Last Day to Save $300 on 4-6 Day Cyber Security Courses at SANS Cyber Defense Initiative® in Washington, DC!

DFIR Summit & Training 2019

Austin, TX | Thu, Jul 25, 2019 - Thu, Aug 1, 2019
This event is over,
but there are more training opportunities.

KAPE: What‚s all the buzz about?

  • Mark Hallman
  • Sunday, July 28th, 7:30pm - 8:30pm

KAPE (Kroll Artifact Parser and Extractor) is a Digital Forensics & Incident Response (DFIR) triage tool developed by Eric Zimmerman. KAPE can both collect digital evidence based upon a highly configurable set of target definitions and process that data with an ever-gowning list of processing modules. New targets and modules are being added every day, not just by Zimmerman, but by the DFIR community. KAPE is a real game-changer; no other tool is even close.

In traditional SANS style, this talk provides you with the knowledge to effectively use KAPE when you walk out the door. The use of KAPE and KAPE Target Configurations for collection of forensically valuable artifacts will be covered. Command-line examples covering everything from the collection a single live system to using PowerShell to remotely collect data from multiple systems and send that collected to a remote ssh server.

KAPE Modules are a crucial differentiator of KAPE from other DFIR triage tools. KAPE Module Configurations define how a set of data to be processed. You can direct KAPE to run tools, utilities, or scripts against your data. These include Zimmerman‚s own tools but also many other DFIR tools. Module command-line examples will be provided and we will cover creating module configurations so you can add your favorite tool. The genius of KAPE is that the investigator can define a set of data to be collected and then, in that same command line, define the processing to be performed on the collected data. Using KAPE, the investigator is quickly armed the parsed data to begin their analysis. Come join us and put the power of KAPE to work for you, now!


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
Thursday, July 25
Session Speaker Time Type
Vendor Showcase Thursday, July 25th, 10:00am - 10:30am Vendor Event
After the Attack: Automate and Accelerate Your Post-Breach Response Shon Harris, Senior Cloud Engineer Thursday, July 25th, 12:00pm - 1:20pm Lunch and Learn
Domain & DNS-based Adversarial Threat Intelligence in the SOC/CSIRT Corin Imai, Senior Security Advisor Thursday, July 25th, 12:00pm - 1:20pm Lunch and Learn
Incident Response and Investigation using Shadow Search - A Real World Example James Morin, Threat Intelligence Manager Thursday, July 25th, 12:00pm - 1:20pm Lunch and Learn
Chopping Down a Dense forest of Teleme-Trees: Making Telemetry Work for You Justin Ibarra, Security Researcher Thursday, July 25th, 12:00pm - 1:20pm Lunch and Learn
Vendor Showcase Thursday, July 25th, 3:15pm - 3:45pm Vendor Event
DFIR Summit Night Out in ATX! Thursday, July 25th, 7:00pm - 9:00pm Special Events
Friday, July 26
Session Speaker Time Type
Vendor Showcase Friday, July 26th, 9:45am - 10:15am Vendor Event
Vendor Showcase Friday, July 26th, 12:00pm - 1:15pm Vendor Event
Vendor Showcase Friday, July 26th, 2:50pm - 3:20pm Vendor Event
Saturday, July 27
Session Speaker Time Type
Enterprise DFIR with EnCase - Uncovering the Metaphorical Devil in the Details Jeff Hedlesky, Forensic Evangelist, OpenText & JJ Cranford, Sr. Product Mkting Mgr, OpenText Saturday, July 27th, 12:30pm - 1:15pm Lunch and Learn
Security Orchestration and Automation to respond to Insider Threats John Avendano, Technical Consultant Saturday, July 27th, 12:30pm - 1:15pm Lunch and Learn
An Update on the Current State of Windows Forensics David Cowen Saturday, July 27th, 6:30pm - 8:30pm Keynote
Sunday, July 28
Session Speaker Time Type
Come to the Dark Side: Python's Sinister Secrets Mark Baggett Sunday, July 28th, 6:30pm - 7:30pm SANS@Night
KAPE: What‚s all the buzz about? Mark Hallman Sunday, July 28th, 7:30pm - 8:30pm SANS@Night
Monday, July 29
Session Speaker Time Type
Piecing the Digital Story Together Using Magnet AXIOM Tarah Melton, Forensic Consultant Monday, July 29th, 12:30pm - 1:15pm Lunch and Learn
DFIR Community Night Monday, July 29th, 6:00pm - 8:00pm Special Events