Speakers: Mari DeGrazia
As hard drive sizes get larger and larger, conducting full disk forensics is becoming a thing of the past. Why spend hours analyzing a disk image when you can analyze a handful of core Windows artifacts to build your case in a matter of minutes. In this webcast, learn how to use the free tool KAPE to collect key operating system files from a live system or a forensic image. Once the data is collected, KAPE can be leveraged to parse various artifacts and build a mini-timeline. In addition, learn how to customize KAPE by writing your own custom modules for your workflow.