killchain-compendium/forensics/kape.md

# Kroll Artifact Parser

* Collect and processes artifacts on windows
* Collects from live systems, mounted images and F-response tool

## Targets

* Needs source and target directory, as well as a module to process the files on
* `Target` copies a file into a repository
* `*.tkape` files contains metadata of the files to copy
* `Compound Targets` contain metadata of multiple files in order to get a result quicker
* `!Disable` do not appear in the target list
* `!Local` keep on local


## Modules

* Used on the targeted files
* `*.mkape` files
* Additional binaries are kept in `bin`
ettercap and binaries 2022-05-05 09:31:18 +02:00			`# Kroll Artifact Parser`

			`* Collect and processes artifacts on windows`
			`* Collects from live systems, mounted images and F-response tool`

			`## Targets`

			`* Needs source and target directory, as well as a module to process the files on`
			* `Target` copies a file into a repository
			* `*.tkape` files contains metadata of the files to copy
			* `Compound Targets` contain metadata of multiple files in order to get a result quicker
			* `!Disable` do not appear in the target list
			* `!Local` keep on local


			`## Modules`

			`* Used on the targeted files`
			* `*.mkape` files
			* Additional binaries are kept in `bin`