target-dump#

With target-dump you can export records of a specific function used in target-query to a file.

The basic structure of a target-dump command is as follows:

$ target-dump -f <comma_seperated_functions> <path_to_target>

Furthermore, the tool can apply certain compression algorithms to the dump, to create small archives of the output.

Usage#

target-dump - CLI interface#

dissect.target

target-dump [-h] -f FUNCTION [-c {bzip2,gzip,lz4,zstandard}] [--restart]
            [-s {jsonlines,msgpack}] -o OUTPUT [--limit LIMIT] [-K KEYCHAIN_FILE]
            [-Kv KEYCHAIN_VALUE] [-v] [-q] [--plugin-path PLUGIN_PATH [PLUGIN_PATH ...]]
            TARGET [TARGET ...]

target-dump positional arguments#

  • TARGET - targets to load (default: None)

target-dump optional arguments#

  • -h, --help - show this help message and exit

  • -f FUNCTION, --function FUNCTION - one or more comma separated functions to execute (default: None)

  • -c COMPRESSION, --compression COMPRESSION - compression method (default: None)

  • --restart - restart the session and overwrite the state file if it exists

  • -s SERIALIZATION, --serialization SERIALIZATION - serialization method (default: jsonlines)

  • -o OUTPUT, --output OUTPUT - output directory (default: .)

  • --limit LIMIT - limit number of records produced (default: None)

  • -K KEYCHAIN_FILE, --keychain-file KEYCHAIN_FILE - keychain file in CSV format (default: None)

  • -Kv KEYCHAIN_VALUE, --keychain-value KEYCHAIN_VALUE - passphrase, recovery key or key file path value (default: None)

  • -v, --verbose - increase output verbosity (default: 0)

  • -q, --quiet - do not output logging information

  • --plugin-path PLUGIN_PATH - a file or directory containing plugins and extensions (default: None)