acquire 3.20.dev3__tar.gz → 3.20.dev5__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (71) hide show
  1. {acquire-3.20.dev3 → acquire-3.20.dev5}/PKG-INFO +1 -1
  2. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/acquire.py +11 -1
  3. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/version.py +2 -2
  4. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire.egg-info/PKG-INFO +1 -1
  5. {acquire-3.20.dev3 → acquire-3.20.dev5}/.git-blame-ignore-revs +0 -0
  6. {acquire-3.20.dev3 → acquire-3.20.dev5}/.gitattributes +0 -0
  7. {acquire-3.20.dev3 → acquire-3.20.dev5}/COPYRIGHT +0 -0
  8. {acquire-3.20.dev3 → acquire-3.20.dev5}/LICENSE +0 -0
  9. {acquire-3.20.dev3 → acquire-3.20.dev5}/MANIFEST.in +0 -0
  10. {acquire-3.20.dev3 → acquire-3.20.dev5}/README.md +0 -0
  11. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/__init__.py +0 -0
  12. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/collector.py +0 -0
  13. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/crypt.py +0 -0
  14. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/dynamic/__init__.py +0 -0
  15. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/dynamic/windows/__init__.py +0 -0
  16. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/dynamic/windows/collect.py +0 -0
  17. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/dynamic/windows/exceptions.py +0 -0
  18. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/dynamic/windows/handles.py +0 -0
  19. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/dynamic/windows/named_objects.py +0 -0
  20. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/dynamic/windows/ntdll.py +0 -0
  21. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/dynamic/windows/types.py +0 -0
  22. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/esxi.py +0 -0
  23. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/gui/__init__.py +0 -0
  24. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/gui/base.py +0 -0
  25. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/gui/win32.py +0 -0
  26. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/hashes.py +0 -0
  27. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/log.py +0 -0
  28. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/outputs/__init__.py +0 -0
  29. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/outputs/base.py +0 -0
  30. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/outputs/dir.py +0 -0
  31. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/outputs/tar.py +0 -0
  32. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/outputs/zip.py +0 -0
  33. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/tools/__init__.py +0 -0
  34. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/tools/decrypter.py +0 -0
  35. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/uploaders/__init__.py +0 -0
  36. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/uploaders/minio.py +0 -0
  37. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/uploaders/plugin.py +0 -0
  38. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/uploaders/plugin_registry.py +0 -0
  39. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/utils.py +0 -0
  40. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/volatilestream.py +0 -0
  41. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire.egg-info/SOURCES.txt +0 -0
  42. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire.egg-info/dependency_links.txt +0 -0
  43. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire.egg-info/entry_points.txt +0 -0
  44. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire.egg-info/requires.txt +0 -0
  45. {acquire-3.20.dev3 → acquire-3.20.dev5}/acquire.egg-info/top_level.txt +0 -0
  46. {acquire-3.20.dev3 → acquire-3.20.dev5}/pyproject.toml +0 -0
  47. {acquire-3.20.dev3 → acquire-3.20.dev5}/setup.cfg +0 -0
  48. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/__init__.py +0 -0
  49. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/_data/private_key.pem +0 -0
  50. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/_data/public_key.pem +0 -0
  51. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/_docs/Makefile +0 -0
  52. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/_docs/conf.py +0 -0
  53. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/_docs/index.rst +0 -0
  54. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/conftest.py +0 -0
  55. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/test_acquire_command.py +0 -0
  56. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/test_acquire_modules.py +0 -0
  57. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/test_acquire_profiles.py +0 -0
  58. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/test_collector.py +0 -0
  59. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/test_decryptor_funcs.py +0 -0
  60. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/test_esxi_memory.py +0 -0
  61. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/test_file_sorting.py +0 -0
  62. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/test_gui.py +0 -0
  63. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/test_minio_uploader.py +0 -0
  64. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/test_misc_users.py +0 -0
  65. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/test_outputs_dir.py +0 -0
  66. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/test_outputs_tar.py +0 -0
  67. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/test_outputs_zip.py +0 -0
  68. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/test_plugin.py +0 -0
  69. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/test_utils.py +0 -0
  70. {acquire-3.20.dev3 → acquire-3.20.dev5}/tests/test_volatile.py +0 -0
  71. {acquire-3.20.dev3 → acquire-3.20.dev5}/tox.ini +0 -0
{acquire-3.20.dev3 → acquire-3.20.dev5}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: acquire
3
- Version: 3.20.dev3
3
+ Version: 3.20.dev5
4
4
  Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/acquire.py RENAMED
@@ -1333,6 +1333,9 @@ class RemoteAccess(Module):
1333
1333
  ("path", "sysvol/ProgramData/TightVNC/Server/Logs"),
1334
1334
  # Remote desktop cache files
1335
1335
  ("path", "AppData/Local/Microsoft/Terminal Server Client/Cache", from_user_home),
1336
+ # Splashtop
1337
+ ("path", "sysvol/ProgramData/Splashtop/Temp/log"),
1338
+ ("path", "sysvol/Program Files (x86)/Splashtop/Splashtop Remote/Server/log"),
1336
1339
  )
1337
1340
 
1338
1341
 
@@ -1897,13 +1900,16 @@ def acquire_target(target: Target, args: argparse.Namespace, output_ts: str | No
1897
1900
  print_acquire_warning(target)
1898
1901
 
1899
1902
  modules_selected = {}
1903
+ modules_disabled = []
1900
1904
  modules_successful = []
1901
1905
  modules_failed = {}
1902
1906
  for name, mod in MODULES.items():
1903
1907
  name_slug = name.lower()
1904
1908
  # check if module was set in the arguments provided
1905
- if getattr(args, name_slug):
1909
+ if (mod_arg := getattr(args, name_slug)) is True:
1906
1910
  modules_selected[name] = mod
1911
+ elif mod_arg is False:
1912
+ modules_disabled.append(name)
1907
1913
 
1908
1914
  profile = args.profile
1909
1915
 
@@ -1926,6 +1932,10 @@ def acquire_target(target: Target, args: argparse.Namespace, output_ts: str | No
1926
1932
  )
1927
1933
  modules_selected.update(volatile_modules)
1928
1934
 
1935
+ # Filter modules that are explicitly disabled
1936
+ for name in modules_disabled:
1937
+ modules_selected.pop(name, None)
1938
+
1929
1939
  if not modules_selected:
1930
1940
  log.warning("NO modules selected!")
1931
1941
  else:
{acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/version.py RENAMED
@@ -17,5 +17,5 @@ __version__: str
17
17
  __version_tuple__: VERSION_TUPLE
18
18
  version_tuple: VERSION_TUPLE
19
19
 
20
- __version__ = version = '3.20.dev3'
21
- __version_tuple__ = version_tuple = (3, 20, 'dev3')
20
+ __version__ = version = '3.20.dev5'
21
+ __version_tuple__ = version_tuple = (3, 20, 'dev5')
{acquire-3.20.dev3 → acquire-3.20.dev5}/acquire.egg-info/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: acquire
3
- Version: 3.20.dev3
3
+ Version: 3.20.dev5
4
4
  Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
{acquire-3.20.dev3 → acquire-3.20.dev5}/.gitattributes RENAMED
File without changes
{acquire-3.20.dev3 → acquire-3.20.dev5}/COPYRIGHT RENAMED
File without changes
{acquire-3.20.dev3 → acquire-3.20.dev5}/LICENSE RENAMED
File without changes
{acquire-3.20.dev3 → acquire-3.20.dev5}/MANIFEST.in RENAMED
File without changes
{acquire-3.20.dev3 → acquire-3.20.dev5}/README.md RENAMED
File without changes
{acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/esxi.py RENAMED
File without changes
{acquire-3.20.dev3 → acquire-3.20.dev5}/acquire/log.py RENAMED
File without changes
{acquire-3.20.dev3 → acquire-3.20.dev5}/pyproject.toml RENAMED
File without changes
{acquire-3.20.dev3 → acquire-3.20.dev5}/setup.cfg RENAMED
File without changes
{acquire-3.20.dev3 → acquire-3.20.dev5}/tox.ini RENAMED
File without changes