What about custom artifacts?

[Flockenmumie]

Hi!
I really like acquire bc of the ease of dealing with images / vmdks.
Can you state what is the go-to way if I want to acquire my own artifacts? As far as I have seen, there is no option to provide a list of paths or similar. In this case, I will have to implement my own module, isn't it?
Thanks in advance for answering!

[Schamper]

Hi @Flockenmumie! You can easily acquire additional files or directories using the --file, --dir or --glob arguments. You can add as many as you need of these to your arguments. For example, to collect two additional files and a directory, you could do:

acquire --file path/to/first/file --file path/to/second/file --dir path/to/dir

This is also shortly described in the documentation: https://docs.dissect.tools/en/latest/tools/acquire.html (last paragraph before the "Deployment" header).

If your acquisition requires some computation (i.e. needing to retrieve a path from the registry, or by parsing another file) then you need to implement your own module.

[Schamper]

Hi @Flockenmumie, I'll close this issue for now. Feel free to re-open if you have any further questions!