acquire 3.19.dev8__tar.gz → 3.19.dev9__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. {acquire-3.19.dev8 → acquire-3.19.dev9}/PKG-INFO +1 -1
  2. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/acquire.py +10 -0
  3. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/version.py +2 -2
  4. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire.egg-info/PKG-INFO +1 -1
  5. {acquire-3.19.dev8 → acquire-3.19.dev9}/.git-blame-ignore-revs +0 -0
  6. {acquire-3.19.dev8 → acquire-3.19.dev9}/.gitattributes +0 -0
  7. {acquire-3.19.dev8 → acquire-3.19.dev9}/COPYRIGHT +0 -0
  8. {acquire-3.19.dev8 → acquire-3.19.dev9}/LICENSE +0 -0
  9. {acquire-3.19.dev8 → acquire-3.19.dev9}/MANIFEST.in +0 -0
  10. {acquire-3.19.dev8 → acquire-3.19.dev9}/README.md +0 -0
  11. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/__init__.py +0 -0
  12. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/collector.py +0 -0
  13. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/crypt.py +0 -0
  14. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/dynamic/__init__.py +0 -0
  15. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/dynamic/windows/__init__.py +0 -0
  16. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/dynamic/windows/collect.py +0 -0
  17. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/dynamic/windows/exceptions.py +0 -0
  18. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/dynamic/windows/handles.py +0 -0
  19. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/dynamic/windows/named_objects.py +0 -0
  20. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/dynamic/windows/ntdll.py +0 -0
  21. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/dynamic/windows/types.py +0 -0
  22. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/esxi.py +0 -0
  23. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/gui/__init__.py +0 -0
  24. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/gui/base.py +0 -0
  25. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/gui/win32.py +0 -0
  26. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/hashes.py +0 -0
  27. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/log.py +0 -0
  28. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/outputs/__init__.py +0 -0
  29. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/outputs/base.py +0 -0
  30. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/outputs/dir.py +0 -0
  31. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/outputs/tar.py +0 -0
  32. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/outputs/zip.py +0 -0
  33. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/tools/__init__.py +0 -0
  34. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/tools/decrypter.py +0 -0
  35. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/uploaders/__init__.py +0 -0
  36. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/uploaders/minio.py +0 -0
  37. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/uploaders/plugin.py +0 -0
  38. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/uploaders/plugin_registry.py +0 -0
  39. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/utils.py +0 -0
  40. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/volatilestream.py +0 -0
  41. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire.egg-info/SOURCES.txt +0 -0
  42. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire.egg-info/dependency_links.txt +0 -0
  43. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire.egg-info/entry_points.txt +0 -0
  44. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire.egg-info/requires.txt +0 -0
  45. {acquire-3.19.dev8 → acquire-3.19.dev9}/acquire.egg-info/top_level.txt +0 -0
  46. {acquire-3.19.dev8 → acquire-3.19.dev9}/pyproject.toml +0 -0
  47. {acquire-3.19.dev8 → acquire-3.19.dev9}/setup.cfg +0 -0
  48. {acquire-3.19.dev8 → acquire-3.19.dev9}/tests/__init__.py +0 -0
  49. {acquire-3.19.dev8 → acquire-3.19.dev9}/tests/_data/private_key.pem +0 -0
  50. {acquire-3.19.dev8 → acquire-3.19.dev9}/tests/_data/public_key.pem +0 -0
  51. {acquire-3.19.dev8 → acquire-3.19.dev9}/tests/_docs/Makefile +0 -0
  52. {acquire-3.19.dev8 → acquire-3.19.dev9}/tests/_docs/conf.py +0 -0
  53. {acquire-3.19.dev8 → acquire-3.19.dev9}/tests/_docs/index.rst +0 -0
  54. {acquire-3.19.dev8 → acquire-3.19.dev9}/tests/conftest.py +0 -0
  55. {acquire-3.19.dev8 → acquire-3.19.dev9}/tests/test_acquire_command.py +0 -0
  56. {acquire-3.19.dev8 → acquire-3.19.dev9}/tests/test_acquire_modules.py +0 -0
  57. {acquire-3.19.dev8 → acquire-3.19.dev9}/tests/test_collector.py +0 -0
  58. {acquire-3.19.dev8 → acquire-3.19.dev9}/tests/test_decryptor_funcs.py +0 -0
  59. {acquire-3.19.dev8 → acquire-3.19.dev9}/tests/test_esxi_memory.py +0 -0
  60. {acquire-3.19.dev8 → acquire-3.19.dev9}/tests/test_file_sorting.py +0 -0
  61. {acquire-3.19.dev8 → acquire-3.19.dev9}/tests/test_gui.py +0 -0
  62. {acquire-3.19.dev8 → acquire-3.19.dev9}/tests/test_minio_uploader.py +0 -0
  63. {acquire-3.19.dev8 → acquire-3.19.dev9}/tests/test_misc_users.py +0 -0
  64. {acquire-3.19.dev8 → acquire-3.19.dev9}/tests/test_outputs_dir.py +0 -0
  65. {acquire-3.19.dev8 → acquire-3.19.dev9}/tests/test_outputs_tar.py +0 -0
  66. {acquire-3.19.dev8 → acquire-3.19.dev9}/tests/test_outputs_zip.py +0 -0
  67. {acquire-3.19.dev8 → acquire-3.19.dev9}/tests/test_plugin.py +0 -0
  68. {acquire-3.19.dev8 → acquire-3.19.dev9}/tests/test_utils.py +0 -0
  69. {acquire-3.19.dev8 → acquire-3.19.dev9}/tests/test_volatile.py +0 -0
  70. {acquire-3.19.dev8 → acquire-3.19.dev9}/tox.ini +0 -0
{acquire-3.19.dev8 → acquire-3.19.dev9}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: acquire
3
- Version: 3.19.dev8
3
+ Version: 3.19.dev9
4
4
  Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/acquire.py RENAMED
@@ -1706,6 +1706,15 @@ class OpenHandles(Module):
1706
1706
  log.info("Collecting open handles is done.")
1707
1707
 
1708
1708
 
1709
+ @register_module("--dpapi")
1710
+ class DPAPI(Module):
1711
+ SPEC = (
1712
+ ("path", "sysvol/Windows/System32/Microsoft/Protect"),
1713
+ ("path", "AppData/Roaming/Microsoft/Protect", from_user_home),
1714
+ ("path", "Application Data/Microsoft/Protect", from_user_home),
1715
+ )
1716
+
1717
+
1709
1718
  def print_disks_overview(target: Target) -> None:
1710
1719
  log.info("// Disks")
1711
1720
  try:
@@ -2009,6 +2018,7 @@ class WindowsProfile:
2009
2018
  RemoteAccess,
2010
2019
  ActivitiesCache,
2011
2020
  CamHistory,
2021
+ DPAPI,
2012
2022
  )
2013
2023
  FULL = (
2014
2024
  *DEFAULT,
{acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/version.py RENAMED
@@ -17,5 +17,5 @@ __version__: str
17
17
  __version_tuple__: VERSION_TUPLE
18
18
  version_tuple: VERSION_TUPLE
19
19
 
20
- __version__ = version = '3.19.dev8'
21
- __version_tuple__ = version_tuple = (3, 19, 'dev8')
20
+ __version__ = version = '3.19.dev9'
21
+ __version_tuple__ = version_tuple = (3, 19, 'dev9')
{acquire-3.19.dev8 → acquire-3.19.dev9}/acquire.egg-info/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: acquire
3
- Version: 3.19.dev8
3
+ Version: 3.19.dev9
4
4
  Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{acquire-3.19.dev8 → acquire-3.19.dev9}/.gitattributes RENAMED
File without changes
{acquire-3.19.dev8 → acquire-3.19.dev9}/COPYRIGHT RENAMED
File without changes
{acquire-3.19.dev8 → acquire-3.19.dev9}/LICENSE RENAMED
File without changes
{acquire-3.19.dev8 → acquire-3.19.dev9}/MANIFEST.in RENAMED
File without changes
{acquire-3.19.dev8 → acquire-3.19.dev9}/README.md RENAMED
File without changes
{acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/esxi.py RENAMED
File without changes
{acquire-3.19.dev8 → acquire-3.19.dev9}/acquire/log.py RENAMED
File without changes
{acquire-3.19.dev8 → acquire-3.19.dev9}/pyproject.toml RENAMED
File without changes
{acquire-3.19.dev8 → acquire-3.19.dev9}/setup.cfg RENAMED
File without changes
{acquire-3.19.dev8 → acquire-3.19.dev9}/tox.ini RENAMED
File without changes