In the current issue 10/2021 of iX magazine Gregor Wegberg, Head of Digital Forensics & Incident Response, completes his IT forensics tutorial series on “Kroll Artifact Parser and Extractor” (KAPE). In every cyberattack, software is executed at some point – this can be standard programs or malware. In any case, the execution leaves traces that can be used to analyse the course of an attack.

In the fourth and final part of the tutorial, Gregor Wegberg explains how KAPE is used in forensic analysis to determine the actions of an attacker based on the software that was executed.

Below you can find the full article (in German):

Click here to view the full online issue of iX 10/2021 (available in German only).