Introduction to KAPE
Vložit
- čas přidán 29. 08. 2024
- As a continuation of the "Introduction to Windows Forensics" series, this episode covers an exciting new tool from Kroll and Eric Zimmerman called KAPE. From the developer, KAPE is an efficient and highly configurable triage program that will target essentially any device or storage location, find forensically useful artifacts, and parse them within a few minutes.
** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. **
Introducing KAPE (Kroll Website):
www.kroll.com/...
Introducing KAPE (Eric Zimmerman's Blog):
binaryforay.bl...
Background Music Courtesy of Anders Enger Jensen:
/ hariboosx
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics #KAPE - Věda a technologie
Your videos are really valuable, thank you for the content you provide.
Thanks. I just downloaded to test and your video made starting much easier. Keep up the good work
😢
Excellent video, as usual. Thanks!
Great intro video, thanks for taking the time!
Is so easy to understand with your video
Great video.. Thanks...
I was testing the EZ tools individually but this aggregation too seems more useful...
Please make a video about he available modules and what they do...
Thanks again...
Excelent video and explanation, thank you!
Thanks for the video.........Sulthan
Awesome videos! Thank you so much
Thanks for this great video. When you'll share the next of this for detail of all features?
When you run this on a live system, isn't there a concern of mistakenly modifying evidence? I know that this is a method of logical acquistion but I assume it can also run against targets which are mounted read only (from a physical acquisition previously done)?
Sure, when you run *anything* on a live system, including a memory capture, you are technically changing evidence. This cannot be helped, but the most important thing you can do is to document, document, document, especially if you suspect the investigation could be criminal or referred to law enforcement. Of course, as you stated, you could grab memory, verify encryption isn't in play, power off the system, and then create a triage image with KAPE against the drive connected via a write blocker.
Thanks. great tool for fast evidence collection and finding leads. can you pl post something on creating and applying new modules?
Interesting suggestion - I will consider a future episode that covers those topics.
Target !ALL doesn't work in the newer versions. Any explanation?
Excellent Video, could you please list software used to edit your videos!
An iMac Pro and ScreenFlow primarily, and FCPX in the future for more advanced things.
Surprised you're not using powershell!
oh I see you switched to ps at the very end, just wondering if there was any particular reason not to use it from the beginning? I read cmd prompt will be getting phased out? Thanks for such great quality videos!
@@Calm_Energy No reason, I'm just old school. :)
Can this be used with docker?
Harsh Panchal Are you asking if it can be used to forensicate a Docker image, or if you can run it within Docker?
@@13CubedYes sorry, I meant if it can run with Docker?
@@harshpanchal2202 To be honest, I've never tried. Some testing will be required :)
@@13Cubed cool no worries mate. I'm planning to try that out so thought let me ask you. But please if you do let me know how it goes. Thanks
My name