Cyber Risk

Mon, Feb 6, 2023

KAPE Quarterly Update – Q4 2022

KAPE  had several updates during Q4 2022. Here is a recap of all the important enhancements and news from October through December 2022:

Key Q4 2022 KAPE Updates

  • KAPE Change Log
  • New Module Variables for Command Lines: %d%, %guid% and %sourceDirectoryBase%
  • New Modules Have Been Created for Multiple NirSoft Tools
  • New Target for New Windows 11 Pro (22H2) Artifact
  • Q4 2022 KapeFiles Changes
 

KAPE Change Log

Version 1.3.0.2

  • Change from nlog to Serilog (much nicer console output)
  • New module variables for command lines: %d%, %guid% and %sourceDirectoryBase%
  • General tweaks and fixes
  • Nuget package updates
  • Updated EZTools binaries
  • Sync'ed Targets and Modules
 

New Module Variables for Command Lines: %d%, %guid% and %sourceDirectoryBase%

KAPE 1.3.0.2 has added new Module variables. This will allow for Modules to be made for tools without unique output filenames to have their filenames made unique using either the current date/time in UTC (%d%), a random GUID (%guid%) or the source directory base (%sourceDirectoryBase%), i.e., C, VSS1, VSS2, etc.

New Modules Have Been Created for Multiple NirSoft Tools

Modules have been created for the following NirSoft tools, thanks to Pedro Sanchez Cordero:

 

As always with any third-party binary that are not EZ Tools, binaries must be placed in .\KAPE\Modules\bin in accordance with the respective Module for that tool.

New Target for New Windows 11 Pro (22H2) Artifact

A new Windows 11 Pro (22H2) artifact was recently discovered by a member of the Digital Forensics Discord Server. Lucas Gonzalez, and further researched by Kroll’s Andrew Rathbun. A blog post on AboutDFIR detailing this research can be found here. KAPE also has a Target to pull this new artifact, as seen here.

Q4 2022 KapeFiles Changes

Here is an overview of the changes to the KapeFiles GitHub repository from October 1, 2022 to December 31, 2022.

KAPE-Related GitHub Repositories

Our experts recommend “watching” the following GitHub repositories for KAPE-related updates:

KAPE-Related GitHub Repositories

 

Keep KAPE Updated

Looking for the EZ button to keep KAPE, EZ Tools and the ancillary files associated with your instance(s) of KAPE? Check out the PowerShell script created by Kroll’s Andrew Rathbun here to ensure your copy of KAPE is being updated.

KAPE Resources

There are a number of KAPE resources for additional KAPE support, including the KAPE manual,training and certification opportunities, or you can contact our experts directly at [email protected]. An enterprise license is required when KAPE is used on a third-party network and/or as part of a paid engagement.

Share

KAPE Quarterly Update – Q4 2022 /en/insights/publications/cyber/kape-quarterly-update-q4-2022 /-/media/kroll-images/insights/feature-images/kape-quarterly-update-q4-2022.png 2023-02-06T00:00:00.0000000 publication {E39587AD-8F0B-4FE2-865F-969BC5501096}{09213578-A7CA-4DD8-AE97-7476022C89D6}{3A077BFC-C74A-40AF-A14C-13BCF6E3873E}{CE2347F0-D222-4014-BA97-6A415CC633DF}{2F9D4938-E5F0-4F9C-9A20-C4A5DCF79130}{7A48DD95-1A63-4784-842F-A2BE81EAFE13}{29BBBAB0-0450-4652-AEAB-6D335E426996}{3A4E87DE-180A-4689-A293-20A6E94886A6} {2DEEE4D2-8278-4C50-B3FF-1563BB257804}

Stay Ahead with Kroll

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Kroll Artifact Parser And Extractor (KAPE)

Find, collect and process forensically useful artifacts in minutes.

24x7 Incident Response

Enlist experienced responders to handle the entire security incident lifecycle.

Data Recovery and Forensic Analysis

Kroll's expertise establishes whether data was compromised and to what extent. We uncover actionable information, leaving you better prepared to manage a future incident.

Incident Response Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

Computer Forensics

Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.

KAPE Resources

The latest KAPE tutorials, webcasts and guides created by Kroll instructors.

KAPE Training

Learn how to jumpstart your forensic investigations and find meaningful data fast with a live KAPE training session led by a Kroll instructor.

Explore insights

Managed Detection and Response

Managed Detection and Response (MDR) Buyer’s Guide

Oct 31, 2022

by Marc BrawnerPierson Clair Mark Nicholls

Cyber

KAPE Quarterly Update – Q2 2022

Jul 19, 2022

by Eric ZimmermanAndrew Rathbun

Cyber

KAPE Quarterly Update – Q1 2022

Apr 27, 2022

by Eric ZimmermanAndrew Rathbun

Cyber

KAPE Quarterly Update – Q4 2021

Feb 02, 2022

by Eric ZimmermanAndrew Rathbun

Cyber

KAPE Quarterly Update – Q3 2021

Oct 21, 2021

by Eric ZimmermanNickolas B. Savage Andrew Rathbun

Cyber

KAPE Quarterly Update – Q2 2021

Aug 02, 2021

by Eric ZimmermanNickolas B. Savage Andrew Rathbun

Cyber

KAPE Quarterly Update – Q1 2021

Apr 22, 2021

by Eric ZimmermanNickolas B. Savage Andrew Rathbun

Events

Conference

Kroll at RSA Conference 2023

Conference Conference Apr 24 - Apr 27, 2023 | Conference

Book a Briefing

Webcast

KAPE Intensive Training and Certification

Online Event Online Event Apr 13 - Dec 07, 2023 | Online Event

Register now

Webcast

2023 APAC Economic Outlook and Impact on Company Valuations and Restructuring

Webinar Webinar Apr 12, 2023 | Webinar

Register Now