:py:mod:`acquire.acquire.collector` =================================== .. py:module:: acquire.acquire.collector Module Contents --------------- Classes ~~~~~~~ .. autoapisummary:: acquire.acquire.collector.Outcome acquire.acquire.collector.ArtifactType acquire.acquire.collector.Record acquire.acquire.collector.CollectionReport acquire.acquire.collector.Collector Functions ~~~~~~~~~ .. autoapisummary:: :nosignatures: acquire.acquire.collector.get_report_summary acquire.acquire.collector.get_full_formatted_report Attributes ~~~~~~~~~~ .. autoapisummary:: acquire.acquire.collector.log .. py:data:: log .. py:class:: Outcome Bases: :py:obj:`acquire.utils.StrEnum` Sortable and serializible string-based enum .. py:attribute:: SUCCESS :value: 'success' .. py:attribute:: FAILURE :value: 'failure' .. py:attribute:: MISSING :value: 'missing' .. py:attribute:: EMPTY :value: 'empty' .. py:class:: ArtifactType Bases: :py:obj:`acquire.utils.StrEnum` Sortable and serializible string-based enum .. py:attribute:: FILE :value: 'file' .. py:attribute:: SYMLINK :value: 'symlink' .. py:attribute:: GLOB :value: 'glob' .. py:attribute:: DIR :value: 'dir' .. py:attribute:: COMMAND :value: 'command' .. py:attribute:: PATH :value: 'path' .. py:class:: Record .. py:attribute:: module_name :type: str .. py:attribute:: outcome :type: Outcome .. py:attribute:: artifact_type :type: ArtifactType .. py:attribute:: artifact_value :type: str .. py:attribute:: details :type: Optional[str] .. py:class:: CollectionReport .. py:attribute:: target :type: dissect.target.Target .. py:attribute:: registry :type: set[Record] .. py:attribute:: seen_paths :type: set[str] .. py:method:: add_file_collected(module: str, path: dissect.target.helpers.fsutil.TargetPath) -> None .. py:method:: add_symlink_collected(module: str, path: dissect.target.helpers.fsutil.TargetPath) -> None .. py:method:: add_symlink_failed(module: str, path: dissect.target.helpers.fsutil.TargetPath) -> None .. py:method:: add_file_failed(module: str, failed_path: dissect.target.helpers.fsutil.TargetPath) -> None .. py:method:: add_file_missing(module: str, missing_path: dissect.target.helpers.fsutil.TargetPath) -> None .. py:method:: add_glob_failed(module: str, failed_pattern: str) -> None .. py:method:: add_glob_empty(module: str, pattern: str) -> None .. py:method:: add_dir_collected(module: str, path: dissect.target.helpers.fsutil.TargetPath) -> None .. py:method:: add_dir_failed(module: str, failed_path: dissect.target.helpers.fsutil.TargetPath) -> None .. py:method:: add_dir_missing(module: str, missing_path: dissect.target.helpers.fsutil.TargetPath) -> None .. py:method:: add_path_collected(module: str, path: dissect.target.helpers.fsutil.TargetPath) -> None .. py:method:: add_path_failed(module: str, failed_path: dissect.target.helpers.fsutil.TargetPath) -> None .. py:method:: add_path_missing(module: str, missing_path: dissect.target.helpers.fsutil.TargetPath) -> None .. py:method:: add_command_collected(module: str, command_parts: Sequence[str]) -> None .. py:method:: add_command_failed(module: str, command_parts: Sequence[str]) -> None .. py:method:: get_records_per_module_per_outcome(serialize_records=False) -> dict[str, dict[str, list[Record]]] .. py:method:: get_counts_per_module_per_outcome() -> dict[str, dict[str, int]] .. py:method:: was_path_seen(path: str | dissect.target.helpers.fsutil.TargetPath) -> bool .. py:class:: Collector(target: dissect.target.Target, output: acquire.outputs.base.Output, base: str = 'fs', skip_list: Optional[set] = None) .. py:attribute:: METADATA_BASE :value: '$metadata$' .. py:attribute:: COMMAND_OUTPUT_BASE .. py:method:: __enter__() -> Collector .. py:method:: __exit__(*args, **kwargs) -> None .. py:method:: bind_module(module: Type) -> Collector .. py:method:: file_filter(filter: Optional[Callable[[dissect.target.helpers.fsutil.TargetPath], bool]]) -> Collector .. py:method:: bind(module: Type) -> None .. py:method:: unbind() -> None .. py:method:: close() -> None .. py:method:: collect(spec: Iterable, module_name: Optional[str] = None, follow: bool = True, volatile: bool = False) -> None .. py:method:: collect_path(path: str | dissect.target.helpers.fsutil.TargetPath, outpath: Optional[str] = None, module_name: Optional[str] = None, base: Optional[str] = None, volatile: bool = False, seen_paths: set[dissect.target.helpers.fsutil.TargetPath] = None) -> None Collect a path from the target's root filesystem, including any intermediary symlinks. :param path: The path to collect (this may be a file, directory or symlink). :param outpath: A posix style explicit path where to store the collected path. In case ``path`` is a directory this will be the new base directory. It is concatenated with ``base`` to get the final output path. Windows device path and sysvol parts are normalized. When set, intermediate symlinks of ``path`` are not collected. When not set, it will be constructed from the given ``path``. :param module_name: When set it indicates the module doing the collection, used for logging and reporting. When not set the :class:``Collector``'s ``bound_module`` will be used. :param base: A different base path to use to store the file, it is prepended to the given or generated ``outpath``. :param volatile: When this flag is set, the collection of a number of artefacts is done slightly different: - symlinks at the end of a path will not be collected, - empty directories will be collected, - files will be collected in a slower but more robust way, any errors while reading the bytes will not fail the collection of the file and all bytes already retrieved will be stored. :param seen_paths: A list of normalized path strings, used when calling this function recursively to collect directories to break out of symlink loops. .. py:method:: collect_file_raw(path: str | dissect.target.helpers.fsutil.TargetPath, fs: dissect.target.filesystem.Filesystem, mountpoint: str, outpath: Optional[str] = None, module_name: Optional[str] = None, base: Optional[str] = None, file_accessor: Optional[Callable[[BinaryIO, int], BinaryIO]] = None) -> None Collect a single file from one of the target's filesystems. :param path: The path to the file to collect. This path will be fully resolved before collecting and construction of the output path. :param fs: The filesystem to collect the path from. :param mountpoint: The (possibly fake) mountpoint of the given filesystem, to make the path unique within the target. If ``outpath`` is not supplied it will be concatenated with ``path`` and ``base`` to construct the ``outpath``. :param outpath: A posix style explicit path where to store the collected file. It is concatenated with ``base`` to get the final output path. Windows device path and sysvol parts are normalized. When not set, it will be constructed from the given ``path``. :param module_name: When set it indicates the module doing the collection, used for logging and reporting. When not set the ``Collector``'s ``bound_module`` will be used. :param base: A different base path to use to store the file, it is prepended to the given or generated ``outpath``. :param file_accessor: .. py:method:: collect_glob(pattern: str, module_name: Optional[str] = None) -> None .. py:method:: collect_command_output(command_parts: list[str], output_filename: str, module_name: Optional[str] = None) -> None .. py:method:: write_bytes(destination_path: str, data: bytes) -> None .. py:function:: get_report_summary(report: CollectionReport) -> str Create a table-view report summary with success/failure/missing/empty counters per module .. py:function:: get_full_formatted_report(report: CollectionReport, record_indent: int = 4) -> str Create a full list of successful / failed / missing / empty artifacts collected, broken down by module.