Final days to save $150 off practical cyber security training during SANSFIRE 2021 in Washington, DC! Register now.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

From Seizure to Actionable Intelligence in 90 Minutes or Less

  • Thursday, May 02, 2019 at 10:30 AM EDT (2019-05-02 14:30:00 UTC)
  • Kevin Ripa

You can now attend the webcast using your mobile device!



An effective battlefield forensicator must investigate large amounts of data quickly while maintaining data collection integrity and defensibility, often within high-stress environments. SANS is proud to introduce the FOR498: Battlefield Forensics & Data Acquisition, a new course authored by Instructors Eric Zimmerman and Kevin Ripa. This webcast will give you an overview of the contents of the 6 day course and the myriad of topics being covered. We will also dive deeper into a couple of the highlights, including booting an .E01 file in VMware to view the contents as though we were sitting at the subjects computer without spoliating the source evidence; discussing non-traditional acquisitions, and write blocking of devices that dont lend themselves to the traditional methods of protecting source data. We will cover a lot of ground in a little time, so bring a seatbelt!

Speaker Bio

Kevin Ripa

Kevin serves as president of The Grayson Group of Companies, which consists of Computer Evidence Recovery, Pro Data Recovery Inc., and J.S. Kramer & Associates, Inc. He provides investigative services to various levels of law enforcement, Fortune 500 companies, and the legal community. He is past president of the Alberta Association of Private Investigators and a former member of the Canadian Department of National Defence, where he served in both foreign and domestic postings. Kevin is a 25-year digital investigation veteran with hundreds of speaking and training engagements around the world. Today he is a SANS instructor for SEC301: Intro to Information SecuritySEC401: Security Essentials Bootcamp Style, and FOR500: Windows Forensic Analysis.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.