Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/keyboardcrunch/Invoke-Kape
Remote KAPE collection using powershell
https://github.com/keyboardcrunch/Invoke-Kape
dfir forensics kape
Last synced: 10 days ago
JSON representation
Remote KAPE collection using powershell
- Host: GitHub
- URL: https://github.com/keyboardcrunch/Invoke-Kape
- Owner: keyboardcrunch
- License: mit
- Created: 2019-08-08T15:26:24.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2019-08-08T15:34:43.000Z (over 5 years ago)
- Last Synced: 2024-08-02T17:31:52.751Z (4 months ago)
- Topics: dfir, forensics, kape
- Language: PowerShell
- Size: 3.91 KB
- Stars: 10
- Watchers: 3
- Forks: 6
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- Awesome-KAPE - Invoke-Kape
README
# Invoke-Kape
Remote [KAPE](https://www.kroll.com/en/insights/publications/cyber/kroll-artifact-parser-extractor-kape) execution using PowerShell.
## Details
Invoke-Kape will allow you to build a kapecollector.zip package full of your analysis tools and deploy this to a remote machine where collection and analysis will be performed, compressed, and copied back to the specified save location for review.
The kape collector contents are not included and must be obtained from their source. For my use I have minimized what I want to collect for my environment and narrowed down the available commands and what modules and binaries to be included. You can gather this information from the $CollectCommand variables and adjust for your collector package.
## Usage
Invoke-Kape -ComputerName Win10Desktop -Collect Basic