Has your workload increased or decreased in recent years? With an ever-growing backlog of cases, efficiently locating and processing data is becoming just as important a skill as interviewing and other traditional skills investigators rely on. With the Kroll Artifact Parser and Extractor’s (KAPE) collection and triage capabilities, full disk forensics is becoming a thing of the past. In this session, KAPE creator Eric Zimmerman showcases how key Windows artifacts can be collected from a live or forensic image, parsed and reviewed in a few minutes using KAPE. Additionally, Eric will demonstrate how to make custom targets to collect child exploitation material such as .jpgs, .pngs, .mp4s, etc. These examples can then be extended to meet the requirements of even the most complex cases.
Schedule: 1:00 p.m. – 1:30 p.m. (ET)
- Learn how to leverage KAPE to collect data most relevant to child exploitation cases
- Learn how to extract actionable intelligence from artifacts found on offender’s systems
- Learn how to prioritize machines for analysis when dealing with multiple systems
Tools used in the session:
Speaker: Eric Zimmerman, Senior Director, Cyber Risk, Kroll, a division of Duff & Phelps
Kroll Artifact Parser Extractor (KAPE)
Find, collect and process forensically useful artifacts in minutes.
Kroll CyberDetectER® - Cyber Threat Detection and Response
Proactively monitor, detect and respond to threats virtually anywhere – on endpoints and throughout the surface, deep and dark web.
Global, end-to-end cyber risk solutions.
24x7 Incident Response
Compliant notifications, reputation-saving remediation, and litigation support.