This repository serves as a place for community created Targets and Modules for use with KAPE.

A repository of DFIR-related Mind Maps geared towards the visual learners!

A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.

A high-speed forensic timeline engine for Windows forensic artifact CSV output built for DFIR investigators. Quickly consolidate CSV output from processed triage evidence for Eric Zimmerman (EZ Tools) Kape, Axiom, Hayabusa, Chainsaw and Nirsoft into a unified timeline.

Scripts for rapid Windows endpoint "tactical triage" and investigations with Velociraptor and KAPE

Python 3 Script to parse out iTunes backups

A curated list of KAPE-related resources

Free Dashboard template with Horizontal menu featuring Bootstrap 4.

Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.

A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.

A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhance the output of those tools

Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!

A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.

Documentation repository

A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.

Get-MiniTimeline - Triage Collection and Timeline Generation w/ KAPE

This contains script that reimplements KAPING framework (Knowledge-Augmented Language Model Prompting for Zero-Shot Knowledge Graph Question Answering, Baek et al. 2023)

Source Code of Peter Ole Frederiksens original Danish pirate game

A Commodore 64 port of Activision's Keystone Kapers https://csdb.dk/release/?id=182116

A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. Please add a new issue if you have an idea for something to add.

A repository of output using KAPE (!EZParser Module) for various publicly available forensic images!

No description available

DFIR Presentations

Automate forensic traige package collection and evidence parsing with KAPE and Crowdstrike

Orchestration Software for Incident Response

Kotlin shape, an attempt at immediate mode GUI

Tools and Binaries to use with KAPE

A collection of powershell scripts that are designed to be ran from a Microsoft Defender for Endpoint Live Response terminal, utilizing open-source tools, such as Kape (Kroll Artifact Parser and Extractor), to forensically acquire and process necessary artifact used in compromise assessments. Additional scripts provide pre-processing automation capabilities and other supporting functions.

No description available

A powershell tool that automate the remote forensic evidence adquisitions (triage) from Remote windows machines, using KAPE tool.