Custom folder structure for Targets

[NassiC]

When making a Target in KAPE it would be awesome to have the option to set a folder the output should be saved in.

Now as far as i can tell there is 2 options when using targets
1: RecreateDirectories - where output is saved using same folder structure as the target machine.
2: Have all output saved in a big pile in the Target destination folder.

I would find it really useful to write a target file to gather lets say eventlogs and then have the output saved in "Target destination folder\eventlogs" or have lets say all registry hives, both system and user hives, saved in "Target destination folder\registry"

So my idea is to have an option, like the one used in modules with the Category option, that saves the output in this folder.
As i see it, more custom output options cant be a bad thing, but it will allow way more flexibility in how you like your output to be saved.

[EricZimmerman]

Kape is a triage tool. That is not triage imo. If you want that you can write a module that filters things into those kinds of folders.

The idea here is to preserve evidence and metadata as it was found.

From there, once preserved, you can do what you like but the initial collection should be as close to the source as possible.

Why, other than preference, does this work better when forensic tools know how to find and process files they care about?