View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0008148||Kali Linux||[All Projects] Queued Tool Addition||public||2023-01-17 19:30||2023-02-03 15:38|
|Target Version||Fixed in Version|
|Summary||0008148: Dissect - forensic framework|
|Description||[Name] - Dissect|
[Version] – Latest version on PyPI
[Homepage] - https://docs.dissect.tools/en/latest/
[Download] - https://pypi.org/project/dissect/
[Author] - Fox-IT (Part of NCC Group)
[Licence] - AGPL-3
[Description] - Dissect is a collection of Python libraries and tools to facilitate enterprise-scale incident response and forensics. It allows you to easily parse and extract artefacts and files from any type of source material, whether that is a full disk image, a virtual machine disk or a forensic file container. Because it supports a broad range of disk images and filesystems, it also works well for research into things like router, firewall or VPN appliance firmware.
[Dependencies] - Python 3 (currently tested against 3.9 but 3.10 also works)
[Similar tools] Dissect is a framework for Forensic Tooling, it encompasses functionality that is present in tools such as: Regripper, FTK, sleuthkit, libbde, Libesedb, libevt, libevtx, libewf, libewf-tools, libewf-python, libfvde, autopsy, dfvfs, plaso
[Activity] - Internal development started 0000020:0000010 years ago, open-source release in October 2022. Active development from both internal teams as well as community contributions.
[How to install] - pip install dissect
[How to use] –
Dissect introduces multiple command-line commands under the target-* prefix such as:
Example usage of target-query, (-f) function ‘hostname’ returns the hostname of the target virtual machine:
$ target-query -f hostname EXAMPLE.vmx
There are many options to return information of a target. See --list for more.
Example of target-shell, a way to get a interactive shell on a target virtual machine:
$ target-shell targets/EXAMPLE.vmx
Example of target-fs, walk the filesystem of the target virtual machine starting at the root of the filesystem:
$ target-fs EXAMPLE.vmx walk /
Example of target-reg a way to parse Windows Registry information of a target (such as a VM):
$ target-reg EXAMPLE.vmx -k "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft"
[Packaged] - Is the tool already packaged for Debian?
No, not currently.
|Steps To Reproduce||N/A|