Acquire
Acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container. This makes acquire an excellent tool to, among others, speedup the process of digital forensic triage. It uses dissect to gather that information from the raw disk, if possible. Acquire gathers artifacts based on modules. These modules are paths or globs on a filesystem which acquire attempts to gather. Multiple modules can be executed at once, which have been collected together inside a profile. These profiles (used with --profile) are full, default, minimal, and none. Depending on what operating system gets detected, different artifacts are collected. The most basic usage of acquire is as follows: user@dissect~$ sudo acquire. The tool requires administrative access to read raw disk data instead of using the operating system for file access. However, there are some options available to use the operating system as a fallback option (e.g., --fallback or --force-fallback). For more information, please see the documentation. Requirements: This project is part of the Dissect framework and requires Python. Information on the supported Python versions can be found in the documentation.
FEATURES
ALTERNATIVES
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A binary analysis platform for analyzing binary programs
A forensic tool to find hidden processes and TCP/UDP ports by rootkits or other hidden techniques.
A tool for creating compact Linux memory dumps compatible with popular debugging tools.
Analyzing WiFiConfigStore.xml file for digital forensics on Android devices.
A collection of Mac OS X and iOS forensics resources with a focus on artifact collection and collaboration.
Toolkit for post-mortem analysis of Docker runtime environments using forensic HDD copies.
A recognition framework for identifying products, services, operating systems, and hardware by matching fingerprints against network probes.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Kriptos
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.