KapeFiles
KapeFiles copied to clipboard
EricZimmerman
INDXRipper Module using incorrect source drive
KAPE version
KAPE version 1.2.0.0
Describe the bug
When running INDXRipper module at the same time as Targets, the application incorrectly runs against the host's C drive, rather than the original source target drive (EG will not run against the image I have mounted as D when Targets are used) When no targets are specified, and the Module Source is set, the application runs correctly. This is likely due to the fact that INDXRipper requires to run directly against the image (or mounted image) as Targets are not able to collect the information that the tool operates on.
To Reproduce
Steps to reproduce the behavior:
- Mount image on D drive
- Run Kape to capture Filesystem info from D drive, and set Modules to run INDXRipper
- Results will be from the Host's hard drive, rather than the mounted image
Expected behavior
The module will run against the mounted image rather than the host's storage drive.
Screenshots
Extra Context
May require documentation to indicate to not run while collecting from Targets or maybe another variable form the Target Source
I don't see this as a bug.
Enable debug mode and see the exact command sent to the tool, but perhaps manually specifying msource as d In this case would do it.
Sounds like a limitation of the tool more than anything.
Perhaps this is the kind of tool you'd ONLY run as a module vs target and module too.
I don't see how I'd be able to fix this tho.
No worries. I think it is likely more of a module only tool as well.
BrowsingHistoryView never works as a Target/Module tool. It only runs successfully as a Module run only in my experience. NirSoft tool syntax isn't the most flexible so it just is what it is. Definitely a limitation of the tool and seems similar to what's going on here.
