Acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container. This makes acquire an excellent tool to, among others, speedup the process of digital forensic triage. It uses dissect to gather that information from the raw disk, if possible. Acquire gathers artifacts based on modules. These modules are paths or globs on a filesystem which acquire attempts to gather. Multiple modules can be executed at once, which have been collected together inside a profile. These profiles (used with --profile) are full, default, minimal, and none. Depending on what operating system gets detected, different artifacts are collected. The most basic usage of acquire is as follows: user@dissect~$ sudo acquire. The tool requires administrative access to read raw disk data instead of using the operating system for file access. However, there are some options available to use the operating system as a fallback option (e.g., --fallback or --force-fallback). For more information, please see the documentation. Requirements: This project is part of the Dissect framework and requires Python. Information on the supported Python versions can be found in the documentation.
FEATURES
ALTERNATIVES
MFT and USN parser for direct extraction in filesystem timeline format with YARA rule support.
Accessing databases stored on a machine by the Chrome browser and dumping URLs found.
Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix's Security Intelligence and Response Team (SIRT) for scoping compromises across cloud instances.
Web interface for the Volatility Memory Analysis framework with advanced features.
A digital forensic tool for creating forensic images of computer hard drives and analyzing digital evidence.
Universal hexadecimal editor for computer forensics, data recovery, and IT security.
A repository containing material from a talk on sub-domain enumeration techniques
A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.
PINNED

ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.