Statements (66)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
digital forensics tool
|
| gptkbp:canExtract |
gptkb:USN_Journal
gptkb:Amcache gptkb:Jumplists gptkb:LNK_files gptkb:NTFS_metadata gptkb:SRUM_database gptkb:Shellbags gptkb:Shimcache gptkb:WMI_repository gptkb:Windows_10_activities_cache gptkb:Windows_event_logs gptkb:Windows_Timeline gptkb:ARP_cache gptkb:Recycle_Bin gptkb:Windows_notifications DNS cache User profiles log files Network shares Jump lists Recent files Windows services USB device history browser history Network configuration scheduled tasks Scheduled jobs Firewall rules System configuration BitLocker status Event tracing logs Installed programs Network connections System restore points User assist Windows 10 activities Windows 10 activities cache database Windows 10 notifications Windows 10 notifications database Windows 10 timeline Windows 10 timeline database Windows Defender logs Windows Firewall logs Windows error reporting Windows update history prefetch files registry hives system artifacts user artifacts |
| gptkbp:developer |
gptkb:Kroll
gptkb:Eric_Zimmerman |
| gptkbp:fullName |
gptkb:Kroll_Artifact_Parser_and_Extractor
|
| https://www.w3.org/2000/01/rdf-schema#label |
KAPE
|
| gptkbp:license |
freeware
|
| gptkbp:platform |
gptkb:Windows
|
| gptkbp:primaryUse |
artifact parsing
digital evidence collection forensic triage |
| gptkbp:supports |
gptkb:graphical_user_interface
modular targets and modules |
| gptkbp:usedBy |
incident responders
digital forensic investigators |
| gptkbp:website |
https://www.kroll.com/en/services/cyber-risk/incident-response-litigation-support/kape
|
| gptkbp:bfsParent |
gptkb:Kape_Technologies
|
| gptkbp:bfsLayer |
7
|