acquire
acquire copied to clipboard
fox-it
acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.
During a CERT case it was observed that the actors were using the Atera Management Agent. This agent seems to use the Splashtop Remote Access Tool underlying. We'll need to...
Design requirements: * Collection should be done for the whole set of os levels (e.g. Linux & fortigate incase of collection for a fortigate machine). The set of levels could...
{{--children}} automatically also collects the host itself. There should be a flag to skip this and only collect the children.
There is no default way to do this on both Windows & Linux. The best solution is to have a thread do the reading and let that block. An example...
# TODO: Let this method generate different types of NamedObjects according to its type # Idealy they each handle their own behaviour themselves, and clean up after themselves. # NOTE:...
I.e. a specific child may error or for some other reason you want to exclude it. Maybe nice to draw inspiration from (or just use) rdump selectors e.g. "t.os ==...
Similar to how the usnjrnl is collected. Would no longer be an issue with ASDF.