SANS ISC highlights KAPE as a tool that can be used for forensics when investigating compromised systems, hacking, or even more routine needs for evaluation.  It can zero in on specific areas such as Edge or IE history for example.

What is KAPE? — Kroll Artifact Parser and Extractor (KAPE) is primarily a triage program that will target a device or storage location, find the most forensically relevant artifacts (based on your needs), and parse them within a few minutes.  Because of its speed, KAPE allows investigators to find and prioritize the more critical systems to their case. Additionally, KAPE can be used to collect the most critical artifacts prior to the start of the imaging process.  While the imaging completes, the data generated by KAPE can be reviewed for leads, building timelines, etc.

Install — KAPE can be downloaded from the following link.  Once you download and unzip KAPE you can find two executables. One is kape.exe which is the command line version and the other one is gkape.exe which is the GUI version. For this diary, I am going to use the GUI version. Like most of forensics acquisition tools, KAPE needs an administrative privilege to do its job.