In this course we will do the more common practice of creating a forensic image on the local computer but managing the entire process across a CAT6 network from the Evimentry Windows Controller. We’ll also revisit writing our forensic images to “blessed” storage media.
Prerequisites
- Before any forensic acquisition you must document the evidence
- See my Cybrary course: “Evidence Handling: Do it the Right Way”
- See my Cybrary course: “Introduction to the Evimetry Controller”
- Internet connected computer
- An evaluation copy of Evimetry
- An “evidence” computer or drive
- A CAT5 or CAT6 wired network
- A DHCP source
- A storage drive (USB3 External)
Course Goals
By the end of this course, students should be able to:
- Create an Evimetry Deadboot USB dongle
- Deadboot a target computer for Evimetry Acquisition
- Use the Evimetry License Dongle to perform a local acquisition from the Deadboot dongle
- Utilize the Evimetry Deadboot USB dongle and Evimetry Controller to manage a forensic acquisition across a wired network
