Cookie Notice

We use cookies to analyse site traffic and optimise your browsing experience. Accepting necessary cookies is required to provide you with a minimum level of service. Read Cookie Statement

Get In Touch
Contact Us

Contact Us

Please get in touch using the form below

1000 characters left
View our privacy policy
Experiencing a breach? Get emergency incident response assistance.
Last updated on

The Kroll Artifact Parser and Extractor (KAPE) is a configurable triage program that enables fast and efficient collection and parsing of forensically useful artifacts.

KAPE uses targets and modules to collect and parse digital evidence. These include the KapeTriage Compound Target, through which examiners can gather important information pertaining to an investigation within seconds.

In this blog, we outline the KapeTriage MindMap, which provides a hierarchical outline of the KapeTriage Compound Target and shows how various segments collectively deliver the most relevant results.

 

What is KAPE?

KAPE targets any device or storage location, finding artifacts and parsing them within a few minutes.

Because of its speed, KAPE allows investigators to find and prioritise the systems most critical for their case. The program can also be used to collect key artifacts prior to the start of the imaging process. While the imaging completes, the data generated by KAPE can be reviewed for leads, building timelines and other key tasks. This enables investigators to gain the data they need much faster than via more traditional means.

Since its introduction in 2018, KAPE has been adopted by a wide variety of government, law enforcement and military organisations, as well as commercial enterprises.

 

The KapeTriage Compound Target

KAPE’s Compound Targets and Compound Modules call upon other Targets and Modules in order to collect and parse the most important data as efficiently as possible. One of KAPE’s most widely used Compound Targets for IR is KapeTriage.

The KapeTriage Compound Target was created to selectively collect the most important artifacts to help examiners assess the impact of the compromise, focus on the potential “patient-zero” and start to build a timeline for the incident.

picture of mindmap

 

Mapping relationships for more relevant results

Numerous components exist within the KapeTriage Compound Target that have various relationships between data points. Our KapeTriage MindMap provides a structured outline of the KapeTriage Compound Target and illustrates how different segments together deliver the most relevant insight, ensuring efficient, yet nuanced, IR investigations.

The KapeTriage MindMap provides a valuable resource to help investigators understand the relationships between components and how the components work together.

Download the KapeTriage MindMap for personal use