Andrew Rathbun
Vice President
Cyber Risk
Secaucus
How to Use KAPE and SQLECmd with EventTranscript.db
September 21, 2021 | (Online)
Webcast , Countries
EventTranscript.db, a recently discovered Windows 10+ artifact, can track and maintain a wealth of artifacts and data elements. Kroll’s Andrew Rathbun and Josh Mitchell found that Kroll Artifact Parser and Extractor (KAPE), leveraging the EventTranscriptDB Target and SQLECmd Module, will collect the database from any Windows 10+ system if the database is enabled and parse it accordingly.
Join Andrew and Josh for a 30-minute webcast as they walk through the benefits of using the EventTranscriptDB Target using KAPE, parsing EventTranscript.db using !EZParser or SQLECmd Modules and how to set up EventTranscriptDB SQLECmd Map within your local instance of KAPE.
Schedule: 1:00 p.m. – 1:30 p.m. (EST)
Key Takeaways
- Overview of the DiagTrack service
- Ways control mechanisms can impact logging
- Data sampling and how to identify its presence
- EventTranscript.db in everyday analysis
- How EventTranscript.db can be the only location of certain information
- Investigative workflow using the applicable KAPE Target and Module
Tools Used in This Session
- KAPE – free download here
- Eric Zimmerman tools – https://ericzimmerman.github.io/
- SQLECmd
- Timeline Explorer
Speakers
- Andrew Rathbun, Senior Associate, Cyber Risk
- Josh Mitchell, Senior Vice President, Cyber Risk
Connect with us
Cyber Risk
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Kroll Artifact Parser And Extractor (KAPE)
Find, collect and process forensically useful artifacts in minutes.
24x7 Incident Response
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Data Recovery and Forensic Analysis
Kroll's expertise establishes whether data was compromised and to what extent. We uncover actionable information, leaving you better prepared to manage a future incident.
Cyber Risk Retainer
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Computer Forensics
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
Data Collection and Preservation
Improve investigations and reduce your potential for litigation and fines with the strict chain-of-custody protocol our experts follow at every stage of the data collection process.
Kroll is headquartered in New York with offices around the world.
55 East 52nd Street 17 Fl
New York NY 10055
Sign up to receive periodic news, reports, and invitations from Kroll.
Our privacy policy describes how your data will be processed.
© 2024 Kroll, LLC. All rights reserved.
Kroll is not affiliated with Kroll Bond Rating Agency,
Kroll OnTrack Inc. or their affiliated businesses. Read more.