killchain-compendium/forensics/kape.md

24 lines
594 B
Markdown
Raw Normal View History

2022-05-05 09:31:18 +02:00
# Kroll Artifact Parser
* Collect and processes artifacts on windows
* Collects from live systems, mounted images and F-response tool
## Targets
* Needs source and target directory, as well as a module to process the files on
* `Target` copies a file into a repository
* `*.tkape` files contains metadata of the files to copy
* `Compound Targets` contain metadata of multiple files in order to get a result quicker
* `!Disable` do not appear in the target list
* `!Local` keep on local
## Modules
* Used on the targeted files
* `*.mkape` files
* Additional binaries are kept in `bin`