Evimetry Remote

Are you interested in this product?

1300 55 33 24

contact@cdfs.com.au

Request a Call back

ACQUIRE FASTER. ANALYSE IMMEDIATELY.

Evimetry Remote accelerates remote forensics, bringing forensically reproducible triage, security and speed to remote and live analysis.

Product Overview

A lightweight forensic agent.

The core of Evimetry Remote is the Evimetry Live Agent, a lightweight forensic agent remotely deployable to live operating systems. The agent gives write-blocked access to the Disk and RAM of the remote system.

A single pane for control.

Evimetry Remote pairs the Evimetry Live Agent with the Evimetry Controller. The Controller is used to manage acquisitions from remote live agents, and to enable live analysis via a virtual disk.

Simple, secure, and fast access.

Evimetry’s secure network protocol uses compression to speed evidence access. Any evidence accessed is stored in a partial forensic image, with following accesses read from the image, preserving limited network resources. Evimetry uses robust, industry standard TLS encryption for security in a simple to deploy and manage form.

Complete, live, and profile based acquisition.

Evimetry’s technical advance is the partial physical forensic image. Acquire the highest-value evidence by category first, widen the scope of acquisition by live analysis via virtual disk, or take a complete image. The choice is yours.

Analyse immediately.

Evimetry closes the gap between acquisition and analysis, with examination and triage activities to occurring at the same time as acquisition. Leverage your preferred forensic toolset for live analysis and triage while you acquire, via a virtual disk device view of your live acquisition.

Works across platforms.

The Live Agent runs on live Windows, MacOS and Linux systems.

Easy to provision.

The Evimetry Live Agent is a console application, enabling straightforward push and pull deployment using remote shell, application deployment tools, and lateral movement techniques. No GUI is presented by the agent.

Works with your current toolkit.

Evimetry’s physical images are simply accessible from your current forensic toolset (even partial images), using our freely available filesystem bridge. Or if you prefer, convert into existing format in the time it takes to copy an image from an evidence drive to an analysis workstation.

Usage Videos

Remote IAAS live cloud acquisition and analysis.

This screencast demonstrates remote live acquisition and analysis of a cloud based server using the Evimetry system. A cloud storage agent is provisioned in the same datacentre as the target server, and then a live agent deployed to the target server.