Moocable is learner-supported. When you buy through links on our site, we may earn an affiliate commission.
Description
In this course we will do the more common practice of creating a forensic image on the local computer but managing the entire process across a CAT6 network from the Evimentry Windows Controller. We’ll also revisit writing our forensic images to “blessed” storage media.
Prerequisites
- Before any forensic acquisition you must document the evidence
- See my Cybrary course: “Evidence Handling: Do it the Right Way”
- See my Cybrary course: “Introduction to the Evimetry Controller”
- Internet connected computer
- An evaluation copy of Evimetry
- An “evidence” computer or drive
- A CAT5 or CAT6 wired network
- A DHCP source
- A storage drive (USB3 External)
Course Goals
By the end of this course, students should be able to:
- Create an Evimetry Deadboot USB dongle
- Deadboot a target computer for Evimetry Acquisition
- Use the Evimetry License Dongle to perform a local acquisition from the Deadboot dongle
- Utilize the Evimetry Deadboot USB dongle and Evimetry Controller to manage a forensic acquisition across a wired network
Tags
Syllabus
- Module 1: Introduction
- 1.1 Introduction
- Module 2: Preparing for the Acquisition
- 2.1 Create an Evimetry Deadboot USB
- 2.2 Creating a Blessed Storage Drive
- 2.3 Two Methods of Deadboot Acquisition
- 2.4 Evimetry Deadboot Forensic Acquisition Tools
- Module 3: Using Evimetry Deadboot for Forensic Acquisition
- 3.1 Evimetry Deadboot Operation: Getting Started
- 3.2 Managing the Acquisition Process from the Controller
- 3.3 Acquisition Summary
- Module 4: Course Summary
- 4.1 Course Summary
Online Course 
-
TypeOnline Course
-
Provider
In this course we will do the more common practice of creating a forensic image on the local computer but managing the entire process across a CAT6 network from the Evimentry Windows Controller. We’ll also revisit writing our forensic images to “blessed” storage media.
Prerequisites
- Before any forensic acquisition you must document the evidence
- See my Cybrary course: “Evidence Handling: Do it the Right Way”
- See my Cybrary course: “Introduction to the Evimetry Controller”
- Internet connected computer
- An evaluation copy of Evimetry
- An “evidence” computer or drive
- A CAT5 or CAT6 wired network
- A DHCP source
- A storage drive (USB3 External)
Course Goals
By the end of this course, students should be able to:
- Create an Evimetry Deadboot USB dongle
- Deadboot a target computer for Evimetry Acquisition
- Use the Evimetry License Dongle to perform a local acquisition from the Deadboot dongle
- Utilize the Evimetry Deadboot USB dongle and Evimetry Controller to manage a forensic acquisition across a wired network
- Module 1: Introduction
- 1.1 Introduction
- Module 2: Preparing for the Acquisition
- 2.1 Create an Evimetry Deadboot USB
- 2.2 Creating a Blessed Storage Drive
- 2.3 Two Methods of Deadboot Acquisition
- 2.4 Evimetry Deadboot Forensic Acquisition Tools
- Module 3: Using Evimetry Deadboot for Forensic Acquisition
- 3.1 Evimetry Deadboot Operation: Getting Started
- 3.2 Managing the Acquisition Process from the Controller
- 3.3 Acquisition Summary
- Module 4: Course Summary
- 4.1 Course Summary
Tags
Loading...
Saving...
Loading...