Specific drive to extract artifacts from

muteb / Hoarder

This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole har drive.

GNU General Public License v3.0

191 stars 19 forks source link

Specific drive to extract artifacts from #6

Open edenn-cyrebro opened 3 years ago

edenn-cyrebro commented 3 years ago

Hey, I'm new to Hoarder. I would like to know if it is possible to set Hoarder to collect artifacts from a specific drive or path only?

The reason for this is that I am using our own collector and would only use Hoarder for the ease in parsing. All artifacts will probably be collected and remain in their own relative paths.

muteb commented 3 years ago

Hi,

No worries.. We have moved the code to https://github.com/DFIRKuiper/Hoarder which include live parsing if needed.

In your case, you need to modify the code to specify the only drive you need, I bleive it is on line 255 "https://github.com/DFIRKuiper/Hoarder/blob/main/hoarder.py" and then you have to package it with pyinstaller.

Hope this helps.