acquire 3.9.dev3__tar.gz → 3.9.dev5__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {acquire-3.9.dev3/acquire.egg-info → acquire-3.9.dev5}/PKG-INFO +1 -1
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/acquire.py +41 -44
- acquire-3.9.dev5/acquire/version.py +4 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5/acquire.egg-info}/PKG-INFO +1 -1
- acquire-3.9.dev3/acquire/version.py +0 -4
- {acquire-3.9.dev3 → acquire-3.9.dev5}/COPYRIGHT +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/LICENSE +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/MANIFEST.in +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/README.md +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/__init__.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/collector.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/crypt.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/dynamic/__init__.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/dynamic/windows/__init__.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/dynamic/windows/collect.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/dynamic/windows/exceptions.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/dynamic/windows/handles.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/dynamic/windows/named_objects.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/dynamic/windows/ntdll.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/dynamic/windows/types.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/esxi.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/hashes.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/log.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/outputs/__init__.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/outputs/base.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/outputs/dir.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/outputs/tar.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/tools/__init__.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/tools/decrypter.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/uploaders/__init__.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/uploaders/minio.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/uploaders/plugin.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/uploaders/plugin_registry.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire/utils.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire.egg-info/SOURCES.txt +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire.egg-info/dependency_links.txt +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire.egg-info/entry_points.txt +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire.egg-info/requires.txt +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/acquire.egg-info/top_level.txt +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/pyproject.toml +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/setup.cfg +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/tests/__init__.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/tests/conftest.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/tests/docs/Makefile +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/tests/docs/conf.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/tests/docs/index.rst +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/tests/test_acquire_command.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/tests/test_acquire_modules.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/tests/test_collector.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/tests/test_decryptor_funcs.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/tests/test_esxi_memory.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/tests/test_file_sorting.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/tests/test_minio_uploader.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/tests/test_misc_users.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/tests/test_plugin.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/tests/test_utils.py +0 -0
- {acquire-3.9.dev3 → acquire-3.9.dev5}/tox.ini +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: acquire
|
|
3
|
-
Version: 3.9.
|
|
3
|
+
Version: 3.9.dev5
|
|
4
4
|
Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
|
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
|
6
6
|
License: Affero General Public License v3
|
|
@@ -17,6 +17,7 @@ from pathlib import Path
|
|
|
17
17
|
from typing import Iterator, Optional, Union
|
|
18
18
|
|
|
19
19
|
from dissect.target import Target, exceptions
|
|
20
|
+
from dissect.target.filesystem import Filesystem
|
|
20
21
|
from dissect.target.filesystems import dir, ntfs
|
|
21
22
|
from dissect.target.helpers import fsutil
|
|
22
23
|
from dissect.target.loaders.remote import RemoteStreamConnection
|
|
@@ -141,7 +142,7 @@ MISC_MAPPING = {
|
|
|
141
142
|
}
|
|
142
143
|
|
|
143
144
|
|
|
144
|
-
def from_user_home(target: Target, path: str):
|
|
145
|
+
def from_user_home(target: Target, path: str) -> Iterator[str]:
|
|
145
146
|
for user_details in target.user_details.all_with_home():
|
|
146
147
|
yield str(user_details.home_path.joinpath(path))
|
|
147
148
|
|
|
@@ -150,7 +151,7 @@ def from_user_home(target: Target, path: str):
|
|
|
150
151
|
yield str(user_dir.joinpath(path))
|
|
151
152
|
|
|
152
153
|
|
|
153
|
-
def iter_ntfs_filesystems(target):
|
|
154
|
+
def iter_ntfs_filesystems(target: Target) -> Iterator[tuple[ntfs.NtfsFilesystem, str, str]]:
|
|
154
155
|
mount_lookup = defaultdict(list)
|
|
155
156
|
for mount, fs in target.fs.mounts.items():
|
|
156
157
|
mount_lookup[fs].append(mount)
|
|
@@ -176,13 +177,13 @@ def iter_ntfs_filesystems(target):
|
|
|
176
177
|
yield fs, name, mountpoints
|
|
177
178
|
|
|
178
179
|
|
|
179
|
-
def mount_all_ntfs_filesystems(target):
|
|
180
|
+
def mount_all_ntfs_filesystems(target: Target) -> None:
|
|
180
181
|
for fs, name, _ in iter_ntfs_filesystems(target):
|
|
181
182
|
if name not in target.fs.mounts:
|
|
182
183
|
target.fs.mount(name, fs)
|
|
183
184
|
|
|
184
185
|
|
|
185
|
-
def iter_esxi_filesystems(target):
|
|
186
|
+
def iter_esxi_filesystems(target: Target) -> Iterator[tuple[str, str, Filesystem]]:
|
|
186
187
|
for mount, fs in target.fs.mounts.items():
|
|
187
188
|
if not mount.startswith("/vmfs/volumes/"):
|
|
188
189
|
continue
|
|
@@ -250,25 +251,25 @@ class Module:
|
|
|
250
251
|
EXEC_ORDER = ExecutionOrder.DEFAULT
|
|
251
252
|
|
|
252
253
|
@classmethod
|
|
253
|
-
def run(cls, target: Target, cli_args: argparse.Namespace, collector: Collector):
|
|
254
|
+
def run(cls, target: Target, cli_args: argparse.Namespace, collector: Collector) -> None:
|
|
254
255
|
desc = cls.DESC or cls.__name__.lower()
|
|
255
256
|
log.info("*** Acquiring %s", desc)
|
|
256
257
|
|
|
257
258
|
with collector.bind_module(cls):
|
|
258
259
|
collector.collect(cls.SPEC)
|
|
259
260
|
|
|
260
|
-
spec_ext = cls.get_spec_additions(target)
|
|
261
|
+
spec_ext = cls.get_spec_additions(target, cli_args)
|
|
261
262
|
if spec_ext:
|
|
262
263
|
collector.collect(list(spec_ext))
|
|
263
264
|
|
|
264
|
-
cls._run(target, collector)
|
|
265
|
+
cls._run(target, cli_args, collector)
|
|
265
266
|
|
|
266
267
|
@classmethod
|
|
267
|
-
def get_spec_additions(cls, target):
|
|
268
|
+
def get_spec_additions(cls, target: Target, cli_args: argparse.Namespace) -> Iterator[tuple]:
|
|
268
269
|
pass
|
|
269
270
|
|
|
270
271
|
@classmethod
|
|
271
|
-
def _run(cls, target, collector):
|
|
272
|
+
def _run(cls, target: Target, cli_args: argparse.Namespace, collector: Collector) -> None:
|
|
272
273
|
pass
|
|
273
274
|
|
|
274
275
|
|
|
@@ -279,7 +280,7 @@ class Sys(Module):
|
|
|
279
280
|
EXEC_ORDER = ExecutionOrder.BOTTOM
|
|
280
281
|
|
|
281
282
|
@classmethod
|
|
282
|
-
def _run(cls, target: Target, collector: Collector):
|
|
283
|
+
def _run(cls, target: Target, cli_args: argparse.Namespace, collector: Collector) -> None:
|
|
283
284
|
if not Path("/sys").exists():
|
|
284
285
|
log.error("/sys is unavailable! Skipping...")
|
|
285
286
|
return
|
|
@@ -301,7 +302,7 @@ class Proc(Module):
|
|
|
301
302
|
EXEC_ORDER = ExecutionOrder.BOTTOM
|
|
302
303
|
|
|
303
304
|
@classmethod
|
|
304
|
-
def _run(cls, target: Target, collector: Collector):
|
|
305
|
+
def _run(cls, target: Target, cli_args: argparse.Namespace, collector: Collector) -> None:
|
|
305
306
|
if not Path("/proc").exists():
|
|
306
307
|
log.error("/proc is unavailable! Skipping...")
|
|
307
308
|
return
|
|
@@ -320,7 +321,7 @@ class NTFS(Module):
|
|
|
320
321
|
DESC = "NTFS filesystem metadata"
|
|
321
322
|
|
|
322
323
|
@classmethod
|
|
323
|
-
def _run(cls, target, collector):
|
|
324
|
+
def _run(cls, target: Target, cli_args: argparse.Namespace, collector: Collector) -> None:
|
|
324
325
|
for fs, name, mountpoints in iter_ntfs_filesystems(target):
|
|
325
326
|
log.info("Acquiring %s (%s)", fs, mountpoints)
|
|
326
327
|
|
|
@@ -331,7 +332,7 @@ class NTFS(Module):
|
|
|
331
332
|
cls.collect_ntfs_secure(collector, fs, name)
|
|
332
333
|
|
|
333
334
|
@classmethod
|
|
334
|
-
def collect_usnjrnl(cls, collector: Collector, fs, name: str) -> None:
|
|
335
|
+
def collect_usnjrnl(cls, collector: Collector, fs: Filesystem, name: str) -> None:
|
|
335
336
|
try:
|
|
336
337
|
usnjrnl_path = fs.path("$Extend/$Usnjrnl:$J")
|
|
337
338
|
entry = usnjrnl_path.get()
|
|
@@ -361,7 +362,7 @@ class NTFS(Module):
|
|
|
361
362
|
log.info("- Collecting file $Extend/$Usnjrnl:$J: %s", result)
|
|
362
363
|
|
|
363
364
|
@classmethod
|
|
364
|
-
def collect_ntfs_secure(cls, collector: Collector, fs, name: str) -> None:
|
|
365
|
+
def collect_ntfs_secure(cls, collector: Collector, fs: Filesystem, name: str) -> None:
|
|
365
366
|
try:
|
|
366
367
|
secure_path = fs.path("$Secure:$SDS")
|
|
367
368
|
entry = secure_path.get()
|
|
@@ -399,7 +400,7 @@ class Registry(Module):
|
|
|
399
400
|
]
|
|
400
401
|
|
|
401
402
|
@classmethod
|
|
402
|
-
def get_spec_additions(cls, target):
|
|
403
|
+
def get_spec_additions(cls, target: Target, cli_args: argparse.Namespace) -> Iterator[tuple]:
|
|
403
404
|
# Glob all hives to include e.g. .LOG files and .regtrans-ms files.
|
|
404
405
|
files = []
|
|
405
406
|
for hive in cls.HIVES:
|
|
@@ -453,7 +454,7 @@ class WinArpCache(Module):
|
|
|
453
454
|
EXEC_ORDER = ExecutionOrder.BOTTOM
|
|
454
455
|
|
|
455
456
|
@classmethod
|
|
456
|
-
def get_spec_additions(cls, target):
|
|
457
|
+
def get_spec_additions(cls, target: Target, cli_args: argparse.Namespace) -> Iterator[tuple]:
|
|
457
458
|
if float(target.ntversion) < 6.2:
|
|
458
459
|
commands = [
|
|
459
460
|
# < Windows 10
|
|
@@ -474,7 +475,7 @@ class WinRDPSessions(Module):
|
|
|
474
475
|
EXEC_ORDER = ExecutionOrder.BOTTOM
|
|
475
476
|
|
|
476
477
|
@classmethod
|
|
477
|
-
def get_spec_additions(cls, target):
|
|
478
|
+
def get_spec_additions(cls, target: Target, cli_args: argparse.Namespace) -> Iterator[tuple]:
|
|
478
479
|
# where.exe instead of where, just in case the client runs in PS instead of CMD
|
|
479
480
|
# by default where hides qwinsta on 32-bit systems because qwinsta is only 64-bit, but with recursive /R search
|
|
480
481
|
# we can still manage to find it and by passing the exact path Windows will launch a 64-bit process
|
|
@@ -494,7 +495,7 @@ class WinMemDump(Module):
|
|
|
494
495
|
EXEC_ORDER = ExecutionOrder.BOTTOM
|
|
495
496
|
|
|
496
497
|
@classmethod
|
|
497
|
-
def _run(cls, target, collector):
|
|
498
|
+
def _run(cls, target: Target, cli_args: argparse.Namespace, collector: Collector) -> None:
|
|
498
499
|
winpmem_file_name = "winpmem.exe"
|
|
499
500
|
winpmem_exec = shutil.which(winpmem_file_name)
|
|
500
501
|
|
|
@@ -561,7 +562,7 @@ class EventLogs(Module):
|
|
|
561
562
|
DESC = "event logs"
|
|
562
563
|
|
|
563
564
|
@classmethod
|
|
564
|
-
def get_spec_additions(cls, target):
|
|
565
|
+
def get_spec_additions(cls, target: Target, cli_args: argparse.Namespace) -> Iterator[tuple]:
|
|
565
566
|
spec = set()
|
|
566
567
|
evt_log_paths = evt.EvtPlugin(target).get_logs(filename_glob="*.evt")
|
|
567
568
|
for path in evt_log_paths:
|
|
@@ -590,7 +591,7 @@ class NTDS(Module):
|
|
|
590
591
|
]
|
|
591
592
|
|
|
592
593
|
@classmethod
|
|
593
|
-
def get_spec_additions(cls, target):
|
|
594
|
+
def get_spec_additions(cls, target: Target, cli_args: argparse.Namespace) -> Iterator[tuple]:
|
|
594
595
|
spec = set()
|
|
595
596
|
key = "HKLM\\SYSTEM\\CurrentControlSet\\services\\NTDS\\Parameters"
|
|
596
597
|
values = [
|
|
@@ -632,7 +633,7 @@ class RecycleBin(Module):
|
|
|
632
633
|
DESC = "recycle bin metadata"
|
|
633
634
|
|
|
634
635
|
@classmethod
|
|
635
|
-
def _run(cls, target, collector):
|
|
636
|
+
def _run(cls, target: Target, cli_args: argparse.Namespace, collector: Collector) -> None:
|
|
636
637
|
for fs, name, mountpoints in iter_ntfs_filesystems(target):
|
|
637
638
|
log.info("Acquiring recycle bin metadata from %s (%s)", fs, mountpoints)
|
|
638
639
|
|
|
@@ -655,7 +656,7 @@ class Exchange(Module):
|
|
|
655
656
|
DESC = "interesting Exchange configuration files"
|
|
656
657
|
|
|
657
658
|
@classmethod
|
|
658
|
-
def get_spec_additions(cls, target):
|
|
659
|
+
def get_spec_additions(cls, target: Target, cli_args: argparse.Namespace) -> Iterator[tuple]:
|
|
659
660
|
spec = set()
|
|
660
661
|
|
|
661
662
|
key = "HKLM\\SOFTWARE\\Microsoft\\ExchangeServer"
|
|
@@ -694,7 +695,7 @@ class IIS(Module):
|
|
|
694
695
|
DESC = "IIS logs"
|
|
695
696
|
|
|
696
697
|
@classmethod
|
|
697
|
-
def get_spec_additions(cls, target):
|
|
698
|
+
def get_spec_additions(cls, target: Target, cli_args: argparse.Namespace) -> Iterator[tuple]:
|
|
698
699
|
spec = set(
|
|
699
700
|
[
|
|
700
701
|
("glob", "sysvol\\Windows\\System32\\LogFiles\\W3SVC*\\*.log"),
|
|
@@ -784,7 +785,7 @@ class DHCP(Module):
|
|
|
784
785
|
DESC = "Windows Server DHCP files"
|
|
785
786
|
|
|
786
787
|
@classmethod
|
|
787
|
-
def get_spec_additions(cls, target):
|
|
788
|
+
def get_spec_additions(cls, target: Target, cli_args: argparse.Namespace) -> Iterator[tuple]:
|
|
788
789
|
spec = set()
|
|
789
790
|
key = "HKLM\\SYSTEM\\CurrentControlSet\\Services\\DhcpServer\\Parameters"
|
|
790
791
|
for reg_key in target.registry.iterkeys(key):
|
|
@@ -1327,7 +1328,7 @@ class WER(Module):
|
|
|
1327
1328
|
DESC = "WER (Windows Error Reporting) related files"
|
|
1328
1329
|
|
|
1329
1330
|
@classmethod
|
|
1330
|
-
def get_spec_additions(cls, target):
|
|
1331
|
+
def get_spec_additions(cls, target: Target, cli_args: argparse.Namespace) -> Iterator[tuple]:
|
|
1331
1332
|
spec = set()
|
|
1332
1333
|
|
|
1333
1334
|
for wer_dir in itertools.chain(
|
|
@@ -1398,7 +1399,7 @@ class SSH(Module):
|
|
|
1398
1399
|
]
|
|
1399
1400
|
|
|
1400
1401
|
@classmethod
|
|
1401
|
-
def run(cls, target: Target, cli_args: argparse.Namespace, collector: Collector):
|
|
1402
|
+
def run(cls, target: Target, cli_args: argparse.Namespace, collector: Collector) -> None:
|
|
1402
1403
|
# Acquire SSH configuration in sshd directories
|
|
1403
1404
|
|
|
1404
1405
|
filter = None if cli_args.private_keys else private_key_filter
|
|
@@ -1476,7 +1477,7 @@ class Bootbanks(Module):
|
|
|
1476
1477
|
DESC = "ESXi bootbanks"
|
|
1477
1478
|
|
|
1478
1479
|
@classmethod
|
|
1479
|
-
def _run(cls, target, collector):
|
|
1480
|
+
def _run(cls, target: Target, cli_args: argparse.Namespace, collector: Collector) -> None:
|
|
1480
1481
|
# Both ESXi 6 and 7 compatible
|
|
1481
1482
|
boot_dirs = {
|
|
1482
1483
|
"boot": "BOOT",
|
|
@@ -1519,7 +1520,7 @@ class VMFS(Module):
|
|
|
1519
1520
|
DESC = "ESXi VMFS metadata files"
|
|
1520
1521
|
|
|
1521
1522
|
@classmethod
|
|
1522
|
-
def _run(cls, target, collector):
|
|
1523
|
+
def _run(cls, target: Target, cli_args: argparse.Namespace, collector: Collector) -> None:
|
|
1523
1524
|
for uuid, name, fs in iter_esxi_filesystems(target):
|
|
1524
1525
|
if not fs.__fstype__ == "vmfs":
|
|
1525
1526
|
continue
|
|
@@ -1581,7 +1582,7 @@ class FileHashes(Module):
|
|
|
1581
1582
|
)
|
|
1582
1583
|
|
|
1583
1584
|
@classmethod
|
|
1584
|
-
def run(cls, target, cli_args, collector):
|
|
1585
|
+
def run(cls, target: Target, cli_args: argparse.Namespace, collector: Collector) -> None:
|
|
1585
1586
|
log.info("*** Acquiring file hashes")
|
|
1586
1587
|
|
|
1587
1588
|
specs = cls.get_specs(cli_args)
|
|
@@ -1599,7 +1600,7 @@ class FileHashes(Module):
|
|
|
1599
1600
|
log.info("Hashing is done, %s files processed in %.2f secs", rows_count, (time.time() - start))
|
|
1600
1601
|
|
|
1601
1602
|
@classmethod
|
|
1602
|
-
def get_specs(cls, cli_args):
|
|
1603
|
+
def get_specs(cls, cli_args: argparse.Namespace) -> Iterator[tuple]:
|
|
1603
1604
|
path_selectors = []
|
|
1604
1605
|
|
|
1605
1606
|
if cli_args.ext_to_hash:
|
|
@@ -1639,7 +1640,7 @@ class OpenHandles(Module):
|
|
|
1639
1640
|
DESC = "Open handles"
|
|
1640
1641
|
|
|
1641
1642
|
@classmethod
|
|
1642
|
-
def run(cls, target: Target, cli_args:
|
|
1643
|
+
def run(cls, target: Target, cli_args: argparse.Namespace, collector: Collector) -> None:
|
|
1643
1644
|
if not sys.platform == "win32":
|
|
1644
1645
|
log.error("Open Handles plugin can only run on Windows systems! Skipping...")
|
|
1645
1646
|
return
|
|
@@ -1662,7 +1663,7 @@ class OpenHandles(Module):
|
|
|
1662
1663
|
log.info("Collecting open handles is done.")
|
|
1663
1664
|
|
|
1664
1665
|
|
|
1665
|
-
def print_disks_overview(target):
|
|
1666
|
+
def print_disks_overview(target: Target) -> None:
|
|
1666
1667
|
log.info("// Disks")
|
|
1667
1668
|
try:
|
|
1668
1669
|
for disk in target.disks:
|
|
@@ -1677,7 +1678,7 @@ def print_disks_overview(target):
|
|
|
1677
1678
|
log.info("")
|
|
1678
1679
|
|
|
1679
1680
|
|
|
1680
|
-
def print_volumes_overview(target):
|
|
1681
|
+
def print_volumes_overview(target: Target) -> None:
|
|
1681
1682
|
log.info("// Volumes")
|
|
1682
1683
|
try:
|
|
1683
1684
|
for volume in target.volumes:
|
|
@@ -1703,13 +1704,13 @@ def print_acquire_warning(target: Target) -> None:
|
|
|
1703
1704
|
def modargs2json(args: argparse.Namespace) -> dict:
|
|
1704
1705
|
json_opts = {}
|
|
1705
1706
|
for module in MODULES.values():
|
|
1706
|
-
cli_arg = module.__cli_args__[0][1]
|
|
1707
|
+
cli_arg = module.__cli_args__[-1:][0][1]
|
|
1707
1708
|
if opt := cli_arg.get("dest"):
|
|
1708
1709
|
json_opts[opt] = getattr(args, opt)
|
|
1709
1710
|
return json_opts
|
|
1710
1711
|
|
|
1711
1712
|
|
|
1712
|
-
def acquire_target(target: Target, *args, **kwargs):
|
|
1713
|
+
def acquire_target(target: Target, *args, **kwargs) -> list[str]:
|
|
1713
1714
|
if isinstance(target._loader, TargetdLoader):
|
|
1714
1715
|
files = acquire_target_targetd(target, *args, **kwargs)
|
|
1715
1716
|
else:
|
|
@@ -1717,7 +1718,7 @@ def acquire_target(target: Target, *args, **kwargs):
|
|
|
1717
1718
|
return files
|
|
1718
1719
|
|
|
1719
1720
|
|
|
1720
|
-
def acquire_target_targetd(target: Target, args: argparse.Namespace, output_ts: Optional[str] = None):
|
|
1721
|
+
def acquire_target_targetd(target: Target, args: argparse.Namespace, output_ts: Optional[str] = None) -> list[str]:
|
|
1721
1722
|
files = []
|
|
1722
1723
|
if not len(target.hostname()):
|
|
1723
1724
|
log.error("Unable to initialize targetd.")
|
|
@@ -1737,7 +1738,7 @@ def acquire_target_targetd(target: Target, args: argparse.Namespace, output_ts:
|
|
|
1737
1738
|
return files
|
|
1738
1739
|
|
|
1739
1740
|
|
|
1740
|
-
def acquire_target_regular(target: Target, args: argparse.Namespace, output_ts: Optional[str] = None):
|
|
1741
|
+
def acquire_target_regular(target: Target, args: argparse.Namespace, output_ts: Optional[str] = None) -> list[str]:
|
|
1741
1742
|
files = []
|
|
1742
1743
|
output_ts = output_ts or get_utc_now_str()
|
|
1743
1744
|
if args.log_to_dir:
|
|
@@ -1934,11 +1935,7 @@ def acquire_target_regular(target: Target, args: argparse.Namespace, output_ts:
|
|
|
1934
1935
|
return files
|
|
1935
1936
|
|
|
1936
1937
|
|
|
1937
|
-
def upload_files(
|
|
1938
|
-
paths: list[Path],
|
|
1939
|
-
upload_plugin: UploaderPlugin,
|
|
1940
|
-
no_proxy: bool = False,
|
|
1941
|
-
):
|
|
1938
|
+
def upload_files(paths: list[Path], upload_plugin: UploaderPlugin, no_proxy: bool = False) -> None:
|
|
1942
1939
|
proxies = None if no_proxy else urllib.request.getproxies()
|
|
1943
1940
|
log.debug("Proxies: %s (no_proxy = %s)", proxies, no_proxy)
|
|
1944
1941
|
|
|
@@ -2106,7 +2103,7 @@ PROFILES = {
|
|
|
2106
2103
|
}
|
|
2107
2104
|
|
|
2108
2105
|
|
|
2109
|
-
def main():
|
|
2106
|
+
def main() -> None:
|
|
2110
2107
|
parser = create_argument_parser(PROFILES, MODULES)
|
|
2111
2108
|
args = parse_acquire_args(parser, config=CONFIG)
|
|
2112
2109
|
|
|
@@ -2197,7 +2194,7 @@ def load_child(target: Target, child_path: Path) -> None:
|
|
|
2197
2194
|
return child
|
|
2198
2195
|
|
|
2199
2196
|
|
|
2200
|
-
def acquire_children_and_targets(target: Target, args: argparse.Namespace):
|
|
2197
|
+
def acquire_children_and_targets(target: Target, args: argparse.Namespace) -> None:
|
|
2201
2198
|
if args.child:
|
|
2202
2199
|
target = load_child(target, args.child)
|
|
2203
2200
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: acquire
|
|
3
|
-
Version: 3.9.
|
|
3
|
+
Version: 3.9.dev5
|
|
4
4
|
Summary: A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container
|
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
|
6
6
|
License: Affero General Public License v3
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|