- This event has passed.
January 15, 2018 – Data Recovery & Forensics
January 15, 2019 @ 6:00 pm - 9:00 pm
Triage Imaging & ‘Must Have’ Enterprise Data
About our topic:
This presentation will cover two extremely important, but often overlooked areas in your Enterprise.
How do I know they are overlooked? Because I see it every day. You are tasked with looking into the activity on a computer. You don’t have a forensic capability, or don’t have the time or funds for a full forensic exam. How about reaching into a computer with a step by step guide to extract only the 1% of the data where 99% of all evidence lives? And extract it in minutes, not days. Then you find your subject actual destroyed evidence. Volume Shadow Copy to the rescue, to get it back and prove what was done. What? No VSC? Why not? We will also talk about a few settings you MUST have in your Enterprise that most do not have configured or enabled. The best part of this is that all tools presented are free.
About our presenter:
Kevin J. Ripa, is the owner of The Grayson Group, and Past President and current Vice President of the Alberta Association of Private Investigators. He is a former member, in various capacities, of the Department of National Defence serving in both foreign and domestic postings. He is now providing superior service to various levels of law enforcement, Fortune 500 companies, and the legal community, and has assisted in many complex cyber-forensics and hacking response investigations (including nation-state) around the world.
Kevin has over 20 years of experience in the digital investigations & incident response fields, having started doing forensics before the days of GUI response and vendor training. He is a respected and sought after individual for his expertise in Information Technology investigations, and he has been qualified as an expert witness on numerous occasions at virtually all levels of the judicial process. He has also designed, produced, hosted, and taught numerous industry related courses, not to mention hundreds of speaking and training engagements to industry and law enforcement around the world.
As well as being a SANS Certified instructor, Kevin holds a number of industry certifications, including GSEC, GISF, GCFE, GCFA, BAI, EnCE, Certified Data Recovery Professional, and has previously held certs as Certified Penetration Tester and Certified Ethical Hacker. He has also authored dozens of articles in circulation, as well as chapters to a number of manuals, books, and training texts on the subjects of Computer Security and Forensics. Kevin currently teaches SEC401, SEC301, and FOR500, and is also currently writing a new course for SANS.