View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0008148Kali LinuxQueued Tool Additionpublic2023-01-17 19:302023-02-03 15:38
Reporterfox-it Assigned To 
PrioritynormalSeverityminorReproducibilityN/A
Status acknowledgedResolutionopen 
Summary0008148: Dissect - forensic framework
Description

[Name] - Dissect

[Version] – Latest version on PyPI

[Homepage] - https://docs.dissect.tools/en/latest/

[Download] - https://pypi.org/project/dissect/

[Author] - Fox-IT (Part of NCC Group)

[Licence] - AGPL-3

[Description] - Dissect is a collection of Python libraries and tools to facilitate enterprise-scale incident response and forensics. It allows you to easily parse and extract artefacts and files from any type of source material, whether that is a full disk image, a virtual machine disk or a forensic file container. Because it supports a broad range of disk images and filesystems, it also works well for research into things like router, firewall or VPN appliance firmware.

[Dependencies] - Python 3 (currently tested against 3.9 but 3.10 also works)

[Similar tools] Dissect is a framework for Forensic Tooling, it encompasses functionality that is present in tools such as: Regripper, FTK, sleuthkit, libbde, Libesedb, libevt, libevtx, libewf, libewf-tools, libewf-python, libfvde, autopsy, dfvfs, plaso

[Activity] - Internal development started 0000020:0000010 years ago, open-source release in October 2022. Active development from both internal teams as well as community contributions.

[How to install] - pip install dissect

[How to use] –

Dissect introduces multiple command-line commands under the target-* prefix such as:

Target-query
Example usage of target-query, (-f) function ‘hostname’ returns the hostname of the target virtual machine:
$ target-query -f hostname EXAMPLE.vmx
There are many options to return information of a target. See --list for more.

Target-shell
Example of target-shell, a way to get a interactive shell on a target virtual machine:
$ target-shell targets/EXAMPLE.vmx

Target-fs
Example of target-fs, walk the filesystem of the target virtual machine starting at the root of the filesystem:
$ target-fs EXAMPLE.vmx walk /

Example of target-reg a way to parse Windows Registry information of a target (such as a VM):

Target-reg
$ target-reg EXAMPLE.vmx -k "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft"

[Packaged] - Is the tool already packaged for Debian?
No, not currently.

Steps To Reproduce

N/A

Additional Information

N/A

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2023-01-17 19:30 fox-it New Issue
2023-02-03 15:38 g0tmi1k Summary Dissect, forensic framework => Dissect - forensic framework
2023-02-03 15:38 g0tmi1k Status new => acknowledged
2023-02-03 15:38 g0tmi1k Category New Tool Requests => Queued Tool Addition