KAPE is an efficient and highly configurable triage program that will target essentially any device or storage location, find forensically useful artifacts, and parse them within a few minutes. KAPE can be downloaded HERE.
For thorough documentation, go HERE!! This URL will always be the latest documentation.
It is also possible to attend KAPE training from Kroll instructors. Details can be found HERE!!
NOTE: We have clarified KAPE usage permissions for commercial applications. See details here.
Downloading KapeFiles for KAPE
To download the latest files, click the
Sync with GitHub button in gkape.exe or run
This repository serves as a place for community-created Targets and Modules for use with KAPE.
Please see CONTRIBUTING.md for guidance on contributing to this repository.
If you need support with KAPE, please consider the following options:
- For general questions/discussion, please consider starting a discussion
- For bugs, please consider raising an Issue
- For help with Targets, check the Targets section below
- For help with Modules, check the Modules section below
- Targets/Modules To Do List - Development roadmap for KAPE Targets and Modules. Please feel free to contribute by adding ideas or by finishing tasks in the
To Docolumn. Any help is appreciated!
If you need help with creating Targets, check out the following resources:
- Official KAPE Documentation - Tips and Tricks
- Target Guide
- Target Template
- Compound Target Guide
- Compound Target Template
If you need help with creating Modules, please check out the following resources:
Be sure to point the BinaryUrl property to the download location in Module files!
All other info including requirements, etc. should be documented at the end of the Module in comment blocks.
NOTE: BEFORE INITIATING A PR, PLEASE ENSURE YOU HAVE COMPLETED THE STEPS LISTED WITHIN THE PULL REQUEST TEMPLATE PRIOR TO SUBMISSION!