KAPE: Automated Windows Forensics | TryHackMe | SOC Level 1

In this walkthrough of the TryHackMe KAPE room, we explore how to use the Kroll Artifact Parser and Extractor (KAPE) to automate forensic triage and analysis on Windows systems. This lab builds on skills from Windows Forensics 1 and 2 and introduces powerful collection and processing workflows. 🔍 What you’ll learn: • How KAPE uses Targets to collect forensic artifacts like Prefetch, Registry hives, and AmCache • How Modules process collected data using tools like PECmd, EvtxECmd, and LECmd • Using Compound Targets like KapeTriage and Compound Modules like !EZParser for full triage • Running KAPE via GUI (gkape.exe) and CLI (kape.exe) with flags like --tsource, --tdest, --module, and --mdest • Batch mode execution using _kape.cli for repeatable forensic workflows 🧠 Ideal for SOC analysts, incident responders, and cybersecurity learners looking to build practical skills in artifact collection, memory forensics, and automated endpoint triage. 🚀 Try it yourself: https://tryhackme.com/room/kape 🔔 Subscribe to @wiredogsec for tactical walkthroughs, threat briefings, and hands-on cybersecurity labs. #KAPEForensics #TryHackMe #DFIRTraining #WireDogSec #WindowsForensics #ArtifactCollection #SOCTraining #IncidentResponse #EricZimmermanTools