As hard drive sizes get larger and larger, conducting full disk forensics is becoming a thing of the past. Why spend hours analyzing a disk image when you can analyze a handful of core Windows artifacts to build your case in a matter of minutes. In this webcast hosted by SANS Institute and presented by Mari DeGrazia, Senior Director in Kroll’s Cyber Risk practice, learn how to use Kroll Artifact Parser and Extractor (KAPE) to collect key operating system files from a live system or a forensic image. Once the data is collected, KAPE can be leveraged to parse various artifacts and build a mini-timeline. In addition, learn how to customize KAPE by writing your own custom modules for your workflow.
Schedule: August 13, 3:30 p.m. (EDT)
