Acquire
Acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container. This makes acquire an excellent tool to, among others, speedup the process of digital forensic triage. It uses dissect to gather that information from the raw disk, if possible. Acquire gathers artifacts based on modules. These modules are paths or globs on a filesystem which acquire attempts to gather. Multiple modules can be executed at once, which have been collected together inside a profile. These profiles (used with --profile) are full, default, minimal, and none. Depending on what operating system gets detected, different artifacts are collected. The most basic usage of acquire is as follows: user@dissect~$ sudo acquire. The tool requires administrative access to read raw disk data instead of using the operating system for file access. However, there are some options available to use the operating system as a fallback option (e.g., --fallback or --force-fallback). For more information, please see the documentation. Requirements: This project is part of the Dissect framework and requires Python. Information on the supported Python versions can be found in the documentation.
FEATURES
SIMILAR TOOLS
Automated collection tool for incident response triage in Windows systems.
A tool for parsing and extracting information from the Master File Table of NTFS file systems.
A tool for analyzing pentest screenshots using a convolutional neural network
mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.
Malscan is a tool to scan process memory for YARA matches and execute Python scripts.
MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.
Highlighter is a FireEye Market app that integrates with FireEye products to provide enhanced cybersecurity capabilities.
Universal hexadecimal editor for computer forensics, data recovery, and IT security.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.