Webcast: Child Exploitation Investigation – Express Analysis with KAPE

September 16, 2020 | (Online)
Webcast , Countries

Has your workload increased or decreased in recent years? With an ever-growing backlog of cases, efficiently locating and processing data is becoming just as important a skill as interviewing and other traditional skills investigators rely on. With the Kroll Artifact Parser and Extractor’s (KAPE) collection and triage capabilities, full disk forensics is becoming a thing of the past. In this session, KAPE creator Eric Zimmerman showcases how key Windows artifacts can be collected from a live or forensic image, parsed and reviewed in a few minutes using KAPE. Additionally, Eric will demonstrate how to make custom targets to collect child exploitation material such as .jpgs, .pngs, .mp4s, etc. These examples can then be extended to meet the requirements of even the most complex cases.

Schedule: 1:00 p.m. – 1:30 p.m. (ET)

Key Takeaways

  • Learn how to leverage KAPE to collect data most relevant to child exploitation cases
  • Learn how to extract actionable intelligence from artifacts found on offender’s systems
  • Learn how to prioritize machines for analysis when dealing with multiple systems

Tools used in the session:

Speaker: Eric Zimmerman, Senior Director, Cyber Risk, Kroll, a division of Duff & Phelps

Kroll Artifact Parser And Extractor (KAPE)

Find, collect and process forensically useful artifacts in minutes.


Proactively monitor, detect and respond to threats virtually anywhere – on endpoints and throughout the surface, deep and dark web.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.