acquire 3.12.dev5__tar.gz → 3.12.dev7__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (60) hide show
  1. {acquire-3.12.dev5/acquire.egg-info → acquire-3.12.dev7}/PKG-INFO +1 -1
  2. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/acquire.py +7 -6
  3. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/collector.py +8 -2
  4. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/utils.py +2 -2
  5. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/version.py +2 -2
  6. {acquire-3.12.dev5 → acquire-3.12.dev7/acquire.egg-info}/PKG-INFO +1 -1
  7. {acquire-3.12.dev5 → acquire-3.12.dev7}/tests/test_utils.py +33 -14
  8. {acquire-3.12.dev5 → acquire-3.12.dev7}/COPYRIGHT +0 -0
  9. {acquire-3.12.dev5 → acquire-3.12.dev7}/LICENSE +0 -0
  10. {acquire-3.12.dev5 → acquire-3.12.dev7}/MANIFEST.in +0 -0
  11. {acquire-3.12.dev5 → acquire-3.12.dev7}/README.md +0 -0
  12. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/__init__.py +0 -0
  13. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/crypt.py +0 -0
  14. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/dynamic/__init__.py +0 -0
  15. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/dynamic/windows/__init__.py +0 -0
  16. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/dynamic/windows/collect.py +0 -0
  17. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/dynamic/windows/exceptions.py +0 -0
  18. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/dynamic/windows/handles.py +0 -0
  19. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/dynamic/windows/named_objects.py +0 -0
  20. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/dynamic/windows/ntdll.py +0 -0
  21. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/dynamic/windows/types.py +0 -0
  22. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/esxi.py +0 -0
  23. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/hashes.py +0 -0
  24. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/log.py +0 -0
  25. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/outputs/__init__.py +0 -0
  26. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/outputs/base.py +0 -0
  27. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/outputs/dir.py +0 -0
  28. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/outputs/tar.py +0 -0
  29. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/outputs/zip.py +0 -0
  30. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/tools/__init__.py +0 -0
  31. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/tools/decrypter.py +0 -0
  32. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/uploaders/__init__.py +0 -0
  33. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/uploaders/minio.py +0 -0
  34. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/uploaders/plugin.py +0 -0
  35. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/uploaders/plugin_registry.py +0 -0
  36. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/volatilestream.py +0 -0
  37. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire.egg-info/SOURCES.txt +0 -0
  38. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire.egg-info/dependency_links.txt +0 -0
  39. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire.egg-info/entry_points.txt +0 -0
  40. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire.egg-info/requires.txt +0 -0
  41. {acquire-3.12.dev5 → acquire-3.12.dev7}/acquire.egg-info/top_level.txt +0 -0
  42. {acquire-3.12.dev5 → acquire-3.12.dev7}/pyproject.toml +0 -0
  43. {acquire-3.12.dev5 → acquire-3.12.dev7}/setup.cfg +0 -0
  44. {acquire-3.12.dev5 → acquire-3.12.dev7}/tests/__init__.py +0 -0
  45. {acquire-3.12.dev5 → acquire-3.12.dev7}/tests/conftest.py +0 -0
  46. {acquire-3.12.dev5 → acquire-3.12.dev7}/tests/docs/Makefile +0 -0
  47. {acquire-3.12.dev5 → acquire-3.12.dev7}/tests/docs/conf.py +0 -0
  48. {acquire-3.12.dev5 → acquire-3.12.dev7}/tests/docs/index.rst +0 -0
  49. {acquire-3.12.dev5 → acquire-3.12.dev7}/tests/test_acquire_command.py +0 -0
  50. {acquire-3.12.dev5 → acquire-3.12.dev7}/tests/test_acquire_modules.py +0 -0
  51. {acquire-3.12.dev5 → acquire-3.12.dev7}/tests/test_collector.py +0 -0
  52. {acquire-3.12.dev5 → acquire-3.12.dev7}/tests/test_decryptor_funcs.py +0 -0
  53. {acquire-3.12.dev5 → acquire-3.12.dev7}/tests/test_esxi_memory.py +0 -0
  54. {acquire-3.12.dev5 → acquire-3.12.dev7}/tests/test_file_sorting.py +0 -0
  55. {acquire-3.12.dev5 → acquire-3.12.dev7}/tests/test_minio_uploader.py +0 -0
  56. {acquire-3.12.dev5 → acquire-3.12.dev7}/tests/test_misc_users.py +0 -0
  57. {acquire-3.12.dev5 → acquire-3.12.dev7}/tests/test_outputs_dir.py +0 -0
  58. {acquire-3.12.dev5 → acquire-3.12.dev7}/tests/test_outputs_tar.py +0 -0
  59. {acquire-3.12.dev5 → acquire-3.12.dev7}/tests/test_plugin.py +0 -0
  60. {acquire-3.12.dev5 → acquire-3.12.dev7}/tox.ini +0 -0
{acquire-3.12.dev5/acquire.egg-info → acquire-3.12.dev7}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: acquire
3
- Version: 3.12.dev5
3
+ Version: 3.12.dev7
4
4
  Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/acquire.py RENAMED
@@ -99,11 +99,11 @@ logging.raiseExceptions = False
99
99
 
100
100
  def misc_windows_user_homes(target: Target) -> Iterator[fsutil.TargetPath]:
101
101
  misc_dirs = {
102
- ("windows/serviceprofiles/localservice", False),
103
- ("windows/serviceprofiles/networkservice", False),
104
- ("windows/system32/config/systemprofile", False),
105
- ("users", True),
106
- ("documents and settings", True),
102
+ ("Windows/ServiceProfiles/LocalService", False),
103
+ ("Windows/ServiceProfiles/NetworkService", False),
104
+ ("Windows/System32/config/systemprofile", False),
105
+ ("Users", True),
106
+ ("Documents and Settings", True),
107
107
  }
108
108
 
109
109
  for fs in target.fs.path().iterdir():
@@ -146,7 +146,7 @@ MISC_MAPPING = {
146
146
  def from_user_home(target: Target, path: str) -> Iterator[str]:
147
147
  try:
148
148
  for user_details in target.user_details.all_with_home():
149
- yield normalize_path(target, user_details.home_path.joinpath(path))
149
+ yield normalize_path(target, user_details.home_path.joinpath(path), lower_case=False)
150
150
  except Exception as e:
151
151
  log.warning("Error occurred when requesting all user homes")
152
152
  log.debug("", exc_info=e)
@@ -937,6 +937,7 @@ class Misc(Module):
937
937
  ("glob", "sysvol/ProgramData/USOShared/Logs/System/*.etl"),
938
938
  ("glob", "sysvol/Windows/Logs/WindowsUpdate/WindowsUpdate*.etl"),
939
939
  ("glob", "sysvol/Windows/Logs/CBS/CBS*.log"),
940
+ ("dir", "sysvol/ProgramData/Microsoft/Search/Data/Applications/Windows"),
940
941
  ]
941
942
 
942
943
 
{acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/collector.py RENAMED
@@ -74,8 +74,14 @@ def serialize_path(path: Any) -> str:
74
74
 
75
75
  # Naive way to serialize TargetPath filesystem's metadata is
76
76
  # to rely on uniqueness of `path._fs` object
77
- fs_id = id(path._fs)
78
- return f"{path._fs.__type__}:{fs_id}:{path}"
77
+ fs = path._fs
78
+ fs_id = id(fs)
79
+ fs_type = fs.__type__
80
+ path = str(path)
81
+ if not fs.case_sensitive:
82
+ path = path.lower()
83
+
84
+ return f"{fs_type}:{fs_id}:{path}"
79
85
 
80
86
 
81
87
  @dataclass
{acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/utils.py RENAMED
@@ -371,13 +371,13 @@ def persist_execution_report(path: Path, report_data: dict) -> Path:
371
371
  SYSVOL_SUBST = re.compile(r"^(/\?\?/)?[cC]:")
372
372
 
373
373
 
374
- def normalize_path(target: Target, path: Path, resolve: bool = False) -> str:
374
+ def normalize_path(target: Target, path: Path, resolve: bool = False, lower_case: bool = True) -> str:
375
375
  if resolve:
376
376
  path = path.resolve()
377
377
 
378
378
  path = path.as_posix()
379
379
 
380
- if not target.fs.case_sensitive:
380
+ if not target.fs.case_sensitive and lower_case:
381
381
  path = path.lower()
382
382
 
383
383
  if target.os == "windows":
{acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/version.py RENAMED
@@ -12,5 +12,5 @@ __version__: str
12
12
  __version_tuple__: VERSION_TUPLE
13
13
  version_tuple: VERSION_TUPLE
14
14
 
15
- __version__ = version = '3.12.dev5'
16
- __version_tuple__ = version_tuple = (3, 12, 'dev5')
15
+ __version__ = version = '3.12.dev7'
16
+ __version_tuple__ = version_tuple = (3, 12, 'dev7')
{acquire-3.12.dev5 → acquire-3.12.dev7/acquire.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: acquire
3
- Version: 3.12.dev5
3
+ Version: 3.12.dev7
4
4
  Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{acquire-3.12.dev5 → acquire-3.12.dev7}/tests/test_utils.py RENAMED
@@ -296,77 +296,95 @@ def test_check_and_set_acquire_args_cagent():
296
296
 
297
297
 
298
298
  @pytest.mark.parametrize(
299
- "path, resolve, norm_path, case_sensitive, os",
299
+ "path, resolve, lower_case, case_sensitive, os, result",
300
300
  [
301
301
  (
302
302
  pathlib.Path("/foo/bar"),
303
303
  False,
304
- "/foo/bar",
304
+ True,
305
305
  True,
306
306
  "dummy",
307
+ "/foo/bar",
307
308
  ),
308
309
  (
309
310
  pathlib.Path("/foo/BAR"),
310
311
  False,
311
- "/foo/bar",
312
+ True,
312
313
  False,
313
314
  "dummy",
315
+ "/foo/bar",
314
316
  ),
315
317
  (
316
318
  pathlib.Path("/foo/BAR"),
317
319
  False,
318
- "/foo/BAR",
320
+ True,
319
321
  True,
320
322
  "dummy",
323
+ "/foo/BAR",
321
324
  ),
322
325
  (
323
326
  pathlib.Path("/foo/../bar"),
324
327
  False,
325
- "/foo/../bar",
328
+ True,
326
329
  True,
327
330
  "dummy",
331
+ "/foo/../bar",
328
332
  ),
329
333
  (
330
334
  pathlib.Path("/foo/../foo/bar"),
331
335
  True,
332
- "/foo/bar",
336
+ True,
333
337
  True,
334
338
  "dummy",
339
+ "/foo/bar",
335
340
  ),
336
341
  (
337
342
  pathlib.PureWindowsPath("c:\\foo\\bar"),
338
343
  False,
339
- "sysvol/foo/bar",
344
+ True,
340
345
  False,
341
346
  "windows",
347
+ "sysvol/foo/bar",
342
348
  ),
343
349
  (
344
350
  pathlib.PureWindowsPath("C:\\foo\\bar"),
345
351
  False,
346
- "sysvol/foo/bar",
352
+ True,
347
353
  False,
348
354
  "windows",
355
+ "sysvol/foo/bar",
349
356
  ),
350
357
  (
351
358
  pathlib.PureWindowsPath("\\??\\C:\\foo\\bar"),
352
359
  False,
353
- "sysvol/foo/bar",
360
+ True,
354
361
  False,
355
362
  "windows",
363
+ "sysvol/foo/bar",
356
364
  ),
357
365
  (
358
366
  pathlib.PureWindowsPath("\\??\\c:\\foo\\bar"),
359
367
  False,
360
- "sysvol/foo/bar",
368
+ True,
361
369
  False,
362
370
  "windows",
371
+ "sysvol/foo/bar",
363
372
  ),
364
373
  (
365
374
  pathlib.PureWindowsPath("D:\\foo\\bar"),
366
375
  False,
376
+ True,
377
+ False,
378
+ "windows",
367
379
  "d:/foo/bar",
380
+ ),
381
+ (
382
+ pathlib.PureWindowsPath("D:\\Foo\\BAR"),
383
+ False,
384
+ False,
368
385
  False,
369
386
  "windows",
387
+ "D:/Foo/BAR",
370
388
  ),
371
389
  ],
372
390
  )
@@ -374,16 +392,17 @@ def test_utils_normalize_path(
374
392
  mock_target: Target,
375
393
  path: pathlib.Path,
376
394
  resolve: bool,
377
- norm_path: str,
395
+ lower_case: bool,
378
396
  case_sensitive: bool,
379
397
  os: str,
398
+ result: str,
380
399
  ) -> None:
381
400
  with patch.object(mock_target, "os", new=os), patch.object(mock_target.fs, "_case_sensitive", new=case_sensitive):
382
- resolved_path = normalize_path(mock_target, path, resolve=resolve)
401
+ resolved_path = normalize_path(mock_target, path, resolve=resolve, lower_case=lower_case)
383
402
 
384
403
  if platform.system() == "Windows":
385
404
  # A resolved path on windows adds a C:\ prefix. So we check if it ends with our expected
386
405
  # path string
387
- assert resolved_path.endswith(norm_path)
406
+ assert resolved_path.endswith(result)
388
407
  else:
389
- assert resolved_path == norm_path
408
+ assert resolved_path == result
{acquire-3.12.dev5 → acquire-3.12.dev7}/COPYRIGHT RENAMED
File without changes
{acquire-3.12.dev5 → acquire-3.12.dev7}/LICENSE RENAMED
File without changes
{acquire-3.12.dev5 → acquire-3.12.dev7}/MANIFEST.in RENAMED
File without changes
{acquire-3.12.dev5 → acquire-3.12.dev7}/README.md RENAMED
File without changes
{acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/esxi.py RENAMED
File without changes
{acquire-3.12.dev5 → acquire-3.12.dev7}/acquire/log.py RENAMED
File without changes
{acquire-3.12.dev5 → acquire-3.12.dev7}/pyproject.toml RENAMED
File without changes
{acquire-3.12.dev5 → acquire-3.12.dev7}/setup.cfg RENAMED
File without changes
{acquire-3.12.dev5 → acquire-3.12.dev7}/tox.ini RENAMED
File without changes