diff --git a/Targets/Apps/Zoom.tkape b/Targets/Apps/Zoom.tkape index 494924899..12b643104 100644 --- a/Targets/Apps/Zoom.tkape +++ b/Targets/Apps/Zoom.tkape @@ -8,21 +8,21 @@ Targets: Name: Zoom client logs Category: Apps Path: C:\Users\%user%\AppData\Roaming\Zoom\logs - Recursive: True + Recursive: true FileMask: "*" Comment: "Zoom client artifacts" - Name: Zoom client logs (Windows XP) Category: Apps Path: C:\Documents and Settings\%user%\Application Data\Zoom\ - Recursive: True + Recursive: true FileMask: "*" Comment: "Zoom client artifacts (Windows XP)" - Name: Zoom client recordings Category: Apps Path: C:\Users\%user%\Documents\Zoom\ - Recursive: True + Recursive: true FileMask: "*" Comment: "Zoom recording artifacts" - diff --git a/Targets/Apps/pCloudDatabase.tkape b/Targets/Apps/pCloudDatabase.tkape index 6ed3c2f78..892709222 100644 --- a/Targets/Apps/pCloudDatabase.tkape +++ b/Targets/Apps/pCloudDatabase.tkape @@ -2,28 +2,28 @@ Description: pCloud Database Author: Josh Hickman Version: 1.0 Id: dc6750d8-ee91-45d4-9f53-fa3f8513ada3 -RecreateDirectories: True +RecreateDirectories: true Targets: - Name: pCloud Database Category: Apps Path: C:\Users\%user%\AppData\Local\pCloud\ FileMask: '*.db' - Recursive: False + Recursive: false Comment: "Database contains all files sync'd with pCloud account." - Name: pCloud Database WAL File Category: Apps Path: C:\Users\%user%\AppData\Local\pCloud\ FileMask: '*.db-wal' - Recursive: False + Recursive: false Comment: "Write-Ahead Log for pCloud database file." - Name: pCloud Database Shared Memory File Category: Apps Path: C:\Users\%user%\AppData\Local\pCloud\ FileMask: '*.db-shm' - Recursive: False + Recursive: false Comment: "Shared Memory for the pCloud database file." # Documentation diff --git a/Targets/Compound/MessagingClients.tkape b/Targets/Compound/MessagingClients.tkape index f98e80bf8..8feb5da6f 100644 --- a/Targets/Compound/MessagingClients.tkape +++ b/Targets/Compound/MessagingClients.tkape @@ -2,7 +2,7 @@ Description: Messaging and communication apps Author: Gregor Wegberg Version: 1.0 Id: c6d3b238-0be7-4764-afa7-9224e46097c0 -RecreateDirectories: True +RecreateDirectories: true Targets: - Name: IRC Clients diff --git a/Targets/Compound/ServerTriage.tkape b/Targets/Compound/ServerTriage.tkape index 83bb99a12..9efe84b7b 100644 --- a/Targets/Compound/ServerTriage.tkape +++ b/Targets/Compound/ServerTriage.tkape @@ -2,7 +2,7 @@ Description: A compound target for gathering artifacts common to servers. Author: Eric Capuano Version: 1.0 Id: 9bea625c-00bd-4389-a0a5-f648e8e267ce -RecreateDirectories: True +RecreateDirectories: true Targets: - Name: WebServers diff --git a/Targets/Compound/USBDetective.tkape b/Targets/Compound/USBDetective.tkape index 71be6817d..4db9bdaa6 100644 --- a/Targets/Compound/USBDetective.tkape +++ b/Targets/Compound/USBDetective.tkape @@ -2,7 +2,7 @@ Description: Collects files that can be input into USB Detective for parsing Author: Kevin Pagano Version: 1.0 Id: 6c3f8a69-f529-4201-a00e-067f6db7be8e -RecreateDirectories: True +RecreateDirectories: true Targets: - Name: USBDevicesLogs diff --git a/Targets/Compound/WebServers.tkape b/Targets/Compound/WebServers.tkape index cdfa1bf2a..95ce5cae8 100644 --- a/Targets/Compound/WebServers.tkape +++ b/Targets/Compound/WebServers.tkape @@ -2,7 +2,7 @@ Description: Logs from all known web server applications and supporting services Author: Eric Capuano Version: 1.0 Id: 38de27ae-5047-404b-a7e1-3c99071724d5 -RecreateDirectories: True +RecreateDirectories: true Targets: - Name: Apache Access Logs diff --git a/Targets/CompoundTargetGuide.guide b/Targets/CompoundTargetGuide.guide index 336d24d48..f2d5ef2b4 100644 --- a/Targets/CompoundTargetGuide.guide +++ b/Targets/CompoundTargetGuide.guide @@ -3,7 +3,7 @@ Description: Name of application/artifact here # Required, this will be visible Author: Your name here # Required Version: 1.0 # Required, increment as revisions are made. Id: Unique GUID here # Required, generate within gKape by double clicking on a Target or Module, then click Generate GUID button at bottom of popup window, paste GUID here. -RecreateDirectories: True # Required, true means the folder structure of the artifacts will be created within the user-specified Target Destination directory. If an artifact is buried 10 folders deep on the suspect's system, it will be buried 10 folders deep within the Target Destination folder. +RecreateDirectories: true # Required, true means the folder structure of the artifacts will be created within the user-specified Target Destination directory. If an artifact is buried 10 folders deep on the suspect's system, it will be buried 10 folders deep within the Target Destination folder. Targets: - Name: CompoundTarget1 # Required diff --git a/Targets/CompoundTargetTemplate.template b/Targets/CompoundTargetTemplate.template index 0a5094f22..6904c7bf5 100644 --- a/Targets/CompoundTargetTemplate.template +++ b/Targets/CompoundTargetTemplate.template @@ -2,7 +2,7 @@ Description: Name of application/artifact here # Required Author: Your name here # Required Version: 1.0 # Required Id: Unique GUID here # Required -RecreateDirectories: True # Required +RecreateDirectories: true # Required Targets: - Name: CompoundTarget1 # Required diff --git a/Targets/TargetGuide.guide b/Targets/TargetGuide.guide index 032889564..fbfa65e68 100644 --- a/Targets/TargetGuide.guide +++ b/Targets/TargetGuide.guide @@ -3,15 +3,15 @@ Description: Name of application/artifact here # Required, this will be visible Author: Your name here # Required Version: 1.0 # Required, increment as Target is revised. Id: Unique GUID here # Required, generate within gKape by double clicking on a Target or Module, then click Generate GUID button at bottom of popup window, paste GUID here. -RecreateDirectories: True # Required, true means the folder structure of the artifacts will be created within the user-specified Target Destination directory. If an artifact is buried 10 folders deep on the suspect's system, it will be buried 10 folders deep within the Target Destination folder. +RecreateDirectories: true # Required, true means the folder structure of the artifacts will be created within the user-specified Target Destination directory. If an artifact is buried 10 folders deep on the suspect's system, it will be buried 10 folders deep within the Target Destination folder. Targets: - Name: Artifact name here # Required Category: Category goes here # Required, if your Target is related to other pre-existing Targets, it's recommended to use that same Category for your Target. Path: C:\Users\%user%\AppData\*\Microsoft\ # Required, notice the %user% variable is in place telling KAPE to search every user folder on the system. * can be used as wildcards for folder or file names that are unpredictable/unique. - Recursive: True # Optional, if missing, it will default to false. + Recursive: true # Optional, if missing, it will default to false. FileMask: "desktop.ini" # Optional, other examples include SOFTWARE.logX (for those .log1, .log2, etc files), *_logs.txt (for those logs that are prepended with a timestamp, for instance), log*.txt (for log files that are named as log1, log2, etc), *.txt (for all .txt files regardless of filename), and filename.* (for all files with a filename of "filename", regardless of file extension) to name a few. When in doubt, test your Target on your own sample data to confirm it works. - AlwaysAddToQueue: True # Optional, this setting it mostly used for files that are actively in use by the system at the time of acquisition, i.e. MFT, etc. True means it'll defer grabbing the file until the other Targets run. In most cases, do not use this. Please read the KapeDocs documentation prior to using this. + AlwaysAddToQueue: true # Optional, this setting it mostly used for files that are actively in use by the system at the time of acquisition, i.e. MFT, etc. true means it'll defer grabbing the file until the other Targets run. In most cases, do not use this. Please read the KapeDocs documentation prior to using this. SaveAsFileName: output.csv # Optional, but can be used if needed. MinSize: 1000 # Optional, in bytes. MaxSize: 10000 # Optional, in bytes. diff --git a/Targets/TargetTemplate.template b/Targets/TargetTemplate.template index bca286a0b..ff80c286d 100644 --- a/Targets/TargetTemplate.template +++ b/Targets/TargetTemplate.template @@ -2,15 +2,15 @@ Description: Name of application/artifact here # Required Author: Your name here # Required Version: 1.0 # Required Id: Unique GUID here # Required -RecreateDirectories: True # Required +RecreateDirectories: true # Required Targets: - Name: Artifact name here # Required Category: Category goes here # Required Path: C:\ # Required - Recursive: True # Optional + Recursive: true # Optional FileMask: "filename.ext" # Optional - AlwaysAddToQueue: True # Optional + AlwaysAddToQueue: true # Optional SaveAsFileName: output.csv # Optional MinSize: 1000 # Optional MaxSize: 10000 # Optional diff --git a/Targets/Windows/SnipAndSketch.tkape b/Targets/Windows/SnipAndSketch.tkape index 07fd35677..97bb617aa 100644 --- a/Targets/Windows/SnipAndSketch.tkape +++ b/Targets/Windows/SnipAndSketch.tkape @@ -2,7 +2,7 @@ Description: Snip & Sketch Cached Images Author: Kevin Pagano Version: 1.0 Id: b881c3bb-58b1-4e63-be1a-8159794e5a4b -RecreateDirectories: True +RecreateDirectories: true Targets: - Name: Snip & Sketch