A PowerShell script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhance the output of those tools.
Per Oxford, ancillary means:
providing necessary support to the primary activities or operation of an organization, institution, industry, or system.
Used in a sentence:
the development of ancillary services to support its products
In the context of this script, KAPE Targets/Modules, EvtxECmd Maps, SQLECmd Maps, and RECmd Batch files are ancillary to their respective tools. Each of these files enhance the output of their respective tools. Keeping them updated is often overlooked but very important to ensuring that you're benefitting from the latest features/bug fixes from Eric Zimmerman and the latest work from the DFIR community.
Right-click -> Run with PowerShell and let it ride!
As of version 4.0 and newer, all you have to is run the script by itself without any arguments, unless you want to leverage -silent or -DoNotUpdate.
-silent- Disable the progress bar and exit the script without pausing in the end
Example: .\KAPE-EZToolsAncillaryUpdater.ps1 -silent
-DoNotUpdate- Use this if you do not want to check for and update this script (KAPE-EZToolsAncillaryUpdater.ps1)
Example: .\KAPE-EZToolsAncillaryUpdater.ps1 -DoNotUpdate
Make sure you have the .NET 6 Runtime installed prior to using the .NET 6 version of EZ Tools with KAPE! As of version 4.0, this script will only download and update the .NET 6 version of EZ Tools.
Do you see something that could be done better with this script? Create an Issue or do a Pull Request, if so! This is the first script I've put together on my own so I have no doubts there's room for improvement. Anything that moves the ball forward and helps the DFIR community I will always be in full support of!