Zip accessor LZMA support

[ruzzle]

Related to my issue about case sensitivity for zip accessors, I noticed that the zip accessor does not support LZMA compression (for Dissect acquire collects with lzma compression)

[INFO] 2024-07-11T13:13:04Z Globber: While reading ZipFile fs/C:/Windows/System32/config/SYSTEM of reader OSFileWrapper /evidence/VM-CLIENT-01_20240711130310.zip (closed false) {"DelegateAccessor":"file","DelegatePath":"/evidence/VM-CLIENT-01_20240711130310.zip","Path":"/fs/C:/Windows/System32/config/SYSTEM"}: zip: unsupported compression algorithm while processing HKEY_LOCAL_MACHINE\System

Don't know if this is something worth implementing, but thought I'd report it nonetheless

[scudette]

It is not a standard compression method. We are unlikely to support it.

[scudette]

You might be able to unzip the file to a temp directory and then post process in Velociraptor - this might also solve your case insensitive issue because you can use the file_nocase accessor

[ruzzle]

I filed a pull request to dissect project see fox-it/acquire#182, which triggered fox-it/acquire#185. So acquire is supporting deflate in the near future there, solving my issue here.

We could of course also extract the collects first (which we can use as a shortcut for now of course), but it can be unefficient and could consume too much resources in some cases.

[scudette]

Maybe this is capable of handling LZMA zip files ?
https://github.com/bodgit/sevenzip

If so we can probably wrap it in a VQL accessor as an alternative