Evimetry Responder

ACQUIRE FASTER. ANALYSE IMMEDIATELY.

Combining all of the featues found in Evimety Imager and Evimetry Remote, Evimetry Responder accelerates forensics workflow across local and remote, live and dead foresic techniques.

 

 
 

Acquire faster than anything else.

Spend less time waiting and more time analysing. For traditional linear bitstream imaging, Evimetry cuts hours from acquisition times of SSD, NVMe, SAN and RAID systems.

For example, an 1TB Macbook Pro can be imaged in 20 minutes, and a 512GB NVMe drive in 5 minutes.

Dead or alive.

All current techniques for dead disk forensics are supported, including forensic live CD and pulled disks via write blocker. The forensic live CD environment supports booting PC and Mac based hardware (both traditional and UEFI), as well as virtual.

Acquire and analyse remote evidence at wire speed.

Analyse remote live Windows, OSX and Linux systems without the wait. Evimetry’s secure network protocol uses compression to speed evidence access. Any evidence accessed is stored in a partial forensic image, with following accesses read from the image, preserving limited network resources.


Flexibility in evidence storage location.

Position evidence storage in locations close to target computers faster and more reliable acquisitions. For example, spin up an instance of the cloud agent in the same datacentre as a target server, or ship an appliance instance of the dead boot agent to a branch o ce.

Acquire only what you choose.

Evimetry’s technical advance is the partial physical forensic image. This enables acquisition of the most important evidence first, and the successive widening of scope by live analysis and category based profiles.

Analyse immediately.

Evimetry closes the gap between acquisition and analysis, with examination and triage activities to occurring at the same time as acquisition. Leverage your preferred forensic toolset for live analysis and triage while you acquire, via a virtual disk device view of your live acquisition.


 

Works with your current toolkit.

Evimetry’s physical images are simply accessible from your current forensic toolset (even partial images), using our freely available filesystem bridge. Or if you prefer, convert into existing format in the time it takes to copy an image from an evidence drive to an analysis workstation.

Simple, secure access.

Evimetry uses robust, industry standard TLS encryption for security in a simple to deploy and manage form.

 

Buy Evimetry Responder.

Please contact us to purchase at the following introductory pricing. Prices are in US Dollars.


Imager Advanced   Remote Standard   Responder
$1,200   $1,400   $2,500
Multi destination bare metal
acquisition & analysis
  Live agent remote acquisition & analysis.   Dead boot, live agent & cloud agent
acquisition & live analysis.
Dead boot single destination acquisitions   -  
Dead boot multi-destination striped acquisitions   -  
Remote network control of acquisition operations    
Remote Live agent network based operations (Windows, Linux, OSX) -    
Remote in-cloud evidence storage agent -   -  
Concurrent advanced acquisitions 2   2   2
Remote Volatile Memory acquisition (Windows, MacOS, Linux) -    
Complete Physical Disk acquisition    
Partial Physical acquisition of allocated only    
Partial Physical acquisition (profile based)    
Convert AFF4 to EWF & RAW    
Mount local images as virtual file or disk    
Mount remote images as virtual file or disk    
Node to node image transfer    
Communications encrypted with strong TLS 1.2 crypto    

Ready for digital forensics at wire speed?