acquire 3.18.dev12__tar.gz → 3.19.dev1__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (71) hide show
  1. {acquire-3.18.dev12 → acquire-3.19.dev1}/PKG-INFO +1 -1
  2. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/acquire.py +12 -0
  3. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/version.py +2 -2
  4. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire.egg-info/PKG-INFO +1 -1
  5. {acquire-3.18.dev12 → acquire-3.19.dev1}/.git-blame-ignore-revs +0 -0
  6. {acquire-3.18.dev12 → acquire-3.19.dev1}/.gitattributes +0 -0
  7. {acquire-3.18.dev12 → acquire-3.19.dev1}/COPYRIGHT +0 -0
  8. {acquire-3.18.dev12 → acquire-3.19.dev1}/LICENSE +0 -0
  9. {acquire-3.18.dev12 → acquire-3.19.dev1}/MANIFEST.in +0 -0
  10. {acquire-3.18.dev12 → acquire-3.19.dev1}/README.md +0 -0
  11. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/__init__.py +0 -0
  12. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/collector.py +0 -0
  13. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/crypt.py +0 -0
  14. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/dynamic/__init__.py +0 -0
  15. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/dynamic/windows/__init__.py +0 -0
  16. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/dynamic/windows/collect.py +0 -0
  17. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/dynamic/windows/exceptions.py +0 -0
  18. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/dynamic/windows/handles.py +0 -0
  19. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/dynamic/windows/named_objects.py +0 -0
  20. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/dynamic/windows/ntdll.py +0 -0
  21. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/dynamic/windows/types.py +0 -0
  22. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/esxi.py +0 -0
  23. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/gui/__init__.py +0 -0
  24. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/gui/base.py +0 -0
  25. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/gui/win32.py +0 -0
  26. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/hashes.py +0 -0
  27. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/log.py +0 -0
  28. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/outputs/__init__.py +0 -0
  29. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/outputs/base.py +0 -0
  30. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/outputs/dir.py +0 -0
  31. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/outputs/tar.py +0 -0
  32. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/outputs/zip.py +0 -0
  33. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/tools/__init__.py +0 -0
  34. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/tools/decrypter.py +0 -0
  35. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/uploaders/__init__.py +0 -0
  36. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/uploaders/minio.py +0 -0
  37. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/uploaders/plugin.py +0 -0
  38. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/uploaders/plugin_registry.py +0 -0
  39. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/utils.py +0 -0
  40. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/volatilestream.py +0 -0
  41. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire.egg-info/SOURCES.txt +0 -0
  42. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire.egg-info/dependency_links.txt +0 -0
  43. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire.egg-info/entry_points.txt +0 -0
  44. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire.egg-info/requires.txt +0 -0
  45. {acquire-3.18.dev12 → acquire-3.19.dev1}/acquire.egg-info/top_level.txt +0 -0
  46. {acquire-3.18.dev12 → acquire-3.19.dev1}/pyproject.toml +0 -0
  47. {acquire-3.18.dev12 → acquire-3.19.dev1}/setup.cfg +0 -0
  48. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/__init__.py +0 -0
  49. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/_data/private_key.pem +0 -0
  50. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/_data/public_key.pem +0 -0
  51. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/_docs/Makefile +0 -0
  52. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/_docs/__init__.py +0 -0
  53. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/_docs/conf.py +0 -0
  54. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/_docs/index.rst +0 -0
  55. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/conftest.py +0 -0
  56. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/test_acquire_command.py +0 -0
  57. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/test_acquire_modules.py +0 -0
  58. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/test_collector.py +0 -0
  59. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/test_decryptor_funcs.py +0 -0
  60. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/test_esxi_memory.py +0 -0
  61. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/test_file_sorting.py +0 -0
  62. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/test_gui.py +0 -0
  63. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/test_minio_uploader.py +0 -0
  64. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/test_misc_users.py +0 -0
  65. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/test_outputs_dir.py +0 -0
  66. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/test_outputs_tar.py +0 -0
  67. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/test_outputs_zip.py +0 -0
  68. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/test_plugin.py +0 -0
  69. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/test_utils.py +0 -0
  70. {acquire-3.18.dev12 → acquire-3.19.dev1}/tests/test_volatile.py +0 -0
  71. {acquire-3.18.dev12 → acquire-3.19.dev1}/tox.ini +0 -0
{acquire-3.18.dev12 → acquire-3.19.dev1}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.2
2
2
  Name: acquire
3
- Version: 3.18.dev12
3
+ Version: 3.19.dev1
4
4
  Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/acquire.py RENAMED
@@ -967,11 +967,16 @@ class AV(Module):
967
967
  ("dir", "sysvol/Documents and Settings/All Users/Application Data/AVG/Antivirus/report"),
968
968
  ("dir", "sysvol/ProgramData/AVG/Antivirus/log"),
969
969
  ("dir", "sysvol/ProgramData/AVG/Antivirus/report"),
970
+ ("dir", "sysvol/ProgramData/AVG/Persistent Data/Antivirus/Logs"),
971
+ ("file", "sysvol/ProgramData/AVG/Antivirus/FileInfo2.db"),
972
+ ("file", "sysvol/ProgramData/AVG/Antivirus/lsdb2.json"),
970
973
  # Avast
971
974
  ("dir", "sysvol/Documents And Settings/All Users/Application Data/Avast Software/Avast/Log"),
972
975
  ("dir", "sysvol/ProgramData/Avast Software/Avast/Log"),
973
976
  ("dir", "Avast Software/Avast/Log", from_user_home),
974
977
  ("file", "sysvol/ProgramData/Avast Software/Avast/Chest/index.xml"),
978
+ ("dir", "sysvol/ProgramData/Avast Software/Persistent Data/Logs"),
979
+ ("dir", "sysvol/ProgramData/Avast Software/Icarus/Logs"),
975
980
  # Avira
976
981
  ("dir", "sysvol/ProgramData/Avira/Antivirus/LOGFILES"),
977
982
  ("dir", "sysvol/ProgramData/Avira/Security/Logs"),
@@ -996,6 +1001,7 @@ class AV(Module):
996
1001
  ("dir", "sysvol/ProgramData/ESET/ESET Security/Logs"),
997
1002
  ("dir", "sysvol/ProgramData/ESET/RemoteAdministrator/Agent/EraAgentApplicationData/Logs"),
998
1003
  ("dir", "sysvol/Windows/System32/config/systemprofile/AppData/Local/ESET/ESET Security/Quarantine"),
1004
+ ("dir", "AppData/Local/ESET/ESET Security/Quarantine", from_user_home),
999
1005
  # Emsisoft
1000
1006
  ("glob", "sysvol/ProgramData/Emsisoft/Reports/scan*.txt"),
1001
1007
  # F-Secure
@@ -1028,6 +1034,7 @@ class AV(Module):
1028
1034
  ("dir", "sysvol/Documents and Settings/All Users/Application Data/McAfee/datreputation/Logs"),
1029
1035
  ("dir", "sysvol/Documents and Settings/All Users/Application Data/McAfee/Managed/VirusScan/Logs"),
1030
1036
  ("dir", "sysvol/Program Files (x86)/McAfee/DLP/WCF Service/Log"),
1037
+ # McAfee ePO
1031
1038
  ("dir", "sysvol/Program Files (x86)/McAfee/ePolicy Orchestrator/Apache2/Logs"),
1032
1039
  ("dir", "sysvol/Program Files (x86)/McAfee/ePolicy Orchestrator/DB/Events"),
1033
1040
  ("dir", "sysvol/Program Files (x86)/McAfee/ePolicy Orchestrator/DB/Events/Debug"),
@@ -1043,6 +1050,7 @@ class AV(Module):
1043
1050
  # Sophos
1044
1051
  ("glob", "sysvol/Documents and Settings/All Users/Application Data/Sophos/Sophos */Logs"),
1045
1052
  ("glob", "sysvol/ProgramData/Sophos/Sophos */Logs"),
1053
+ ("dir", "sysvol/ProgramData/Sophos/Logs"),
1046
1054
  # Symantec
1047
1055
  (
1048
1056
  "dir",
@@ -1058,6 +1066,7 @@ class AV(Module):
1058
1066
  ("dir", "sysvol/ProgramData/TotalAV/logs"),
1059
1067
  # Trendmicro
1060
1068
  ("glob", "sysvol/Program Files*/Trend Micro"),
1069
+ ("dir", "sysvol/ProgramData/Trend Micro"),
1061
1070
  # VIPRE
1062
1071
  ("dir", "sysvol/ProgramData/VIPRE Business Agent/Logs"),
1063
1072
  ("dir", "AppData/Roaming/VIPRE Business", from_user_home),
@@ -1072,6 +1081,9 @@ class AV(Module):
1072
1081
  ("dir", "sysvol/ProgramData/Microsoft/Windows Defender/Scans/History/Service/DetectionHistory"),
1073
1082
  ("file", "sysvol/Windows/Temp/MpCmdRun.log"),
1074
1083
  ("file", "sysvol/Windows.old/Windows/Temp/MpCmdRun.log"),
1084
+ ("file", "sysvol/ProgramData/Microsoft/Windows Defender/Scans/History/Service/Detection.log"),
1085
+ # Microsoft Safety Scanner
1086
+ ("file", "sysvol/Windows/Debug/msert.log"),
1075
1087
  )
1076
1088
 
1077
1089
 
{acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/version.py RENAMED
@@ -17,5 +17,5 @@ __version__: str
17
17
  __version_tuple__: VERSION_TUPLE
18
18
  version_tuple: VERSION_TUPLE
19
19
 
20
- __version__ = version = '3.18.dev12'
21
- __version_tuple__ = version_tuple = (3, 18, 'dev12')
20
+ __version__ = version = '3.19.dev1'
21
+ __version_tuple__ = version_tuple = (3, 19, 'dev1')
{acquire-3.18.dev12 → acquire-3.19.dev1}/acquire.egg-info/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.2
2
2
  Name: acquire
3
- Version: 3.18.dev12
3
+ Version: 3.19.dev1
4
4
  Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{acquire-3.18.dev12 → acquire-3.19.dev1}/.gitattributes RENAMED
File without changes
{acquire-3.18.dev12 → acquire-3.19.dev1}/COPYRIGHT RENAMED
File without changes
{acquire-3.18.dev12 → acquire-3.19.dev1}/LICENSE RENAMED
File without changes
{acquire-3.18.dev12 → acquire-3.19.dev1}/MANIFEST.in RENAMED
File without changes
{acquire-3.18.dev12 → acquire-3.19.dev1}/README.md RENAMED
File without changes
{acquire-3.18.dev12 → acquire-3.19.dev1}/acquire/log.py RENAMED
File without changes
{acquire-3.18.dev12 → acquire-3.19.dev1}/pyproject.toml RENAMED
File without changes
{acquire-3.18.dev12 → acquire-3.19.dev1}/setup.cfg RENAMED
File without changes
{acquire-3.18.dev12 → acquire-3.19.dev1}/tox.ini RENAMED
File without changes