Skip to content

Commit

Permalink
Merge branch 'main' into Zawadidone-patch-1
Browse files Browse the repository at this point in the history
  • Loading branch information
@Miauwkeru
Miauwkeru authored Aug 15, 2023
2 parents f7bf60f + 17d7501 commit a64b2b2
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 1 deletion.
11 changes: 11 additions & 0 deletions acquire/acquire.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -850,6 +850,7 @@ class Misc(Module):
("dir", "sysvol/windows/sysvol/domain/policies/"),
("dir", "sysvol/windows/system32/GroupPolicy/DataStore/"),
("dir", "sysvol/ProgramData/Microsoft/Group Policy/History/"),
("dir", "AppData/Local/Microsoft/Group Policy/History/", from_user_home),
("glob", "sysvol/Windows/System32/LogFiles/SUM/*.mdb"),
]

Expand All @@ -870,6 +871,8 @@ class AV(Module):
("file", "sysvol/ProgramData/Avast Software/Avast/Chest/index.xml"),
# Avira
("dir", "sysvol/ProgramData/Avira/Antivirus/LOGFILES"),
("dir", "sysvol/ProgramData/Avira/Security/Logs"),
("dir", "sysvol/ProgramData/Avira/VPN"),
# Bitdefender
("dir", "sysvol/ProgramData/Bitdefender/Endpoint Security/Logs"),
("dir", "sysvol/ProgramData/Bitdefender/Desktop/Profiles/Logs"),
Expand All @@ -880,9 +883,16 @@ class AV(Module):
("dir", "sysvol/ProgramData/crs1/Logs"),
("dir", "sysvol/ProgramData/apv2/Logs"),
("dir", "sysvol/ProgramData/crb1/Logs"),
# Cylance
("dir", "sysvol/ProgramData/Cylance/Desktop"),
("dir", "sysvol/ProgramData/Cylance/Optics/Log"),
("dir", "sysvol/Program Files/Cylance/Desktop/log"),
# ESET
("dir", "sysvol/Documents and Settings/All Users/Application Data/ESET/ESET NOD32 Antivirus/Logs"),
("dir", "sysvol/ProgramData/ESET/ESET NOD32 Antivirus/Logs"),
("dir", "sysvol/ProgramData/ESET/ESET Security/Logs"),
("dir", "sysvol/ProgramData/ESET/RemoteAdministrator/Agent/EraAgentApplicationData/Logs"),
("dir", "sysvol/Windows/System32/config/systemprofile/AppData/Local/ESET/ESET Security/Quarantine"),
# Emsisoft
("glob", "sysvol/ProgramData/Emsisoft/Reports/scan*.txt"),
# F-Secure
Expand Down Expand Up @@ -944,6 +954,7 @@ class AV(Module):
("dir", "sysvol/ProgramData/Microsoft/Microsoft AntiMalware/Support"),
("glob", "sysvol/Windows/System32/winevt/Logs/Microsoft-Windows-Windows Defender*.evtx"),
("dir", "sysvol/ProgramData/Microsoft/Windows Defender/Support"),
("dir", "sysvol/ProgramData/Microsoft/Windows Defender/Scans/History/Service/DetectionHistory"),
("file", "sysvol/Windows/Temp/MpCmdRun.log"),
("file", "sysvol/Windows.old/Windows/Temp/MpCmdRun.log"),
]
Expand Down
2 changes: 1 addition & 1 deletion acquire/collector.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -300,9 +300,9 @@ def collect_file(
return

outpath = self._create_output_path(outpath or path, base)
entry = path.get()

try:
entry = path.get()
if volatile:
self.output.write_volatile(outpath, entry, size)
else:
Expand Down

0 comments on commit a64b2b2

Please sign in to comment.