Get a MacBook Air, $400 Amazon Gift Card, or Take $400 Off with OnDemand Training - Learn More


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Triage Collection and Timeline Analysis with KAPE

  • Tuesday, August 13, 2019 at 3:30 PM EDT (2019-08-13 19:30:00 UTC)
  • Mari DeGrazia

You can now attend the webcast using your mobile device!



As hard drive sizes get larger and larger, conducting full disk forensics is becoming a thing of the past. Why spend hours analyzing a disk image when you can analyze a handful of core Windows artifacts to build your case in a matter of minutes. In this webcast, learn how to use the free tool KAPE to collect key operating system files from a live system or a forensic image. Once the data is collected, KAPE can be leveraged to parse various artifacts and build a mini-timeline. In addition, learn how to customize KAPE by writing your own custom modules for your workflow.

Speaker Bio

Mari DeGrazia

Mari DeGrazia brings her puzzle-solving skills to her position as Senior Director of Incident Response at Kroll Cyber Security, where she leads high-profile incident response cases and helps clients find and respond to attackers in their environment. In her role as a SANS instructor for FOR500: Windows Forensic Analysis, Mari draws on nearly 20 years of experience in the IT industry, including 10 years in Digital Forensics and incident Response (DFIR).

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.