Kroll Artifact Parser and Extractor (KAPE) Resources
This page houses official documentation relating the Kroll Artifact Parser and Extractor (KAPE). It will also contain the latest KAPE news, as well as webcasts, case studies, tutorials and other training materials. For any KAPE related questions or assistance with customizations, please contact [email protected]
Primarily a triage program, Kroll’s Artifact Parser and Extractor (KAPE) will target both device or storage locations to find the most forensically relevant artifacts (based on your needs) and parse them within a few minutes. Thus, arming investigators with the right tool to find and prioritize the more critical systems to their case.
"KAPE serves two primary functions: 1) collect files and 2) process collected files with one or more programs. By itself, KAPE does not do anything in relation to either of these functions, rather, they are achieved by reading configuration files on the fly, and based on the contents of these files, collecting and processing files. This makes KAPE very extensible in adding or extending functionality." – Eric Zimmerman .
This page will hold official documentation as well as the latest KAPE news, webcasts, tutorials, and more. See list below:
Want Additional KAPE Support?
Kroll instructors conduct frequent KAPE Intensive Training and Certification to help you and your team get started. Our experts are also available to address your KAPE questions, assist with customizations and more via [email protected].
Please note: The solo edition of the Kroll Artifact Parser and Extractor (KAPE) allows the tool to be used at no cost by any local, state or international government agency, and by educational or research organization, or for internal company purposes. An enterprise license is required when KAPE is used on a third-party network and/or as part of a paid engagement.
Page last updated: Jan 15, 2021