CombinedLogs
Author: Mike Cary, Mark Hallman added the USBDevicelogs target, Thomas DIOT (Qazeer) added the .NET CLR UsageLogs and PowerShell Transcripts target
description
Collect Event logs, Trace logs, Windows Firewall, PowerShell console logs, and .NET CLR UsageLogs
includes (6)
paths
26 pathsfrom 6 targets
› paths use Windows environment syntax
collection commands
# PowerShell Collection Script
# Target: CombinedLogs (Compound Target)
# Use KAPE for compound target collection:
# kape.exe --tsource C: --tdest D:\Evidence --target CombinedLogs
Write-Host "For compound targets, use KAPE directly for best results." -ForegroundColor Yellow
› Save as .ps1 and run as Administrator. Use: powershell -ExecutionPolicy Bypass -File script.ps1
Note: This is a compound target that references 7 other targets. KAPE will automatically collect all referenced artifacts.
› cyberchef recipes
- open in cyberchef(opens in new tab)Base64 DecodeDecode Base64 encoded data
- open in cyberchef(opens in new tab)Unicode DecodeDecode Unicode escape sequences
Open in CyberChef to decode values extracted from this artifact.