forked from EricZimmerman/KapeFiles
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Alphabetized Target, and added Recycle Bin Info Files Target
- Loading branch information
1 parent
ac3ac22
commit 8b09673
Showing
1 changed file
with
23 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,46 +1,50 @@ | ||
| Description: Kape Triage collections that will collect most of the files needed for a DFIR Investigation. This module pulls evidence from File System files, Registry Hives, Event Logs, Scheduled Tasks, Evidence of Execution, SRUM data, Web Browser data (IE/Edge, Chrome, Mozilla history), LNK Files, Jump Lists, 3rd party remote access software logs, 3rd party antivirus software logs. | ||
| Description: Kape Triage collections that will collect most of the files needed for a DFIR Investigation. This module pulls evidence from File System files, Registry Hives, Event Logs, Scheduled Tasks, Evidence of Execution, SRUM data, Web Browser data (IE/Edge, Chrome, Mozilla history), LNK Files, Jump Lists, 3rd party remote access software logs, 3rd party antivirus software logs, and $I Recycle Bin data files. | ||
| Author: Scott Downie | ||
| Version: 2.0 | ||
| Id: a745b730-d6b7-4cb7-9847-4e896d9f3c52 | ||
| RecreateDirectories: True | ||
| Targets: | ||
| - | ||
| Name: FileSystem | ||
| Category: Targets | ||
| Path: FileSystem.tkape | ||
| - | ||
| Name: RegistryHives | ||
| Name: Antivirus | ||
| Category: Targets | ||
| Path: RegistryHives.tkape | ||
| Path: Antivirus.tkape | ||
| - | ||
| Name: EventLogs | ||
| Category: Targets | ||
| Path: EventLogs.tkape | ||
| - | ||
| Name: ScheduledTasks | ||
| Category: Targets | ||
| Path: ScheduledTasks.tkape | ||
| - | ||
| Name: EvidenceOfExecution | ||
| Category: Targets | ||
| Path: EvidenceOfExecution.tkape | ||
| - | ||
| Name: SRUM | ||
| Category: Targets | ||
| Path: SRUM.tkape | ||
| - | ||
| Name: WebBrowsers | ||
| Name: FileSystem | ||
| Category: Targets | ||
| Path: WebBrowsers.tkape | ||
| Path: FileSystem.tkape | ||
| - | ||
| Name: LNKFilesAndJumpLists | ||
| Category: Targets | ||
| Path: LNKFilesAndJumpLists.tkape | ||
| - | ||
| Name: RecycleBin_InfoFiles | ||
| Category: Targets | ||
| Path: RecycleBin_InfoFiles.tkape | ||
| - | ||
| Name: RegistryHives | ||
| Category: Targets | ||
| Path: RegistryHives.tkape | ||
| - | ||
| Name: RemoteAccess | ||
| Category: Targets | ||
| Path: RemoteAdmin.tkape | ||
| - | ||
| Name: Antivirus | ||
| Name: ScheduledTasks | ||
| Category: Targets | ||
| Path: Antivirus.tkape | ||
| Path: ScheduledTasks.tkape | ||
| - | ||
| Name: SRUM | ||
| Category: Targets | ||
| Path: SRUM.tkape | ||
| - | ||
| Name: WebBrowsers | ||
| Category: Targets | ||
| Path: WebBrowsers.tkape |