From 62665530ee0e835de837bd60d63be83f4e470e7a Mon Sep 17 00:00:00 2001 From: cecinestpasunepipe <110607403+cecinestpasunepipe@users.noreply.github.com> Date: Thu, 24 Oct 2024 14:34:56 +0200 Subject: [PATCH] Acquire device list (#198) (DIS-897) --- acquire/acquire.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/acquire/acquire.py b/acquire/acquire.py index 6cd607f..42cacea 100644 --- a/acquire/acquire.py +++ b/acquire/acquire.py @@ -23,6 +23,7 @@ from dissect.target.filesystem import Filesystem from dissect.target.filesystems import ntfs from dissect.target.helpers import fsutil +from dissect.target.loaders.local import _windows_get_devices from dissect.target.plugins.apps.webserver import iis from dissect.target.plugins.os.windows.log import evt, evtx from dissect.target.tools.utils import args_to_uri @@ -384,6 +385,27 @@ class Netstat(Module): EXEC_ORDER = ExecutionOrder.BOTTOM +@register_module("--devices") +@local_module +class Devices(Module): + DESC = "devices output" + EXEC_ORDER = ExecutionOrder.BOTTOM + + @classmethod + def _run(cls, target: Target, cli_args: argparse.Namespace, collector: Collector) -> None: + try: + lines = _windows_get_devices() + collector.output.write_bytes("QueryDosDeviceA.txt", "\n".join(lines).encode("utf-8")) + collector.report.add_command_collected(cls.__name__, ["QueryDosDeviceA"]) + except Exception: + collector.report.add_command_failed(cls.__name__, ["QueryDosDeviceA"]) + log.error( + "- Failed to collect output from command `QueryDosDeviceA`", + exc_info=True, + ) + return + + @register_module("--win-processes") @local_module class WinProcesses(Module): @@ -2019,6 +2041,7 @@ class OSXProfile: class VolatileProfile: DEFAULT = [ + Devices, Netstat, WinProcesses, WinProcEnv,