Has your workload increased or decreased in recent years? With an ever-growing backlog of cases, efficiently locating and processing data is becoming just as important a skill as interviewing and other traditional skills investigators rely on. With the Kroll Artifact Parser and Extractor’s (KAPE) collection and triage capabilities, full disk forensics is becoming a thing of the past. In this session, KAPE creator Eric Zimmerman showcases how key Windows artifacts can be collected from a live or forensic image, parsed and reviewed in a few minutes using KAPE. Additionally, Eric will demonstrate how to make custom targets to collect child exploitation material such as .jpgs, .pngs, .mp4s, etc. These examples can then be extended to meet the requirements of even the most complex cases.
Schedule: 1:00 p.m. – 1:30 p.m. (ET)
Key Takeaways
- Learn how to leverage KAPE to collect data most relevant to child exploitation cases
- Learn how to extract actionable intelligence from artifacts found on offender’s systems
- Learn how to prioritize machines for analysis when dealing with multiple systems
Tools used in the session:
- KAPE – free download here
- Eric Zimmerman tools – https://ericzimmerman.github.io/
Speaker: Eric Zimmerman, Senior Director, Cyber Risk, Kroll, a division of Duff & Phelps