Shareaza forensics1/4/2024 Targets serve as instructions to KAPE on where to grab certain files. Here’s an example of a basic collection that I do on a daily basis. Once your evidence has a drive letter attached to it, point the Target Source in gkape to the OS partition which is where all Windows OS-related artifacts will reside. Both are the same price so you might as well use the tool that does the job better! The benefit to being mounted as a physical disk is that it allows you access to Volume Shadow Copies. With that being said, gather your image(s) and mount them via Arsenal Image Mounter, it’s free! Do not use FTK Imager for mounting your images as your images will be mounted as a network share rather than a physical disk like with Arsenal Image Mounter. It is important to note that KAPE has many use cases and the ones covered in this guide are not exhaustive but simply deemed the most applicable for an examiner that’s inexperienced with KAPE to get up to speed and effective with KAPE as quick as possible. However, for an examiner, that’ll be the most common use case. It doesn’t need to be an Operating System drive every time. Frankly, anything that has artifacts that are listed on the Target side of KAPE are fair game for the purpose of acquisition. This guide will commonly refer to using forensic images against KAPE simply for the purpose of universal availability in that anyone can make their own images of their own media, computer, etc or even use KAPE against their own live system. KAPE, or any forensic tool for that matter, is nothing without evidence to throw at it. – Conclusion, KAPE-Related Blog Posts/Videos, Change Log.– Introduction, Screenshots, Updating EZ Tools in KAPE.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |