top and the bottom on this particular one.
Up Next