Deadboot Overview

Evimetry's deadboot is a Forensic OS based tool for safe acquisition and live analysis of Intel based bare metal computers and virtual machines. The Deadboot contains a Linux-based live operating systems, built to provide write blocking. On top of this runs the Evimetry Deadboot Agent,

Burning a USB Deadboot agent (v3.0.6+)

Evimetry now allows one to create a Deadboot USB from within the Controller (Windows only, for now). This has the added advantage of creating hybrid Dead Boot USB/Blessed Evidence Storage drives.

1. Download the Evimetry Dead Boot Agent ISO Image.

2. Attach your intended Dead Boot USB media to the Controller computer, and refresh the Controller node.

Dead Boot Media must be empty. For safety, Evimetry will only erase and create a Dead Boot USB on empty media. This means that you will need to delete any partitions from a non-empty drive first. Careful users may disable this default behaviour in the Preferences.

3. Right click on the intended Dead Boot USB media and choose "Create Deadboot".

4. Select the Evimetry Dead Boot Agent ISO you downloaded earler.

5. Acknowledge that you are overwriting the media.

5. On completion of writing, the media will be provisioned as a Dead Boot Agent, bootable by Legacy (BIOS) and UEFI Windows computers, and Intel Mac's.

Small USB Flash drives will be provisioned as simply as a single partition Dead Boot USB.

Large USB Hard Drives will be provisioned as a Hybrid Dead Boot USB, with the second partition a Blessed Evidence Storage Repository. This enables one to connect a single disk for dead boot & evidence storage, saving scarce USB ports on some computers.

Prepare a Deadboot agent (legacy)

The creation of Dead Boot USB's in earlier versions of Evimetry required the usage of third party utilities. This usage is still possible, but not recommended due to the benefits of the new integrated approach.

1. Download the Evimetry Dead Boot Agent ISO Image.

2. Create a bootable CD or USB. Our tool of choice for bootable USB's is Rufus. The following settings have been tested to boot both PC and Mac hardware.

  • Partition Scheme: MBR Partition Scheme for BIOS or UEFI Computers.
  • File System: FAT32

Deadboot CD/DVD preparation

Simply download the Evimetry Deadboot Agent CD ISO Image and write it to a CD and boot as you would any other LiveCD forensic tool.

The boot CD works well in earlier PC and Mac hardware not supporting boot from USB.