Last Week for OnDemand Special Offer: iPad Air w/ Smart KB, Surface Go, or $300 Off

DFIR Summit & Training 2020 - Live Online

Virtual, US Eastern | Thu, Jul 16 - Sat, Jul 25, 2020

In response to the escalation of the COVID-19 pandemic, we've made the decision to convert this training event into a Live Online event.

The courses below will take place online, using virtual software to stream live instructors to all registered students during the scheduled classroom hours. (Eastern Time) This alternate training format will allow us to deliver the cybersecurity training you expect while keeping you, our staff, and our instructors as safe as possible.

Your registration for a Live Online course includes electronically delivered courseware, live streaming instruction by a SANS instructor, course labs, and four months of online access to course recordings.

KAPE: What‚s all the buzz about?

  • Mark Hallman
  • Sunday, July 28th, 7:30pm - 8:30pm

KAPE (Kroll Artifact Parser and Extractor) is a Digital Forensics & Incident Response (DFIR) triage tool developed by Eric Zimmerman. KAPE can both collect digital evidence based upon a highly configurable set of target definitions and process that data with an ever-gowning list of processing modules. New targets and modules are being added every day, not just by Zimmerman, but by the DFIR community. KAPE is a real game-changer; no other tool is even close.

In traditional SANS style, this talk provides you with the knowledge to effectively use KAPE when you walk out the door. The use of KAPE and KAPE Target Configurations for collection of forensically valuable artifacts will be covered. Command-line examples covering everything from the collection a single live system to using PowerShell to remotely collect data from multiple systems and send that collected to a remote ssh server.

KAPE Modules are a crucial differentiator of KAPE from other DFIR triage tools. KAPE Module Configurations define how a set of data to be processed. You can direct KAPE to run tools, utilities, or scripts against your data. These include Zimmerman‚s own tools but also many other DFIR tools. Module command-line examples will be provided and we will cover creating module configurations so you can add your favorite tool. The genius of KAPE is that the investigator can define a set of data to be collected and then, in that same command line, define the processing to be performed on the collected data. Using KAPE, the investigator is quickly armed the parsed data to begin their analysis. Come join us and put the power of KAPE to work for you, now!


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Wednesday, July 22
Session Speaker Time Type
SANS@MIC -Get Involved! Use Your OSINT Powers for Good! Jeff Lomas Wednesday, July 22nd, 8:30pm - 9:30pm SANS@Night