How much can you accomplish while a full disk image is completing? And what portion of that disk is actually relevant to your case? With KAPE’s collection and triage capabilities full disk forensics is becoming a thing of the past. In this session, KAPE instructor and DFIR expert Mari DeGrazia showcases how key Windows artifacts can be collected from a live or forensic image, parsed, and structured into a mini-timeline in just a few minutes using KAPE.
Watch the On-Demand Webinar Now.Schedule: 1:00 p.m. –1:30 p.m. (ET)
Key takeaways:
- Learn how to leverage KAPE to collect triage data
- Learn how to normalize data across multiple artifacts
- Learn how to build a mini timeline using KAPE
- Learn how to analyze a mini timeline
Tools used in the session:
- KAPE – free download
- Eric Zimmerman Tools
- RegRipper (free download)
- Harlan Carvey’s Timeline Tools
- Unicode to Ascii
- evtxECmd_2_tln.exe
Speaker: Mari DeGrazia, Associate Managing Director, Cyber Risk
