Acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container. This makes acquire an excellent tool to, among others, speedup the process of digital forensic triage. It uses dissect to gather that information from the raw disk, if possible. Acquire gathers artifacts based on modules. These modules are paths or globs on a filesystem which acquire attempts to gather. Multiple modules can be executed at once, which have been collected together inside a profile. These profiles (used with --profile) are full, default, minimal, and none. Depending on what operating system gets detected, different artifacts are collected. The most basic usage of acquire is as follows: user@dissect~$ sudo acquire. The tool requires administrative access to read raw disk data instead of using the operating system for file access. However, there are some options available to use the operating system as a fallback option (e.g., --fallback or --force-fallback). For more information, please see the documentation. Requirements: This project is part of the Dissect framework and requires Python. Information on the supported Python versions can be found in the documentation.
FEATURES
ALTERNATIVES
Highlighter is a FireEye Market app that integrates with FireEye products to provide enhanced cybersecurity capabilities.
A Python 2.x tool for memory analysis on Mac OS X systems with support for various OS versions and memory image export capabilities.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A repository containing material from a talk on sub-domain enumeration techniques
A script for extracting common Windows artifacts from source images and VSCs with detailed dependencies and usage instructions.
A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.
A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.
Toolkit for performing acquisitions on iOS devices with logical and filesystem acquisition support.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
RoboShadow
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.