ssm-acquire Logo

ssm-acquire

0
Free
Visit Website

A python module for orchestrating content acquisitions and analysis via Amazon SSM. Features include acquiring memory from a Linux instance to an S3 bucket using SSM, interrogating an instance for top-10 IOCs using OSQuery, analyzing a memory sample on a machine using Docker, and creating a rekall profile using an instance as a build target running the Amazon SSM Agent. This is a pre-release and is free software under the MPL 2.0 License. For more information, refer to the documentation at https://ssm-acquire.readthedocs.io.

FEATURES

ALTERNATIVES

Forensic imaging program with full hash authentication and various acquisition options.

A Windows Registry hive extraction library that reads and writes Windows Registry 'hive' binary files.

A framework for orchestrating forensic collection, processing, and data export.

mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.

A library and tools to access and manipulate VMware Virtual Disk (VMDK) files.

A forensic research tool for gathering forensic traces on Android and iOS devices, supporting the use of public indicators of compromise.

NBD is a userland implementation of the Network Block Device protocol, allowing for remote access to block devices over a network.

Dissect is a digital forensics & incident response framework that simplifies the analysis of forensic artefacts from various disk and file formats.

PINNED