Triage Collection and Timeline Analysis with KAPE

  • Tuesday, 13 Aug 2019 3:30PM EDT (13 Aug 2019 19:30 UTC)
  • Speaker: Mari DeGrazia

As hard drive sizes get larger and larger, conducting full disk forensics is becoming a thing of the past. Why spend hours analyzing a disk image when you can analyze a handful of core Windows artifacts to build your case in a matter of minutes. In this webcast, learn how to use the free tool KAPE to collect key operating system files from a live system or a forensic image. Once the data is collected, KAPE can be leveraged to parse various artifacts and build a mini-timeline. In addition, learn how to customize KAPE by writing your own custom modules for your workflow.