A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for fox-it from gravatar.com fox-it

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: OSI Approved (Affero General Public License v3)
  • Author: Dissect Team
  • Requires: Python ~=3.9
  • Provides-Extra: dev, full
Classifiers

Project description

Acquire

acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container. This makes acquire an excellent tool to, among others, speedup the process of digital forensic triage. It uses dissect to gather that information from the raw disk, if possible.

acquire gathers artifacts based on modules. These modules are paths or globs on a filesystem which acquire attempts to gather. Multiple modules can be executed at once, which have been collected together inside a profile. These profiles (used with --profile) are full, default, minimal and none. Depending on what operating system gets detected, different artifacts are collected.

The most basic usage of acquire is as follows:

user@dissect~$ sudo acquire

The tool requires administrative access to read raw disk data instead of using the operating system for file access. However, there are some options available to use the operating system as a fallback option. (e.g --fallback or --force-fallback)

For more information, please see the documentation.

Requirements

This project is part of the Dissect framework and requires Python.

Information on the supported Python versions can be found in the Getting Started section of the documentation.

Installation

acquire is available on PyPI.

pip install acquire

Build and test instructions

This project uses tox to build source and wheel distributions. Run the following command from the root folder to build these:

tox -e build

The build artifacts can be found in the dist/ directory.

tox is also used to run linting and unit tests in a self-contained environment. To run both linting and unit tests using the default installed Python version, run:

tox

For a more elaborate explanation on how to build and test the project, please see the documentation.

Contributing

The Dissect project encourages any contribution to the codebase. To make your contribution fit into the project, please refer to the development guide.

Copyright and license

Dissect is released as open source by Fox-IT (https://www.fox-it.com) part of NCC Group Plc (https://www.nccgroup.com).

Developed by the Dissect Team (dissect@fox-it.com) and made available at https://github.com/fox-it/acquire.

License terms: AGPL3 (https://www.gnu.org/licenses/agpl-3.0.html). For more information, see the LICENSE file.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for fox-it from gravatar.com fox-it

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: OSI Approved (Affero General Public License v3)
  • Author: Dissect Team
  • Requires: Python ~=3.9
  • Provides-Extra: dev, full
Classifiers

Release history Release notifications | RSS feed

3.17.dev7 pre-release

3.17.dev6 pre-release

3.17.dev5 pre-release

3.17.dev3 pre-release

3.17.dev2 pre-release

3.17.dev1 pre-release

This version

3.16

3.16.dev9 pre-release

3.16.dev8 pre-release

3.16.dev7 pre-release

3.16.dev6 pre-release

3.16.dev5 pre-release

3.16.dev4 pre-release

3.16.dev3 pre-release

3.16.dev2 pre-release

3.16.dev1 pre-release

3.15

3.15.dev5 pre-release

3.15.dev4 pre-release

3.15.dev3 pre-release

3.15.dev2 pre-release

3.15.dev1 pre-release

3.14

3.14.dev9 pre-release

3.14.dev8 pre-release

3.14.dev7 pre-release

3.14.dev6 pre-release

3.14.dev5 pre-release

3.14.dev4 pre-release

3.14.dev3 pre-release

3.14.dev2 pre-release

3.14.dev1 pre-release

3.13

3.13.dev11 pre-release

3.13.dev10 pre-release

3.13.dev9 pre-release

3.13.dev8 pre-release

3.13.dev7 pre-release

3.13.dev6 pre-release

3.13.dev5 pre-release

3.13.dev4 pre-release

3.13.dev3 pre-release

3.13.dev2 pre-release

3.13.dev1 pre-release

3.12

3.12.dev8 pre-release

3.12.dev7 pre-release

3.12.dev6 pre-release

3.12.dev5 pre-release

3.12.dev4 pre-release

3.12.dev3 pre-release

3.12.dev2 pre-release

3.12.dev1 pre-release

3.11

3.11.dev4 pre-release

3.11.dev3 pre-release

3.11.dev2 pre-release

3.11.dev1 pre-release

3.10

3.10.dev7 pre-release

3.10.dev6 pre-release

3.10.dev5 pre-release

3.10.dev4 pre-release

3.10.dev3 pre-release

3.10.dev2 pre-release

3.10.dev1 pre-release

3.9

3.9.dev15 pre-release

3.9.dev14 pre-release

3.9.dev13 pre-release

3.9.dev12 pre-release

3.9.dev11 pre-release

3.9.dev10 pre-release

3.9.dev9 pre-release

3.9.dev8 pre-release

3.9.dev7 pre-release

3.9.dev6 pre-release

3.9.dev5 pre-release

3.9.dev4 pre-release

3.9.dev3 pre-release

3.9.dev2 pre-release

3.9.dev1 pre-release

3.8

3.8.dev10 pre-release

3.8.dev9 pre-release

3.8.dev8 pre-release

3.8.dev5 pre-release

3.8.dev4 pre-release

3.8.dev3 pre-release

3.8.dev2 pre-release

3.8.dev1 pre-release

3.7

3.7.dev6 pre-release

3.7.dev5 pre-release

3.7.dev4 pre-release

3.7.dev3 pre-release

3.7.dev2 pre-release

3.7.dev1 pre-release

3.6

3.6.dev9 pre-release

3.6.dev8 pre-release

3.6.dev7 pre-release

3.6.dev6 pre-release

3.6.dev5 pre-release

3.6.dev4 pre-release

3.6.dev3 pre-release

3.6.dev2 pre-release

3.6.dev1 pre-release

3.5

3.5.dev9 pre-release

3.5.dev8 pre-release

3.5.dev7 pre-release

3.5.dev6 pre-release

3.5.dev4 pre-release

3.5.dev3 pre-release

3.5.dev2 pre-release

3.5.dev1 pre-release

3.4

3.4.dev8 pre-release

3.4.dev7 pre-release

3.4.dev6 pre-release

3.4.dev5 pre-release

3.4.dev4 pre-release

3.4.dev3 pre-release

3.4.dev2 pre-release

3.4.dev1 pre-release

3.3

3.3.dev17 pre-release

3.3.dev16 pre-release

3.3.dev15 pre-release

3.3.dev14 pre-release

3.3.dev13 pre-release

3.3.dev12 pre-release

3.3.dev11 pre-release

3.3.dev10 pre-release

3.3.dev9 pre-release

3.3.dev8 pre-release

3.3.dev7 pre-release

3.3.dev4 pre-release

3.2 yanked

Reason this release was yanked:

Missing minimal Python requirement

0.1.2 yanked

Reason this release was yanked:

Project Ownership Change

0.1.1 yanked

Reason this release was yanked:

Project Ownership Change

0.1.0 yanked

Reason this release was yanked:

Project Ownership Change

0.0.9 yanked

Reason this release was yanked:

Project Ownership Change

0.0.8 yanked

Reason this release was yanked:

Project Ownership Change

0.0.7 yanked

Reason this release was yanked:

Project Ownership Change

0.0.6 yanked

Reason this release was yanked:

Project Ownership Change

0.0.5 yanked

Reason this release was yanked:

Project Ownership Change

0.0.4 yanked

Reason this release was yanked:

Project Ownership Change

0.0.2 yanked

Reason this release was yanked:

Project Ownership Change

0.0.1 yanked

Reason this release was yanked:

Project Ownership Change

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

acquire-3.16.tar.gz (87.3 kB view hashes)

Uploaded Source

Built Distribution

acquire-3.16-py3-none-any.whl (83.2 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page