Try Buy

Live Agent Overview

Evimetry enables remote acquisition and analysis of live evidence sources by way of a live agent. Evidence streams from the suspect device across the network using a compressed and encrypted protocol to a Evimetry Repository Agent for storage. The agent can be simply run from an attached USB or optical disk. In cloud environments, where such facilities are not available, the agent can be readily deployed by downloading directly to the device in the following manner.

Deploy a live agent: Windows

The Windows live agent supports Windows Vista and above and Windows Server 2008 and above, running either 32 or 64 bit.

The following provides a simple way of downloading the live agent onto a computer. Please note, that in doing so, you are using the default certificates that all Evimetry licencees have had access to. This is provided as a simple way to bootstrap your testing and deployment. We recommend using your own self generated certificates in production.

1. Log into the Evimetry portal.

2. Go to the menu and select "Live" and then "Pull light agent"


3. Select the Windows x64 tab.

4. Copy the powershell for downloading the agent, driver and certificates. Note: this powershell fragment is valid for only 30 minutes.


5. Paste the powershell fragment into a powershell session that has administrator privileges.


6. In the same powershell session, run the agent and connect to the relevant evidence repository via its private IP address. In the following, the Evimetry Repository Agent is at IP address 10.208.226.33

.\evimetry.agent.exe 10.208.226.33

NOTE: Pay careful attention to the ".\" syntax above.


Deploy and connect a live agent: Linux

1. Log into the Evimetry portal.

2. Go to the menu and select "Live" and then "Pull light agent"


3. Select the Linux x64 tab (or x32 if you are deploying to a 32 bit OS).

4. Copy the shell fragments for downloading the agent and certificates.


5. Paste the shell fragment into a console session.


6. In the same shell session, run the agent and connect to the relevant evidence repository via its private IP address. THIS NEEDS ROOT PRIVILEGES. In the following, the Evimetry Repository Agent is at IP address 104.130.4.91

./evimetry.agent 104.130.4.91

NOTE: Pay careful attention to the "./" syntax above.


7. Open the Evidence Repository with the Controler for acquisition.