QUICK START

KAPE is an efficient and highly configurable triage program that will target essentially any device or storage location, find forensically useful artifacts, and parse them within a few minutes. KAPE can be downloaded HERE.

For thorough documentation, go HERE!! This URL will always be the latest documentation.

It is also possible to attend KAPE training from Kroll instructors. Details can be found HERE!!

NOTE: We have clarified KAPE usage permissions for commercial applications. See details here.

Downloading KapeFiles for KAPE

To download the latest files, click the "Sync with Github" button in gkape.exe or run kape.exe --sync

Contributing

This repository serves as a place for community-created Targets and Modules for use with KAPE.

Please send PRs should you come up with new Targets or Modules for inclusion in the project!

Targets

If you need help with creating Targets, check out this guide.

Modules

Be sure to point the BinaryUrl property to the download location in Module files!

All other info including requirements, etc. should be documented at the end of the Module in comment blocks.

NOTE: BEFORE INITIATING A PR, PLEASE ENSURE YOU HAVE DONE THE FOLLOWING:

Generated a unique GUID for the Target or Module
Place the file in the appropriate sub-folder in Targets or Modules. Use 'Misc' if a better category does not exist
Verified KAPE parses the Target or Module cleanly via kape.exe --tlist . or kape.exe --mlist . (Check for any reported errors and correct as necessary)

Thanks!!!

Eric Zimmerman

About

This repository serves as a place for community created Targets and Modules for use with KAPE.

MIT License