KAPE Triage

KAPE (Kroll Artifact Parser and Extractor) is a tool used in digital forensics for quickly collecting and processing data from target systems.

Files often being extracted:

Event logs
Registry
MFT UsnJrnl
Win10 Timeline
SRUM
BAM/DAM
Prefetch
Jumplist
Browser history

Please refer: https://fareedfauzi.github.io/2023/12/22/Windows-Forensics-checklist-cheatsheet.html#triage-artifacts-parsing-and-analysis

PreviousIntroduction NextEvent Log Analysis

Last updated 5 months ago