Find forensic artifacts, fast
Search artifact paths, build collection scripts, and convert Sigma rules. All in one place.
// TOOLS
Artifact Explorer
Browse and search all forensic artifacts with detailed paths, categories, and collection targets
Script Builder
Generate KAPE collection scripts by selecting exactly the artifacts you need for your investigation
Sigma Converter
Convert Sigma detection rules to any SIEM query language, entirely in your browser with pySigma
Collections
Pre-built forensic collection profiles for common investigation scenarios and triage workflows
// WHY DFIRHUB
Always Current
Artifacts synced weekly from KapeFiles. Always up to date with the latest forensic targets.
Browser-Native
Everything runs in your browser. No server, no telemetry, no data leaves your machine.
Investigation-Ready
From artifact lookup to collection script in seconds. Built for DFIR practitioners.
// POPULAR ARTIFACTS
view all →Prefetch
Prefetch files
Amcache
Amcache.hve
EventLogs
Event logs
RegistryHivesUser
User Related Registry hives
Chrome
Chrome
SRUM
System Resource Usage Monitor (SRUM) Data
Firefox
Firefox
Edge
Edge
ScheduledTasks
Scheduled tasks (*.job and XML)
$MFT
$MFT
Prefetch
Prefetch files
Amcache
Amcache.hve
EventLogs
Event logs
RegistryHivesUser
User Related Registry hives
Chrome
Chrome
SRUM
System Resource Usage Monitor (SRUM) Data
Firefox
Firefox
Edge
Edge
ScheduledTasks
Scheduled tasks (*.job and XML)
$MFT
$MFT
JumpLists
Jump lists
RecycleBin
Recycle Bin DataAndInfo
BITS
Microsoft BITS (Background Intelligent Transer Service) persistent files
RDPCache
RDP Cache Files
WindowsTimeline
ActivitiesCache.db collector
ThumbCache
Thumbcache DB
AnyDesk
AnyDesk
JumpLists
Jump lists
RecycleBin
Recycle Bin DataAndInfo
BITS
Microsoft BITS (Background Intelligent Transer Service) persistent files
RDPCache
RDP Cache Files
WindowsTimeline
ActivitiesCache.db collector
ThumbCache
Thumbcache DB
AnyDesk
AnyDesk