EricZimmerman/KapeFiles EricZimmerman/KapeFiles

  • Stars
    star
    624
  • Rank 71,579 (Top 2 %)
  • Language
  • License
    MIT License
  • Created almost 6 years ago
  • Updated 2 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
EricZimmerman/KapeFiles
github

EricZimmerman

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This repository serves as a place for community created Targets and Modules for use with KAPE.

Logo

KAPE Files

Community-created Targets and Modules for use with KAPE
Download KAPE ยท Report a Bug ยท Request Feature

KapeFiles

KAPE Overview

KAPE is an efficient and highly configurable triage program that will target essentially any device or storage location, find forensically useful artifacts, and parse them within a few minutes. KAPE can be downloaded HERE.

For thorough documentation, go HERE!! This URL will always be the latest documentation.

It is also possible to attend KAPE training from Kroll instructors. Details can be found HERE!!

KAPE License

NOTE: We have clarified KAPE usage permissions for commercial applications. See details here.

Downloading KapeFiles for KAPE

To download the latest files, click the Sync with GitHub button in gkape.exe or run kape.exe --sync

Contributing

This repository serves as a place for community-created Targets and Modules for use with KAPE.

Please see CONTRIBUTING.md for guidance on contributing to this repository.

NOTE: BEFORE INITIATING A PR, PLEASE ENSURE YOU HAVE COMPLETED THE STEPS LISTED WITHIN THE PULL REQUEST TEMPLATE PRIOR TO SUBMISSION!

Support

If you need support with KAPE, please consider the following options:

  • For general questions/discussion, please consider starting a discussion
  • For bugs, please consider raising an Issue
  • For help with Targets, check the Targets section below
  • For help with Modules, check the Modules section below

Ongoing Projects

  • Targets/Modules To Do List - Development roadmap for KAPE Targets and Modules. Please feel free to contribute by adding ideas or by finishing tasks in the To Do column. Any help is appreciated!

Targets

If you need help with creating Targets, check out the following resources:

Modules

If you need help with creating Modules, please check out the following resources:

Be sure to point the BinaryUrl property to the download location in Module files!

All other info including requirements, etc. should be documented at the end of the Module in comment blocks.

KAPE Manual

The official KAPE Manual can be found here.

Eric Zimmerman

More Repositories

1

evtx

C# based evtx parser with lots of extras
C#
258
star
2

LECmd

Lnk Explorer Command line edition!!
C#
252
star
3

Registry

Full featured, offline Registry parser in C#
C#
216
star
4

PECmd

Prefetch Explorer Command Line
C#
200
star
5

VoronTools

Various scripts and tools
Shell
187
star
6

MFTECmd

Parses $MFT from NTFS file systems
C#
174
star
7

Get-ZimmermanTools

Get all my software
PowerShell
129
star
8

RECmd

Command line access to the Registry
Rebol
121
star
9

bstrings

A better strings utility!
C#
118
star
10

AmcacheParser

Parses amcache.hve files, but with a twist!
C#
109
star
11

AppCompatCacheParser

AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10
C#
105
star
12

JumpList

C#
103
star
13

Prefetch

Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.
C#
103
star
14

ericzimmerman.github.io

Software downloads
HTML
87
star
15

Lnk

Lnk file parser
C#
78
star
16

JLECmd

Automatic and Custom Destinations jump list parser with Windows 10 support
C#
71
star
17

RegistryPlugins

C#
60
star
18

MFT

MFT parser
C#
56
star
19

RegistryExplorerBookmarks

Registry Explorer bookmark definitions
43
star
20

KapeDocs

Documentation repository
HTML
41
star
21

SQLECmd

C#
41
star
22

Voron24

Voron 2.4 350 configuration files. LDOkit
Shell
35
star
23

Srum

C#
35
star
24

RBCmd

Recycle bin artifact parser
C#
33
star
25

SDB

Parse Microsoft shim databases
C#
29
star
26

RecentFileCacheParser

Parses RecentFileCacheParser.bcf files
C#
25
star
27

ExtensionBlocks

Extension blocks as found in ShellBags and other places in the Registry
C#
24
star
28

TLEFilePlugins

Plugins for parsing CSV files in Timeline Explorer. This project allows for anyone to add more supported files (i,e. they get a Line #/tag column, layout support, searching, etc.)
C#
23
star
29

USBDevices

Get USB Devices from Registry hives
C#
22
star
30

WxTCmd

C#
20
star
31

OleCf

Library to process OLE compound file format. This is a work in progress and was initially written for jumplist parsing (for which it does fine)
C#
19
star
32

Sum

C#
19
star
33

iisGeolocate

geolocate ip addresses in IIS logs
C#
19
star
34

GuidMapping

C#
15
star
35

VSCMount

Mount VSCs with ease!
C#
15
star
36

EricZimmerman

14
star
37

VoronConfigs

Klipper configuration for an LDO Voron V2.4 350mm with Euclid probe
14
star
38

Voron02

Voron 0.2 configs (v0s1 --> 0.2)
Shell
13
star
39

Issues

This is a repository for reporting any issues in any of my software
10
star
40

MVT

C#
9
star
41

timeapp

Simple time and public IP app, useful for recording the screen while interacting with a computer for later corroboration of artifacts against time
C#
9
star
42

filemgr

File manager with dedupe on import, export existing, export delta, hash list generation, etc.
Python
6
star
43

EmailCounter

C#
3
star