Package Metadata

Author: —
Email: Dissect Team <[email protected]>
PyPI: acquire
Python: >=3.10
Versions: 208 releases
First release: 24 Feb 2019, 14:06 UTC
Analysed: 06 Jun 2026, 01:51 UTC
Source files: 47 .py files scanned

Project Links

Classifiers

Development Status :: 5 - Production/StableEnvironment :: ConsoleIntended Audience :: DevelopersIntended Audience :: Information TechnologyOperating System :: OS IndependentProgramming Language :: Python :: 3Topic :: Internet :: Log AnalysisTopic :: Scientific/Engineering :: Information AnalysisTopic :: SecurityTopic :: Utilities

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high levels of potential obfuscation and shell execution risks, indicating possible attempts to conceal malicious activities. While the network and metadata risks are lower, the combination of these factors raises concerns about potential malicious intent.

High obfuscation risk
High shell risk

Per-check LLM notes

Network: The network call pattern is benign and seems to be checking for proxy settings.
Shell: The shell execution patterns raise concerns as they include commands that could potentially execute arbitrary code on the system, suggesting possible malicious intent.
Obfuscation: The obfuscation patterns suggest an attempt to hide code logic, which is suspicious and may indicate malicious intent.
Credentials: No clear credential harvesting patterns detected, but the presence of base64 decoding could be a red flag if it's handling sensitive information.
Metadata: The maintainer's author name is missing or very short and has only one package, which could indicate a new or less active account, raising some suspicion.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 1.5

Found 1 network call pattern(s)

oxies = None if no_proxy else urllib.request.getproxies() log.debug("Proxies: %s (no_proxy = %s)", pr

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

oads(resp.read()) return base64.b64decode(result["header"]) def check_existing(in_path: Path, out_pa

⚠ Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

doing that. qwinsta = subprocess.run( ["where.exe", "/R", os.environ["WINDIR"], "qwin
n on success. subprocess.run( bufsize=0, args=com
command_output = subprocess.check_output(command_parts, stderr=subprocess.STDOUT, shell=True)
h_command)) output = subprocess.check_output(vsish_command) return output.decode("utf-8") d
ts, stderr=subprocess.STDOUT, shell=True) self.output.write_bytes(full_output_path, comm

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: fox-it.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository fox-it/acquire appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with acquire

Create a forensic data acquisition tool using the Python package 'acquire'. This tool should be capable of swiftly extracting critical forensic artifacts from either disk images or a live system and packaging them into a lightweight container for further analysis. Here’s a step-by-step guide on how to develop this application:

1. **Project Setup**: Begin by setting up your development environment. Ensure you have Python installed and create a virtual environment. Install the 'acquire' package along with any other necessary dependencies.
2. **Define Core Features**:
- **Artifact Extraction**: Implement functionality to identify and extract common forensic artifacts such as Windows Registry hives, Event Logs, File System metadata, etc.
- **Live System Support**: Enable the tool to gather artifacts from a running system without causing significant performance degradation.
- **Disk Image Compatibility**: Ensure compatibility with various disk image formats (e.g., DD, E01).
3. **Containerization**: Develop a mechanism to store extracted artifacts within a lightweight container format (e.g., tarball). This container should be easily transportable and analyzable.
4. **User Interface**: Design a simple command-line interface (CLI) for users to interact with the tool. Include options for specifying input sources (live systems or disk images), output containers, and verbosity levels.
5. **Security Considerations**: Since forensic tools often deal with sensitive data, ensure that the storage and transmission of artifacts are secure. Use encryption when storing artifacts in containers.
6. **Testing and Validation**: Rigorously test the tool against known disk images and live systems. Validate that all expected artifacts are correctly identified and extracted.
7. **Documentation**: Provide comprehensive documentation detailing installation, configuration, usage, and best practices for deploying the tool in different scenarios.

Throughout the development process, leverage the 'acquire' package’s capabilities for efficient artifact extraction and handling. Your goal is to produce a robust, user-friendly, and reliable forensic data acquisition tool.