Examination
Last updated
Last updated
Next, we will use Arsenal Image Mounter to mount the disk image.
Let's use Disk Management to view the available disks.
With the disk image successfully mounted, we can now begin exploring its contents.
Let's also use FTK Imager to load and analyze the E: drive.
KAPE serves two main functions: collecting files and processing the collected files based on specified options. It achieves this using targets and modules. Targets refer to the forensic artifacts to be collected, while modules are tools that process these artifacts to extract relevant information.
KAPE supports Compound Targets, which combine multiple individual targets into one for efficient collection. This feature streamlines triage by allowing the collection of multiple artifacts with a single command. Examples include !BasicCollection
, !SANS_triage
, and KAPEtriage
.
Let's head to the Cases folder to review the results.