CyLR vs KAPE
GitHub Stats
About CyLR
CyLR is a live response tool designed for quickly collecting forensic artifacts from hosts during incident response activities. It supports the extraction of key data such as registry hives, event logs, and memory captures, which are vital for triaging security incidents. By automating the collection process, CyLR enables responders to gather evidence efficiently without impacting system performance. Its ease of use and comprehensive artifact collection make it valuable for rapid incident response.
About KAPE
KAPE (Kroll Artifact Parser and Extractor) is a triage tool that finds and parses forensic artifacts in minutes. Developed by Eric Zimmerman at Kroll, it operates in two phases: collection targets gather specific files and artifacts from a system, while module processors parse those artifacts into human-readable formats. KAPE ships with hundreds of pre-built targets covering browser history, event logs, registry hives, prefetch files, SRUM data, scheduled tasks, and virtually every forensic artifact type on Windows. Its module system integrates with Eric Zimmerman's tools (LECmd, PECmd, MFTECmd, etc.) and community parsers to process collected data automatically. KAPE is designed for speed - it can collect and parse a full forensic triage from a live system in under 10 minutes, making it the go-to tool for rapid incident response triage.
Platform Support
Tags
Shared
CyLR only
KAPE only