Releases: fox-it/acquire
Releases · fox-it/acquire
3.17
What's Changed
- Add BitLocker and LUKS support to Acquire by @larsbehrens1 in #193
- Make encryption work with zip files by @twiggler in #196
- Acquire device list by @cecinestpasunepipe in #198
- Add collection of Docker logs by @Paradoxis in #199
- Fix regression in OSError handling logic by @pyrco in #203
- Make acquire more robust against missing collection profiles by @pyrco in #201
- Add collection of individual user search indexes on Windows by @reece394 in #200
New Contributors
- @larsbehrens1 made their first contribution in #193
- @Paradoxis made their first contribution in #199
- @reece394 made their first contribution in #200
Full Changelog: 3.16...3.17
Contributors
Paradoxis, twiggler, and 4 other contributors
Assets 2
3.16
Note
acquire is no longer supported on Windows with pypy 3.9.
The release of pypy 3.9 for windows has a vendored-in cffi library that depends on deprecated and now removed features in distutil. This cffi library is used by the minio dependency of acquire and thus testcases for acquire for pypy 3.9 on Windows will fail.
The pypy maintainers have indicated there will be no more updates for pypy3.9. This means we can no longer enforce a successful run of the testcases for pypy 3.9 on Windows.
Currently pypy 3.10 suffers from the same issue, but that version will get a fix at some point.
What's Changed
- Improve logging successful and failed acquire runs by @pyrco in #177
- Add collection of notepad tab directories by @joost-j in #164
- Add exit codes and summary to acquire-decrypt by @Poeloe in #186
- Add optional boolean value to all store_true instances by @Miauwkeru in #179
- Fix compression in zip outputs when compress option is supplied by @ruzzle in #182
- Make acquire compression configurable by @Horofic in #185
- Added Windows Update Agent's DataStore for collection by @michoebey in #187
- Add MacOS and Linux log paths to TeamViewer module by @Poeloe in #190
- Fix inconsistent error messages involving
output-fileby @twiggler in #191
New Contributors
- @joost-j made their first contribution in #164
- @ruzzle made their first contribution in #182
- @michoebey made their first contribution in #187
- @twiggler made their first contribution in #191
Full Changelog: 3.15...3.16
Contributors
Miauwkeru, ruzzle, and 6 other contributors
Assets 2
3.15
What's Changed
- Compatibility with cstruct v4 by @pyrco in #170
- Bump the version of virtualenv in tox.ini to pull in the correct version of pip by @pyrco in #172
- Bump dissect.ctruct dependency to version 4 by @pyrco in #173
- Add an EDR (Endpoint Detection and Response) log collection module by @pyrco in #176
- Fix shard issue by @cecinestpasunepipe in #175
Full Changelog: 3.14...3.15
Contributors
pyrco and cecinestpasunepipe
Assets 2
3.14
What's Changed
- Run CI on pushed tags by @Schamper in #135
- Check for existing decompressed acquire when decrypting by @Poeloe in #158
- Bump minimal tox version by @Schamper in #157
- Add
output-filecommand line argument by @Poeloe in #160 - Update github action versions by @Miauwkeru in #163
- Add AnyDesk paths by @Poeloe in #165
- Add a pull request template by @Miauwkeru in #167
- Allow multiple targets with acquire by @cecinestpasunepipe in #162
- New collection and de-duplication logic by @pyrco in #161
Full Changelog: 3.13...3.14
Contributors
Schamper, Miauwkeru, and 3 other contributors
Assets 2
3.13
What's Changed
- Map all Windows sysvol paths to their drive letter by @Schamper in #119
- Only run CI on PR and main branch pushes by @Schamper in #123
- Collect additional McAfee paths by @Poeloe in #124
- GUI for Acquire by @cecinestpasunepipe in #121
- Refactor history module and add cookies for Chrome by @Poeloe in #127
- Add 'Media History' to history module by @Poeloe in #128
- Start GUI before log configuration by @cecinestpasunepipe in #131
- Add Brave support by @JSCU-CNI in #129
- Bugfixes for esxi image and volatile-profiles by @Miauwkeru in #130
- Remove redundant McAfee Security log entry by @Miauwkeru in #133
- Fix issue with len on generator by @cecinestpasunepipe in #134
New Contributors
Full Changelog: 3.12...3.13
Contributors
Schamper, Miauwkeru, and 3 other contributors
Assets 2
3.12
What's Changed
- Properly name special NTFS file in the collected output by @pyrco in #112
- Add miscellaneous Unix artefacts by @Poeloe in #114
- Add miscellaneous Windows artefacts by @Poeloe in #113
- Add Startup module to minimal profile by @Poeloe in #115
- Properly acquire virtual NTFS filesystems by @pyrco in #116
- Add default SearchIndex database file location by @DevJoost in #117
- Fix deduplication of collected files on case insensitive targets by @pyrco in #118
- Add additional SchedLgU.txt paths by @Horofic in #122
New Contributors
Full Changelog: 3.11...3.12
Contributors
Horofic, Poeloe, and 2 other contributors
Assets 2
3.11
What's Changed
- Update path to IIS module by @Schamper in #106
- Create volatile profiles by @Miauwkeru in #108
- Add targetd service flag to config by @cecinestpasunepipe in #107
- Fix windows tests in acquire by @Miauwkeru in #111
Full Changelog: 3.10...3.11
Contributors
Schamper, Miauwkeru, and cecinestpasunepipe
Assets 2
3.10
What's Changed
- Make acquire Windows paths uniform by @Horofic in #100
- Make open handles plugin more error robust by @Poeloe in #101
- Skip failing tests on Windows for now by @pyrco in #102
- Add a try/except around the user_details.all_with_home by @Miauwkeru in #103
- add limited support for zip output (no encryption yet) by @janstarke in #66
- Embed Targetd Config by @cecinestpasunepipe in #105
- Add Recycle Bin data files by @Zawadidone in #86
New Contributors
- @janstarke made their first contribution in #66
Full Changelog: 3.9...3.10
Contributors
Miauwkeru, janstarke, and 5 other contributors
Assets 2
3.9
What's Changed
- Add Anti-Virus paths by @Zawadidone in #85
- Add User Group Policy path by @Zawadidone in #84
- Use
MISC_MAPPINGfor OSX by @Zawadidone in #82 - Pass CLI arguments to
_runandget_spec_additionsby @Schamper in #88 - Refine integration Targetd/Acquire by @cecinestpasunepipe in #89
- Add paths related to Windows memory by @Zawadidone in #91
- Add additional Active Directory paths by @Zawadidone in #83
- Add Windows Update related log files by @rickvandreunen in #95
- Add IIS plugin to full profile by @Poeloe in #93
- Collect empty directories when the source is volatile by @pyrco in #90
- Do not mount volatile paths for local Linux targets by @pyrco in #94
- Add MacOS applications path by @Zawadidone in #96
- Add OSX DHCP settings by @Zawadidone in #97
- Add Linux symbol table file by @Zawadidone in #92
- Add --skip-parent argument by @Schamper in #98
New Contributors
- @rickvandreunen made their first contribution in #95
Full Changelog: 3.8...3.9
Contributors
Schamper, Zawadidone, and 4 other contributors
Assets 2
3.8
What's Changed
- Add Browser history to Linux (full profile) by @Zawadidone in #72
- Add support for targetd by @cecinestpasunepipe in #74
- Make collection report consistent by @Miauwkeru in #75
- Add SSH module by @Zawadidone in #77
- Add cPanel logs by @Zawadidone in #76
- Add option to collect private ssh keys by @Miauwkeru in #78
- Add LNK paths by @Zawadidone in #80
- Fix partly unexcepted VolumeNotAvailableError when acquiring an acquire by @Poeloe in #87
Full Changelog: 3.7...3.8
Contributors
Miauwkeru, Zawadidone, and 2 other contributors