Try Buy

Overview

The Evimetry Cloud Agent enables forensic acquisition and analysis to occurr in-cloud, using cloud computing, network, and storage resources.

Deploy Cloud OS

Acquisition and analysis of computers in the cloud benefits from the close placement of an evidence repository, typically a cloud server provisioned in the same data centre.

1. Provision a Ubuntu 10.04 server in the same data centre as your target system. You must use 4G or more of RAM.


2. Ensure that the server has large enough storage for your acquired image, and high network throughput.


Deploy Cloud Agent

3. Login to the Evimetry portal.

4. Go to the Live menu and select "Deploy Cloud Agent"


5. Copy the two line Cloud Agent deployment script.


3. Login to the cloud server by SSH.

4. Paste in the deployment shell script.

4. Accept the installation questions.

The bash install_script_ubuntu.sh script automatically patches the server with the latest Ubuntu security patches, and downloads and configures the Evimetry Agent as a repository.

root@ip-172-31-19-255:~# wget -O install_script_ubuntu.sh https://my.evimetry.com/portal/install_script_ubuntu.sh?6a063dfa450349cef1a1dbc0eacd2b75af6e84ce –2017-09-15 07:04:20– https://my.evimetry.com/portal/install_script_ubuntu.sh?6a063dfa450349cef1a1dbc0eacd2b75af6e84ce Resolving my.evimetry.com (my.evimetry.com)… 104.237.142.195 Connecting to my.evimetry.com (my.evimetry.com)|104.237.142.195|:443… connected. HTTP request sent, awaiting response… 200 OK Length: 9865 (9.6K) [text/plain] Saving to: ‘install_script_ubuntu.sh’ 100%[==================================================================================>] 9,865 –.-K/s in 0s 2017-09-15 07:04:21 (216 MB/s) – ‘install_script_ubuntu.sh’ saved [9865/9865] root@ip-172-31-19-255:~# bash install_script_ubuntu.sh ########################################################################################## Updating APT and Installing dependencies ########################################################################################## Run sudo apt-get –yes update [Y/n/a]? <<>> ########################################################################################## Configuring agent config for cloud deployment. ########################################################################################## Artifact: evimetry.agent Description: Agent Application for Evimetry Application Suite Version: 3.0.1 Build: 1117 Build Date: 2017-07-17T08:39:06.891+1000 evimetry.agent start/running, process 4917 ############################################################################################ Evimetry installed and started. Point your controller at 172.31.3.157. Control service by stop/start/restart evimetry.agent Logs are in /var/log/upstart/evimetry.agent.log Configuration is in /etc/init/evimetry.agent.conf ############################################################################################

Connect to Cloud Agent

3. Start the Evimetry controller.

4. Use Tools | Connect to display the connection dialog.

4. Enter the public IP address of the Cloud OS.



On connection, the Cloud Agent will be visible in the Fabric Nodes view of the Controller. An evidence storage location (present on the OS disk) is automatically configured and mounted.