Additionally, in this course we cover options for pulling or pushing the Evimistry live collection agent directly from the my.evimetry.com website to a running computer. We walk through each of these scenarios step-by-step using all the Evimetry tools.
Prerequisites
- Before any forensic acquisition you must document the evidence
- See my Cybrary course: “Evidence Handling: Do it the Right Way”
- See my Cybrary course: “Basic Evimetry Deadboot Forensic Acquisition: Wired & Local”
- Get a full featured, evaluation copy of Evimetry (Link found in Syllabus)
- Internet connected computer
- An “evidence” computer or drive
- A USB thumbdrive for dead booting
- A network
- A DHCP source
- A storage drive (USB3 External)
Course Goals
By the end of this course, students should be able to:
- Create an Evimetry Allocated-Only Forensic Image
- Create an Evimetry Non-Linear Partial Forensic Image (File-Type Image)
- Create an Evimetry Live Forensic Image of a Windows Target System
- Examine the Downloadable Pull & Push Evimetry Live Agents
