Cyber Risk

Wed, Jul 19, 2023

KAPE Quarterly Update - Q2 2023

/en/our-team/eric-zimmermanEric Zimmerman is a Senior Director

Eric Zimmerman

/en/our-team/andrew-rathbunplaceholder

Andrew Rathbun

Key Q2 2023 KAPE Updates

KAPE Quarterly Update Q2 2023
New KAPE Official Demo - Kroll recently published an official demo walkthrough of KAPE by Andrew Rathbun.
  • NEW: KAPE Official Demo
  • KAPE-EZToolsAncillaryUpdater updated
  • Windows Index Search Database
  • New Antivirus/RemoteAdmin Targets
  • Q2 2023 KapeFiles Changes

 

KAPE-EZToolsAncillaryUpdater Updated

On May 18, 2023, Eric Zimmerman updated his Get-ZimmermanTools.ps1 script so that it downloads the .NET 6 version of EZ Tools by default. You can find the changes to the script here. KAPE-EZToolsAncillaryUpdater relies heavily on this script and, as a result, had to be updated to properly manage the recent changes.

In addition to handling the updated Get-ZimmermanTools.ps1 script better, multiple improvements to the code’s readability, maintainability and core functionality have been made. To gain more context into the changes to the script, please visit the release notes for 4.0 and 4.1 (current version) here.

As of this writing, version 4.1 of this script should be used alongside your local KAPE instance. If you have any issues, please submit those here.

Windows Index Search Database

A new module was made for SIDR, a new tool that can be used to parse the Windows Index Search Database. Traditionally, this artifact has been in the ESE Database format, like SRUM and SUM. As of recently, it is now a SQLite Database. Thankfully, SIDR parses both the ESE and SQLite Database formats. Using KAPE, the Windows Index Search Database can be acquired with the Windows Index Search Target and process the artifact with the SIDR Module.

New Antivirus/RemoteAdmin Log Targets

KAPE users have contributed a few new Targets related to Antivirus and RemoteAdmin tools. As always, the Antivirus and RemoteAdmin Compound Targets will collect files specified in all related Targets. Cylance has been added as a new Antivirus Target, and as such has been added to the Antivirus Compound Target. RustDesk and DWAgent have been added as new RemoteAdmin Targets, and as such have been added to the RemoteAdmin Compound Target.

Q2 2023 KapeFiles Changes

Here is an overview of the changes to the KapeFiles GitHub repository from April 1, 2023 to June 30, 2023.

KAPE-Related GitHub Repositories

Our experts recommend “watching” the following GitHub repositories for KAPE-related updates:

KAPE Quarterly Update – Q2 2023

 

Keep KAPE Updated

Looking for the EZ button to keep KAPE, EZ Tools and the ancillary files associated with your instance(s) of KAPE updated? Check out the PowerShell script created by Kroll’s Andrew Rathbun here to ensure your copy of KAPE is being updated.

KAPE Resources

There are a number of KAPE resources for additional KAPE support, including the KAPE manual, training and certification opportunities, or you can contact our experts directly at [email protected]. An enterprise license is required when KAPE is used on a third-party network and/or as part of a paid engagement. 

Stay Ahead with Kroll

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Cyber Risk

Kroll Artifact Parser And Extractor (KAPE)

Find, collect and process forensically useful artifacts in minutes.

Kroll Artifact Parser And Extractor (KAPE)

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.

24x7 Incident Response

Data Recovery and Forensic Analysis

Kroll's expertise establishes whether data was compromised and to what extent. We uncover actionable information, leaving you better prepared to manage a future incident.

Data Recovery and Forensic Analysis

Cyber Risk Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

Cyber Risk Retainer

Computer Forensics

Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.

Computer Forensics

KAPE Resources

The latest KAPE tutorials, webcasts and guides created by Kroll instructors.

KAPE Resources

KAPE Training

Learn how to jumpstart your forensic investigations and find meaningful data fast with a live KAPE training session led by a Kroll instructor.

KAPE Training

Kroll is headquartered in New York with offices around the world.

55 East 52nd Street 17 Fl
New York NY 10055
+1 212 593 1000
Sign up to receive periodic news, reports, and invitations from Kroll. Our privacy policy describes how your data will be processed.

More About Kroll

More About Kroll
© 2024 Kroll, LLC. All rights reserved. Kroll is not affiliated with Kroll Bond Rating Agency, Kroll OnTrack Inc. or their affiliated businesses. Read more.
Return to top