Every year, Kroll works on some of the most complex and highest profile cyber incidents in the world and performs digital forensics and evidence collection for thousands of companies. With Kroll's Artifact Parser and Extractor (KAPE), you gain direct access to our expertise to expedite your in-house investigations.
KAPE was developed by Eric Zimmerman, a senior director in Kroll’s Cyber Risk practice and an award-winning digital forensic investigator. This efficient and highly configurable triage program will target essentially any device or storage location, find forensically useful artifacts and parse them within a few minutes.
KAPE's exceptional speed gives forensic teams actionable intelligence so investigators are able to find and prioritize the most critical systems to their case and even collect key artifacts prior to the start of the imaging process.
Forensic teams often default to the time-consuming practice of gathering full system images as a first step, but typically, less than 10% of this data has forensic value. KAPE focuses on collecting and processing relevant data quickly, grouping artifacts in categorized directories such as EvidenceOfExecution, BrowserHistory and AccountUsage. This not only expedites triage, but also helps to standardize forensic engagements by leveraging a wider range of extracted artifacts.
KAPE has two primary phases: target collection and module execution. The program finds and collects artifacts from the source, groups them in a destination of your choosing and then runs modules against destination files. The KAPE free-software package includes:
To download KAPE, fill out the form below. You will receive an email upon submission with a link to KAPE in .zip format, including the executable, manual, and all pre-defined Targets and Modules.
We will use this information to respond to your inquiry and process your data in accordance with our privacy policy.