Evimetry Imager

CUT HOURS FROM FORENSIC WORKFLOW.

Evimetry Imager is the world’s fastest forensic imager. Evimetry accelerates workflow at the front end of forensic processes, encompassing acquisition, live analysis, triage, and remote forensics.

 

 
 

Acquire faster than anything else.

Spend less time waiting and more time analysing. For traditional linear bitstream imaging, Evimetry cuts hours from acquisition times of SSD, NVMe, SAN and RAID systems.

For example, an 1TB Macbook Pro can be imaged in 20 minutes, and a 512GB NVMe drive in 5 minutes.

Dead or alive.

All current techniques for dead disk forensics are supported, including forensic live CD and pulled disks via write blocker. The forensic live CD environment supports booting PC and Mac based hardware (both traditional and UEFI), as well as virtual.

Analyse immediately.

Evimetry closes the gap between acquisition and analysis, with examination and triage activities to occurring at the same time as acquisition.

Leverage your preferred forensic toolset for live analysis and triage while you acquire, via a virtual disk device view of your live acquisition.


 

Acquire only what you choose.

Evimetry’s technical advance is the partial physical forensic image. This enables acquisition of the most important evidence first, and the successive widening of scope by live analysis and category based profiles.

Works with your current toolkit.

Evimetry’s physical images are simply accessible from your current forensic toolset (even partial images), using our freely available filesystem bridge. Or if you prefer, convert into existing format in the time it takes to copy an image from an evidence drive to an analysis workstation.

 


Buy Evimetry Imager.

Please contact us to purchase at the following introductory pricing. Prices are in US Dollars.


Imager   Imager Multi   Advanced Imager   Responder
$150   $600   $1,200   $2,500
Fast bare metal acquisition   Fastest multi-destination bare metal acquisition   Live analysis & multi destination bare metal acquisition.   Local and remote accelerated acquisition & live analysis.
Dead boot single destination acquisitions      
Dead boot multi-destination striped acquisitions -      
Remote network control of acquisition operations -   -    
Remote Live agent network based operations (Windows, Linux, OSX) -   -   -  
Remote in-cloud evidence storage agent -   -   -  
Concurrent advanced acquisitions 1   1   2   2
Remote Volatile Memory acquisition (Windows, MacOS, Linux) -   -   -  
Complete Physical Disk acquisition      
Partial Physical acquisition of allocated only -   -    
Partial Physical acquisition (profile based) -      
Convert AFF4 to EWF & RAW      
Mount local images as virtual file or disk      
Mount remote images as virtual file or disk -   -    
Node to node image transfer -      
Communications encrypted with strong TLS 1.2 crypto -   -    

Ready for digital forensics at wire speed?