acquire 3.17.dev3__tar.gz → 3.17.dev5__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (67) hide show
  1. {acquire-3.17.dev3/acquire.egg-info → acquire-3.17.dev5}/PKG-INFO +1 -1
  2. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/acquire.py +23 -0
  3. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/version.py +2 -2
  4. {acquire-3.17.dev3 → acquire-3.17.dev5/acquire.egg-info}/PKG-INFO +1 -1
  5. {acquire-3.17.dev3 → acquire-3.17.dev5}/COPYRIGHT +0 -0
  6. {acquire-3.17.dev3 → acquire-3.17.dev5}/LICENSE +0 -0
  7. {acquire-3.17.dev3 → acquire-3.17.dev5}/MANIFEST.in +0 -0
  8. {acquire-3.17.dev3 → acquire-3.17.dev5}/README.md +0 -0
  9. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/__init__.py +0 -0
  10. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/collector.py +3 -3
  11. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/crypt.py +0 -0
  12. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/dynamic/__init__.py +0 -0
  13. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/dynamic/windows/__init__.py +0 -0
  14. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/dynamic/windows/collect.py +0 -0
  15. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/dynamic/windows/exceptions.py +0 -0
  16. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/dynamic/windows/handles.py +0 -0
  17. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/dynamic/windows/named_objects.py +0 -0
  18. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/dynamic/windows/ntdll.py +0 -0
  19. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/dynamic/windows/types.py +0 -0
  20. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/esxi.py +0 -0
  21. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/gui/__init__.py +0 -0
  22. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/gui/base.py +0 -0
  23. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/gui/win32.py +0 -0
  24. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/hashes.py +0 -0
  25. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/log.py +0 -0
  26. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/outputs/__init__.py +0 -0
  27. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/outputs/base.py +0 -0
  28. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/outputs/dir.py +0 -0
  29. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/outputs/tar.py +0 -0
  30. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/outputs/zip.py +0 -0
  31. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/tools/__init__.py +0 -0
  32. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/tools/decrypter.py +0 -0
  33. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/uploaders/__init__.py +0 -0
  34. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/uploaders/minio.py +0 -0
  35. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/uploaders/plugin.py +0 -0
  36. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/uploaders/plugin_registry.py +0 -0
  37. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/utils.py +0 -0
  38. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/volatilestream.py +0 -0
  39. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire.egg-info/SOURCES.txt +0 -0
  40. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire.egg-info/dependency_links.txt +0 -0
  41. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire.egg-info/entry_points.txt +0 -0
  42. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire.egg-info/requires.txt +0 -0
  43. {acquire-3.17.dev3 → acquire-3.17.dev5}/acquire.egg-info/top_level.txt +0 -0
  44. {acquire-3.17.dev3 → acquire-3.17.dev5}/pyproject.toml +0 -0
  45. {acquire-3.17.dev3 → acquire-3.17.dev5}/setup.cfg +0 -0
  46. {acquire-3.17.dev3 → acquire-3.17.dev5}/tests/__init__.py +0 -0
  47. {acquire-3.17.dev3 → acquire-3.17.dev5}/tests/conftest.py +0 -0
  48. {acquire-3.17.dev3 → acquire-3.17.dev5}/tests/data/private_key.pem +0 -0
  49. {acquire-3.17.dev3 → acquire-3.17.dev5}/tests/data/public_key.pem +0 -0
  50. {acquire-3.17.dev3 → acquire-3.17.dev5}/tests/docs/Makefile +0 -0
  51. {acquire-3.17.dev3 → acquire-3.17.dev5}/tests/docs/conf.py +0 -0
  52. {acquire-3.17.dev3 → acquire-3.17.dev5}/tests/docs/index.rst +0 -0
  53. {acquire-3.17.dev3 → acquire-3.17.dev5}/tests/test_acquire_command.py +0 -0
  54. {acquire-3.17.dev3 → acquire-3.17.dev5}/tests/test_acquire_modules.py +0 -0
  55. {acquire-3.17.dev3 → acquire-3.17.dev5}/tests/test_collector.py +0 -0
  56. {acquire-3.17.dev3 → acquire-3.17.dev5}/tests/test_decryptor_funcs.py +0 -0
  57. {acquire-3.17.dev3 → acquire-3.17.dev5}/tests/test_esxi_memory.py +0 -0
  58. {acquire-3.17.dev3 → acquire-3.17.dev5}/tests/test_file_sorting.py +0 -0
  59. {acquire-3.17.dev3 → acquire-3.17.dev5}/tests/test_gui.py +0 -0
  60. {acquire-3.17.dev3 → acquire-3.17.dev5}/tests/test_minio_uploader.py +0 -0
  61. {acquire-3.17.dev3 → acquire-3.17.dev5}/tests/test_misc_users.py +0 -0
  62. {acquire-3.17.dev3 → acquire-3.17.dev5}/tests/test_outputs_dir.py +0 -0
  63. {acquire-3.17.dev3 → acquire-3.17.dev5}/tests/test_outputs_tar.py +0 -0
  64. {acquire-3.17.dev3 → acquire-3.17.dev5}/tests/test_outputs_zip.py +0 -0
  65. {acquire-3.17.dev3 → acquire-3.17.dev5}/tests/test_plugin.py +0 -0
  66. {acquire-3.17.dev3 → acquire-3.17.dev5}/tests/test_utils.py +0 -0
  67. {acquire-3.17.dev3 → acquire-3.17.dev5}/tox.ini +0 -0
{acquire-3.17.dev3/acquire.egg-info → acquire-3.17.dev5}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: acquire
3
- Version: 3.17.dev3
3
+ Version: 3.17.dev5
4
4
  Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/acquire.py RENAMED
@@ -1372,6 +1372,26 @@ class SSH(Module):
1372
1372
  super().run(target, cli_args, collector)
1373
1373
 
1374
1374
 
1375
+ @register_module("--docker")
1376
+ class Docker(Module):
1377
+ DESC = "various Docker logs and configuration files"
1378
+ SPEC = [
1379
+ # Container log files
1380
+ ("glob", "/var/lib/docker/containers/*/*-json.log"),
1381
+ ("glob", "/var/lib/docker/containers/*/*.json"),
1382
+ ("glob", "/var/lib/docker/containers/*/hostname"),
1383
+ # Linux daemon configs
1384
+ ("file", "/etc/docker/daemon.json"),
1385
+ ("file", "/var/snap/docker/current/config/daemon.json"),
1386
+ # Windows daemon configs
1387
+ ("file", "sysvol/ProgramData/docker/config/daemon.json"),
1388
+ # User-specific config files (MacOS/Linux/Windows)
1389
+ ("file", ".docker/daemon.json", from_user_home),
1390
+ # Repositories
1391
+ ("file", "/var/lib/docker/image/overlay2/repositories.json"),
1392
+ ]
1393
+
1394
+
1375
1395
  @register_module("--var")
1376
1396
  class Var(Module):
1377
1397
  SPEC = [
@@ -1952,6 +1972,7 @@ class WindowsProfile:
1952
1972
  SSH,
1953
1973
  IIS,
1954
1974
  TextEditor,
1975
+ Docker,
1955
1976
  ]
1956
1977
 
1957
1978
 
@@ -1966,6 +1987,7 @@ class LinuxProfile:
1966
1987
  DEFAULT = MINIMAL
1967
1988
  FULL = [
1968
1989
  *DEFAULT,
1990
+ Docker,
1969
1991
  History,
1970
1992
  WebHosting,
1971
1993
  ]
@@ -2010,6 +2032,7 @@ class OSXProfile:
2010
2032
  *DEFAULT,
2011
2033
  History,
2012
2034
  SSH,
2035
+ Docker,
2013
2036
  ]
2014
2037
 
2015
2038
 
{acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/version.py RENAMED
@@ -12,5 +12,5 @@ __version__: str
12
12
  __version_tuple__: VERSION_TUPLE
13
13
  version_tuple: VERSION_TUPLE
14
14
 
15
- __version__ = version = '3.17.dev3'
16
- __version_tuple__ = version_tuple = (3, 17, 'dev3')
15
+ __version__ = version = '3.17.dev5'
16
+ __version_tuple__ = version_tuple = (3, 17, 'dev5')
{acquire-3.17.dev3 → acquire-3.17.dev5/acquire.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: acquire
3
- Version: 3.17.dev3
3
+ Version: 3.17.dev5
4
4
  Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{acquire-3.17.dev3 → acquire-3.17.dev5}/COPYRIGHT RENAMED
File without changes
{acquire-3.17.dev3 → acquire-3.17.dev5}/LICENSE RENAMED
File without changes
{acquire-3.17.dev3 → acquire-3.17.dev5}/MANIFEST.in RENAMED
File without changes
{acquire-3.17.dev3 → acquire-3.17.dev5}/README.md RENAMED
File without changes
{acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/collector.py RENAMED
@@ -518,6 +518,9 @@ class Collector:
518
518
  self.report.add_symlink_collected(module_name, branch_path)
519
519
  log.info("- Collecting symlink branch suceeded %s", branch_path)
520
520
 
521
+ except (FileNotFoundError, NotADirectoryError, NotASymlinkError, SymlinkRecursionError, ValueError):
522
+ self.report.add_path_missing(module_name, error_path)
523
+ log.error("- Path %s is not found (while collecting %s)", error_path, path)
521
524
  except OSError as error:
522
525
  if error.errno == errno.ENOENT:
523
526
  self.report.add_path_missing(module_name, error_path)
@@ -528,9 +531,6 @@ class Collector:
528
531
  else:
529
532
  self.report.add_path_failed(module_name, error_path)
530
533
  log.error("- OSError while collecting path %s (while collecting %s)", error_path, path)
531
- except (FileNotFoundError, NotADirectoryError, NotASymlinkError, SymlinkRecursionError, ValueError):
532
- self.report.add_path_missing(module_name, error_path)
533
- log.error("- Path %s is not found (while collecting %s)", error_path, path)
534
534
  except Exception:
535
535
  self.report.add_path_failed(module_name, error_path)
536
536
  log.error("- Failed to collect path %s (while collecting %s)", error_path, path, exc_info=True)
{acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/esxi.py RENAMED
File without changes
{acquire-3.17.dev3 → acquire-3.17.dev5}/acquire/log.py RENAMED
File without changes
{acquire-3.17.dev3 → acquire-3.17.dev5}/pyproject.toml RENAMED
File without changes
{acquire-3.17.dev3 → acquire-3.17.dev5}/setup.cfg RENAMED
File without changes
{acquire-3.17.dev3 → acquire-3.17.dev5}/tox.ini RENAMED
File without changes