Kroll Artifact Parser and Extractor (KAPE) Resources

Cyber Risk

Kroll Artifact Parser and Extractor (KAPE) Resources

The latest KAPE tutorials, webcasts and guides created by Kroll instructors.

KAPE Overview  |  KAPE Training  |  KAPE Enterprise License 

Primarily a triage program, Kroll’s Artifact Parser and Extractor (KAPE) will target both device or storage locations to find the most forensically relevant artifacts (based on your needs) and parse them within a few minutes. Thus, arming investigators with the right tool to find and prioritize the more critical systems to their case. 

 
 

"KAPE serves two primary functions: 1) collect files and 2) process collected files with one or more programs. By itself, KAPE does not do anything in relation to either of these functions, rather, they are achieved by reading configuration files on the fly, and based on the contents of these files, collecting and processing files. This makes KAPE very extensible in adding or extending functionality." – Eric Zimmerman .

 

This page will hold official documentation as well as the latest KAPE news, webcasts, tutorials, and more. See list below: 

/en/services/cyber-risk/incident-response-litigation-support/kroll-artifact-parser-extractor-kape/resources /-/media/kroll/images/services/kape-service/kape-resources-banner.jpg service

Webcast – Insider Threat Investigations Using KAPE

The Kroll Artifact Parser and Extractor (KAPE) has assisted investigators in solving insider threats faster than ever before due to its ability to process forensic artifacts within minutes.

Learn from two of our resident experts, Anthony Knutson and Aaron Read, as they discuss how best KAPE is used during insider threat investigations, its efficiencies for their teams and how it’s changing the landscape of forensic analysis.

Watch the full Insider Threat Investigations Using KAPE webcast.

Webcast – Child Exploitation Investigation with KAPE

In this session, KAPE creator Eric Zimmerman showcases how key Windows artifacts can be collected from a live or forensic image, parsed and reviewed in a few minutes using KAPE. Additionally, Eric demonstrates how to make custom targets to collect child exploitation material such as .jpgs, .pngs, .mp4s, etc. These examples can then be extended to meet the requirements of even the most complex cases.

Watch the full Child Exploitation Investigation with KAPE webcast.

Webcast – Artifact Analysis Timeline with KAPE

In this webcast replay, KAPE instructor and Digital Forensics and Incident Response (DFIR) expert Mari DeGrazia showcases how key Windows artifacts can be collected from a live or forensic image, parsed and structured into a mini timeline in just a few minutes using KAPE.

Watch the full Express Artifact Analysis Timeline Development with KAPE webcast.

Webcast – Enhancing Event Log Analysis With EvtxECmd Using KAPE

How much time are you spending manually parsing and sorting event logs? In this webcast, Kroll’s Andrew Rathbun demonstrates how to run EvtxECmd through KAPE to expedite event log analysis and how to create your custom maps.

Watch the full Enhancing Event Log Analysis with EvtxECmd using KAPE webcast

Want Additional KAPE Support?

Kroll instructors conduct frequent KAPE Intensive Training and Certification to help you and your team get started. Our experts are also available to address your KAPE questions, assist with customizations and more via [email protected].

Please note: The solo edition of the Kroll Artifact Parser and Extractor (KAPE) allows the tool to be used at no cost by any local, state or international government agency, and by educational or research organization, or for internal company purposes. An enterprise license is required when KAPE is used on a third-party network and/or as part of a paid engagement.

Page last updated: Jan 15, 2021

Additional KAPE Resources

Cyber

KAPE Quarterly Update – Q2 2021

Cyber
Cyber

KAPE 0.9.2.0 Released: New Target and Module Definition Changes

Cyber
Webcast Replay

Enhancing Event Log Analysis with EvtxECmd using KAPE

Webcast Replay
Cyber

Exploring KAPE’s Graphical User Interface in v0.8.2.0

Cyber
Digital Forensics

Introducing KAPE – Kroll Artifact Parser and Extractor

Digital Forensics

News

Contact Us

Other Areas We Can Help

Cyber Risk

Cyber Risk

Global, end-to-end cyber risk solutions.

Cyber Risk
Cyber Risk Retainers

Cyber Risk Retainers

Secure a true cyber risk retainer with elite digital forensics and incident response capabilities.

Cyber Risk Retainers
Incident Response and Litigation Support

24x7 Incident Response

Compliant notifications, reputation-saving remediation, and litigation support.

24x7 Incident Response
Cyber Risk: The New Due Diligence Frontier, Identity Monitoring

Penetration Testing Services

Assess clients' info security through simulated attacks using real-world hacker techniques.

Penetration Testing Services
Has COVID-19 Impacted Your Ability to Preserve Evidence for Future Litigation?

Ransomware Preparedness Assessment

Helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.

Ransomware Preparedness Assessment
Kroll Responder

Kroll Responder

Mature your cyber security with unparalleled visibility and constant protection.

Kroll Responder
Managed Security Services

Managed Security Services

Managed security services to augment security operations centres and incident response capabilities.

Managed Security Services

Events

KAPE Intensive Training and Certification Live Webcast Sessions

Calendar

Location

Making the Most of Digital Risk Protection in Today’s Threat Landscape

Calendar

Location