Last Day to Save $200 on Hands-on Cyber Security Training at SANS Santa Monica 2019!


Coral Gables, FL | Mon, Nov 4 - Sat, Nov 9, 2019
Event starts in 46 Days

Making Forensic Processing EZer

  • Eric Zimmerman
  • Monday, November 4th, 7:15pm - 9:15pm

There are many reasons to write forensics tools, from making it open source, to being free from a vendor for updates, to breaking reliance on APIs. But designing and building tools is not enough. It quickly becomes necessary to run multiple tools in a consistent and efficient manner. Once robust, dedicated tools exist for the most important artifacts, a means to coordinate and automate and run those tools across data is needed. Tools such as KAPE address this need and provide a means for end users to build collection and processing tool chains that makes sense for them.

Conceptually, it is a short hop from consistent and efficient "processing tool chains" to scalable, automated processing. The key is reliability and efficacy of the processing tool chain, whether you are concerned light-weight scans of tens of thousands of disks or more in-depth triage of scores of disks at a time. Tools such as Kape provide a means to simplify the development, testing, and implementation of forensics tasks for automation. Once the automation is reliable, scale is largely a matter of increasing the instances of where the automation runs.

In this talk, Eric will explore the development and refinement process of EZ Tools and how KAPE can be used as the "glue" to tie things together.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Monday, November 4
Session Speaker Time Type
General Session - Welcome to SANS Peter Szczepankiewicz Monday, November 4th, 8:00am - 8:30am Special Events
Making Forensic Processing EZer Eric Zimmerman Monday, November 4th, 7:15pm - 9:15pm Keynote
Tuesday, November 5
Session Speaker Time Type
Top 10 Writing Mistakes in Cybersecurity and How You Can Avoid Them Lenny Zeltser Tuesday, November 5th, 6:15pm - 7:15pm SANS@Night
A Wild Goose Chase: Hunting for Hard to Find Smartphone Applications and Malware Heather Mahalik Tuesday, November 5th, 7:15pm - 8:15pm SANS@Night
Wednesday, November 6
Session Speaker Time Type
DFIR Night Out Reception Wednesday, November 6th, 7:00pm - 10:00pm Reception