This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for fox-it from gravatar.com fox-it

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: OSI Approved (Affero General Public License v3)

Author: Dissect Team

Requires: Python ~=3.9

Classifiers

Project description

dissect.target

The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets). For more information, please see the documentation.

Requirements

This project is part of the Dissect framework and requires Python.

Information on the supported Python versions can be found in the Getting Started section of the documentation.

Installation

dissect.target is available on PyPI.

pip install dissect.target

This module is also automatically installed if you install the dissect package.

If you wish to use the YARA plugin (target-query -f yara), you can install dissect.target[yara] to automatically install the yara-python dependency.

Tools inside this project

target-query

target-query is a tool used to query specific data inside one or more targets. These queries are available in the form of functions that reside within plugins. Each plugin is focussed on providing specific functionality.

This functionality can range from parsing log sources, such as command history logs (i.e. bash history, PowerShell history, etc.), to returning the hostname and operating system version.

The most basic basic usage of target-query is to execute a function on a target:

target-query -f <FUNCTION_NAME> /example_path/target.vmdk

You can also use basic path expansion to execute functions over multiple targets. For example, to execute a function on all .vmdk files in a directory:

target-query -f <FUNCTION_NAME> /example_path/*.vmdk

Not every target plugin will function on every target, they are OS specific. More information on how to use target-query is found in the documentation.

target-shell

target-shell gives you the ability to access a target using a virtual shell environment. Once a shell is opened on a target, type help to list the available commands. To see the documentation of each command, you can use help [COMMAND].

Opening a shell on a target is straight-forward. You can do so by specifying a path to a target as follows:

    target-shell targets/EXAMPLE.vmx
    EXAMPLE /> help

    Documented commands (type help <topic>):
    ========================================
    cat    disks  filesystems  help     less  python    save
    cd     exit   find         hexdump  ls    readlink  stat
    clear  file   hash         info     pwd   registry  volumes

    EXAMPLE /> ls
    c:
    sysvol

Further interacting with the target can be done using the commands listed above. You can exit the shell by running exit or by pressing CTRL+D.

More information on how to use target-shell is found in the documentation.

target-fs

With target-fs you can interact with the filesystem of a target using a set of familiar Unix commands.

The basic structure of a target-fs command is as follows:

target-fs <path_to_target> <command> <path_for_command>

NOTE: As with any shell command, you have to properly escape backlashes and spaces. Unless you use single or double quotes (', ").

More information on how to use target-fs is found in the documentation.

target-reg

With target-reg you can easily query the registry of Windows targets and print the results in a tree. A + symbol indicates that it is a registry key (i.e. may have subkeys). A - symbol indicates a registry value.

user@dissect~$ target-reg targets/EXAMPLE.E01 -k "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft"
+ 'Microsoft' (last-modified-date-shows-here)
    + '.NETFramework' (last-modified-date-shows-here)
    - 'Enable64Bit' value-shows-here
[...]

More information on how to use target-reg is found in the documentation.

target-dump

With target-dump you can export records of a specific function used in target-query to a file.

The basic structure of a target-dump command is as follows:

target-dump -f <comma_seperated_functions> <path_to_target>

Futhermore, the tool can apply certain compression algorithms to the dump, to create small archives of the output.

More information on how to use target-dump is found in the documentation.

target-dd

With target-dd you can export (a part of) a target to a file or to stdout. At the moment, target-dd can be used for targets that have only one disk.

The basic structure of a target-dd command is as follows:

target-dd --write <output_file> --offset <offset_on_target_in_bytes> --bytes <nr_of_bytes_to_read> <path_to_target>

More information on how to use target-dd is found in the documentation.

target-mount

With target-mount you can mount the filesystem of a target to any arbitrary directory on your analysis machine, similar to the mount command on Unix systems. To perform this function, we use fusepy to mount a filesystem in linux and mac. This interacts with fuselib to mount disk images in linux userspace, so no administrative access is required.

target-mount has two required positional arguments:

  • TARGET - Target to mount
  • MOUNT - Directory to mount the target's filesystem on

The following example command can be used to mount a target to the directory mnt:

user@dissect~$ target-mount targets/EXAMPLE.vmx ~/mnt/EXAMPLE
user@dissect~$ ls ~/mnt/EXAMPLE/
disks   fs   volumes

When mounting a target using target-mount the process is kept in the foreground. This will occupy your current terminal session. It is recommended to either open a second terminal, let this command run in the background by appending & to the command or use a terminal multiplexer like tmux to start a second session. Using one of these methods enables you to interact with the mountpoint.

More information on how to use target-mount is found in the documentation.

Build and test instructions

This project uses tox to build source and wheel distributions. Run the following command from the root folder to build these:

tox -e build

The build artifacts can be found in the dist/ directory.

tox is also used to run linting and unit tests in a self-contained environment. To run both linting and unit tests using the default installed Python version, run:

tox

For a more elaborate explanation on how to build and test the project, please see the documentation.

Contributing

The Dissect project encourages any contribution to the codebase. To make your contribution fit into the project, please refer to the development guide.

Copyright and license

Dissect is released as open source by Fox-IT (https://www.fox-it.com) part of NCC Group Plc (https://www.nccgroup.com).

Developed by the Dissect Team (dissect@fox-it.com) and made available at https://github.com/fox-it/dissect.

License terms: AGPL3 (https://www.gnu.org/licenses/agpl-3.0.html). For more information, see the LICENSE file.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for fox-it from gravatar.com fox-it

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: OSI Approved (Affero General Public License v3)

Author: Dissect Team

Requires: Python ~=3.9

Classifiers

Release history Release notifications | RSS feed

3.17.dev35 pre-release

3.17.dev34 pre-release

3.17.dev33 pre-release

3.17.dev31 pre-release

3.17.dev29 pre-release

3.17.dev28 pre-release

3.17.dev27 pre-release

3.17.dev26 pre-release

3.17.dev25 pre-release

3.17.dev23 pre-release

3.17.dev22 pre-release

3.17.dev21 pre-release

3.17.dev20 pre-release

3.17.dev19 pre-release

3.17.dev18 pre-release

3.17.dev17 pre-release

3.17.dev15 pre-release

3.17.dev13 pre-release

3.17.dev12 pre-release

3.17.dev11 pre-release

3.17.dev10 pre-release

3.17.dev9 pre-release

3.17.dev8 pre-release

3.17.dev7 pre-release

3.17.dev6 pre-release

3.17.dev5 pre-release

3.17.dev4 pre-release

3.17.dev3 pre-release

3.17.dev1 pre-release

This version

3.16

3.16.dev45 pre-release

3.16.dev44 pre-release

3.16.dev43 pre-release

3.16.dev41 pre-release

3.16.dev39 pre-release

3.16.dev38 pre-release

3.16.dev37 pre-release

3.16.dev36 pre-release

3.16.dev35 pre-release

3.16.dev34 pre-release

3.16.dev33 pre-release

3.16.dev32 pre-release

3.16.dev31 pre-release

3.16.dev30 pre-release

3.16.dev29 pre-release

3.16.dev27 pre-release

3.16.dev26 pre-release

3.16.dev25 pre-release

3.16.dev24 pre-release

3.16.dev23 pre-release

3.16.dev22 pre-release

3.16.dev21 pre-release

3.16.dev20 pre-release

3.16.dev19 pre-release

3.16.dev17 pre-release

3.16.dev16 pre-release

3.16.dev15 pre-release

3.16.dev14 pre-release

3.16.dev13 pre-release

3.16.dev12 pre-release

3.16.dev11 pre-release

3.16.dev10 pre-release

3.16.dev9 pre-release

3.16.dev8 pre-release

3.16.dev7 pre-release

3.16.dev6 pre-release

3.16.dev4 pre-release

3.16.dev3 pre-release

3.16.dev2 pre-release

3.15

3.15.dev39 pre-release

3.15.dev38 pre-release

3.15.dev34 pre-release

3.15.dev33 pre-release

3.15.dev32 pre-release

3.15.dev31 pre-release

3.15.dev30 pre-release

3.15.dev29 pre-release

3.15.dev28 pre-release

3.15.dev27 pre-release

3.15.dev26 pre-release

3.15.dev25 pre-release

3.15.dev24 pre-release

3.15.dev23 pre-release

3.15.dev22 pre-release

3.15.dev21 pre-release

3.15.dev20 pre-release

3.15.dev19 pre-release

3.15.dev18 pre-release

3.15.dev17 pre-release

3.15.dev14 pre-release

3.15.dev13 pre-release

3.15.dev12 pre-release

3.15.dev11 pre-release

3.15.dev10 pre-release

3.15.dev9 pre-release

3.15.dev8 pre-release

3.15.dev7 pre-release

3.15.dev6 pre-release

3.15.dev4 pre-release

3.15.dev3 pre-release

3.15.dev2 pre-release

3.15.dev1 pre-release

3.14

3.14.dev29 pre-release

3.14.dev28 pre-release

3.14.dev26 pre-release

3.14.dev25 pre-release

3.14.dev24 pre-release

3.14.dev23 pre-release

3.14.dev22 pre-release

3.14.dev20 pre-release

3.14.dev19 pre-release

3.14.dev17 pre-release

3.14.dev16 pre-release

3.14.dev15 pre-release

3.14.dev14 pre-release

3.14.dev13 pre-release

3.14.dev12 pre-release

3.14.dev11 pre-release

3.14.dev10 pre-release

3.14.dev9 pre-release

3.14.dev8 pre-release

3.14.dev7 pre-release

3.14.dev6 pre-release

3.14.dev5 pre-release

3.14.dev4 pre-release

3.14.dev3 pre-release

3.14.dev2 pre-release

3.14.dev1 pre-release

3.13

3.13.dev27 pre-release

3.13.dev26 pre-release

3.13.dev25 pre-release

3.13.dev24 pre-release

3.13.dev23 pre-release

3.13.dev22 pre-release

3.13.dev18 pre-release

3.13.dev17 pre-release

3.13.dev16 pre-release

3.13.dev15 pre-release

3.13.dev14 pre-release

3.13.dev13 pre-release

3.13.dev12 pre-release

3.13.dev11 pre-release

3.13.dev10 pre-release

3.13.dev9 pre-release

3.13.dev8 pre-release

3.13.dev7 pre-release

3.13.dev6 pre-release

3.13.dev5 pre-release

3.13.dev4 pre-release

3.13.dev3 pre-release

3.13.dev2 pre-release

3.13.dev1 pre-release

3.12

3.11.2.dev50 pre-release

3.11.2.dev49 pre-release

3.11.2.dev48 pre-release

3.11.2.dev47 pre-release

3.11.2.dev46 pre-release

3.11.2.dev45 pre-release

3.11.2.dev44 pre-release

3.11.2.dev43 pre-release

3.11.2.dev42 pre-release

3.11.2.dev41 pre-release

3.11.2.dev40 pre-release

3.11.2.dev39 pre-release

3.11.2.dev38 pre-release

3.11.2.dev37 pre-release

3.11.2.dev36 pre-release

3.11.2.dev35 pre-release

3.11.2.dev34 pre-release

3.11.2.dev33 pre-release

3.11.2.dev32 pre-release

3.11.2.dev31 pre-release

3.11.2.dev30 pre-release

3.11.2.dev29 pre-release

3.11.2.dev28 pre-release

3.11.2.dev27 pre-release

3.11.2.dev26 pre-release

3.11.2.dev25 pre-release

3.11.2.dev24 pre-release

3.11.2.dev23 pre-release

3.11.2.dev20 pre-release

3.11.2.dev19 pre-release

3.11.2.dev18 pre-release

3.11.2.dev17 pre-release

3.11.2.dev16 pre-release

3.11.2.dev15 pre-release

3.11.2.dev14 pre-release

3.11.2.dev13 pre-release

3.11.2.dev12 pre-release

3.11.2.dev11 pre-release

3.11.2.dev10 pre-release

3.11.2.dev9 pre-release

3.11.2.dev8 pre-release

3.11.2.dev7 pre-release

3.11.2.dev6 pre-release

3.11.2.dev5 pre-release

3.11.2.dev4 pre-release

3.11.2.dev3 pre-release

3.11.2.dev2 pre-release

3.11.2.dev1 pre-release

3.11.1

3.11

3.11.dev36 pre-release

3.11.dev35 pre-release

3.11.dev34 pre-release

3.11.dev33 pre-release

3.11.dev32 pre-release

3.11.dev31 pre-release

3.11.dev30 pre-release

3.11.dev29 pre-release

3.11.dev28 pre-release

3.11.dev27 pre-release

3.11.dev26 pre-release

3.11.dev25 pre-release

3.11.dev24 pre-release

3.11.dev23 pre-release

3.11.dev22 pre-release

3.11.dev21 pre-release

3.11.dev20 pre-release

3.11.dev19 pre-release

3.11.dev18 pre-release

3.11.dev16 pre-release

3.11.dev15 pre-release

3.11.dev14 pre-release

3.11.dev11 pre-release

3.11.dev10 pre-release

3.11.dev9 pre-release

3.11.dev8 pre-release

3.11.dev7 pre-release

3.11.dev6 pre-release

3.11.dev5 pre-release

3.11.dev4 pre-release

3.11.dev3 pre-release

3.11.dev2 pre-release

3.11.dev1 pre-release

3.10

3.9

3.8

3.7

3.6

3.4

3.3 yanked

Reason this release was yanked:

Missing minimal Python requirement

0.0 yanked

Reason this release was yanked:

Obsolete placeholder

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

dissect.target-3.16.tar.gz (666.1 kB view hashes)

Uploaded Source

Built Distribution

dissect.target-3.16-py3-none-any.whl (677.8 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page