What is The KAPE?
KAPE is an efficient and highly configurable triage program that will target any device or storage location, find forensically valuable artifacts, and parse them within a few minutes.
If you are a KAPE user and have a workflow built on it, but are looking for more analytics to help you know where to start your investigation, this feature allows you to get that without changing how you collect.
In future releases, we’ll parse more of the outputs (and add other tools) to ensure you can take advantage of the Cyber Triage scoring even if you don’t use the Cyber Triage Collection Tool.
Who is it built for?
Why is it useful?
Allows Cyber Triage to access files directly instead of through Windows APIs, which rootkits may hijack. The integration also allows Cyber Triage to access files that are usually locked using standard file access methods.
Where is it used?
You can now import a KAPE VHD file, and Cyber Triage knows how to find the relevant registry hives and event logs in the KAPE-specific naming conventions.
What is the required Cyber Triage version?
Lite, Standard, and Team.
*For more information about this integration, contact our sales team: firstname.lastname@example.org.