Question 1

How to install Acquire on a Linux system?

Accepted Answer

Acquire can be installed via pip by running 'pip install acquire' from the terminal. Ensure Python is installed and check the documentation for version compatibility and any additional dependencies.

Question 2

Acquire vs Autopsy for forensic triage?

Accepted Answer

Acquire is command-line focused and optimized for speed with raw disk access via Dissect, making it ideal for rapid response. Autopsy is a GUI-based tool with more features but higher overhead, better suited for in-depth analysis.

Question 3

How to create a custom module in Acquire?

Accepted Answer

Custom modules can be defined by specifying filesystem paths or glob patterns in the module configuration. Refer to the external documentation for examples and guidelines on extending artifact collection beyond predefined profiles.

Question 4

Does Acquire work on virtual machine disk images?

Accepted Answer

Yes, Acquire can process disk images, including those from virtual machines, by leveraging the Dissect framework to read raw disk data. Ensure the image format is supported, as detailed in the documentation.

Question 5

How to use the fallback option in Acquire?

Accepted Answer

Use the --fallback or --force-fallback flags when running Acquire to rely on the operating system for file access instead of raw disk reading. This is useful when administrative privileges are limited or raw access fails.

Question 6

What Python versions are compatible with Acquire?

Accepted Answer

Compatible Python versions are listed in the documentation's Getting Started section. Acquire is part of the Dissect framework, so check for updates as support may vary with new releases.

Acquire

What is Acquire?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions