Kevin Ripa
[SANS Institute ]
Kevin currently serves as president of The Grayson Group of Companies, which consists of Computer Evidence Recovery, Pro Data Recovery Inc., and J.S. Kramer & Associates, Inc. He provides investigative services to various levels of law enforcement, Fortune 500 companies, and the legal community. He is past president of the Alberta Association of Private Investigators and a former member of the Canadian Department of National Defence, where he served in both foreign and domestic postings.

Kevin has assisted in many complex cyber-forensics and hacking response investigations around the world. He's a sought-after resource for his expertise in information technology investigations and frequently serves as an expert witness. In one memorable case, Kevin had a client charged with a heinous crime and facing significant jail time. "There was no question that the contraband material was on his computer, but our investigation proved conclusively that he could not have placed the material on the computer, nor was the computer even in his custody when the material was downloaded and viewed," explains Kevin. "In fact, the material had been placed on his computer inadvertently by his accusers, without them knowing that they had done it."

Back when he was a student, Kevin had chosen SANS because of the caliber of the instruction. Today he is a SANS instructor for SEC301: Intro to Information Security, SEC401: Security Essentials Bootcamp Style, and FOR500: Windows Forensic Analysis.

"I teach because I love to share knowledge, and I teach for SANS because it is the best of the best," Kevin explains." I am really fortunate that SANS appreciates my knowledge and allows me the opportunity to pass it on. I love teaching security and DFIR, because it's like talking about my hobby. And when a student's light bulbs come on, it makes it even more worthwhile."

Kevin's teaching philosophy is that the instructor is there for the students, not the other way around. "If my students do not 'get' something by the end of the section, or day, or course, it is me that has failed as an instructor," he says. Kevin sees it as his duty to make the information understandable to each one of his students, and he wants his students to walk away from his classes reinvigorated about the field they have chosen and feeling they can make an actionable difference in the security of their enterprise. He also strives to remind them that humility is vital for career success.

Tutorial: KAPE, Kansa and Velociraptor: a demonstration of free tools for digital forensics and incident response

Technical Level (3 being the highest score): 2

In this workshop, SANS Principal Instructor Mike Pilkington and SANS Senior Instructor Kevin Ripa will present rapid triage techniques for acquiring and analyzing hosts, both on an individual level and at scale across an enterprise network. The session will demonstrate several excellent free tools, including KAPE, Kansa, and Velociraptor. Each have some amazing capabilities, yet fill different complementary roles. Attendees will be able to follow along with many of the demonstrations. This four-hour interactive session will be conducted via the SANS Live Online platform.

Secure your place now!