AndrewRathbun / KAPE-EZToolsAncillaryUpdater

A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhance the output of those tools
MIT License
53 stars 5 forks source link
dfir digitalforensics eztools kape kroll powershell-script

KAPE-EZToolsAncillaryUpdater

A PowerShell script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhance the output of those tools.

What Does "Ancillary" mean?

Per Oxford, ancillary means:

providing necessary support to the primary activities or operation of an organization, institution, industry, or system.

Used in a sentence:

the development of ancillary services to support its products

In the context of this script, KAPE Targets/Modules, EvtxECmd Maps, SQLECmd Maps, and RECmd Batch files are ancillary to their respective tools. Each of these files enhance the output of their respective tools. Keeping them updated is often overlooked but very important to ensuring that you're benefitting from the latest features/bug fixes from Eric Zimmerman and the latest work from the DFIR community.

Where Do I Run the Script From?

ScriptLocation

Right-click -> Run with PowerShell and let it ride!

Usage Examples

As of version 4.0 and newer, all you have to is run the script by itself without any arguments, unless you want to leverage -silent or -DoNotUpdate.

Current Switches

Example: .\KAPE-EZToolsAncillaryUpdater.ps1 -silent

Example: .\KAPE-EZToolsAncillaryUpdater.ps1 -DoNotUpdate

Disclaimer (.NET 6)

Make sure you have the .NET 6 Runtime installed prior to using the .NET 6 version of EZ Tools with KAPE! As of version 4.0, this script will only download and update the .NET 6 version of EZ Tools.

Improving the Script

Do you see something that could be done better with this script? Create an Issue or do a Pull Request, if so! This is the first script I've put together on my own so I have no doubts there's room for improvement. Anything that moves the ball forward and helps the DFIR community I will always be in full support of!