Table of Contents
- Page 1 – Introduction, Screenshots
- Page 2 – How to Use KAPE, Usage Scenarios
- Page 3 – Examining KAPE Output
- Page 4 – Miscellaneous
- Page 5 – Conclusion, KAPE-Related Blog Posts/Videos, Change Log
KAPE is a modular triage tool that can be catered to meet your specific forensic artifact collection and parsing needs from live and mounted systems. In short, it can target specific artifacts using the Targets feature and then parse the artifacts to provide meaningful, actionable output using the Modules feature. In plain English, it grabs files of interest and facilitates the output of human readable artifacts for the examiner to analyze in a very quick manner.
This guide was created with those new to KAPE in mind, regardless of background (LE, Private, Student, etc). It should be noted the primary purpose of this guide is aimed to help break the intimidation barrier with trying out a new tool such as KAPE. There are certainly more advanced ways to leverage KAPE but they will not be covered in this guide. Maybe in a future guide!
If by the end of this guide you don’t think to yourself “hey, I can totally use this in my day to day work”, then please let me know why that’s not the case.
Download link: Introducing KAPE – Kroll Artifact Parser and Extractor
License: KAPE EULA – Summary: free to all Law Enforcement, personal learning purposes, and permitted for non-commercial use by students and educational institutions, solely for purposes directly related to learning, training, research, or development functions performed by an educational institution.
Command Line (kape.exe)
Yes, there is a dark mode. Use it! Tools -> Skins to customize gkape to your liking.