{"id":9435,"library":"acquire","title":"Acquire Python Library","description":"The `acquire` Python library (version 3.22) provides an interface to the underlying C++ `acquire` tool, designed for forensic artifact collection from disk images or live systems. It allows developers to programmatically interact with Acquire's core functionalities, enabling automation and integration of digital forensics workflows. The project is actively maintained with regular updates for features and bug fixes.","status":"active","version":"3.22","language":"en","source_language":"en","source_url":"https://github.com/google/acquire","tags":["digital-forensics","forensic-analysis","artifact-collection","security","incident-response"],"install":[{"cmd":"pip install acquire","lang":"bash","label":"Install `acquire`"}],"dependencies":[{"reason":"Requires Python 3.10 or newer.","package":"python","optional":false},{"reason":"The Python library is a wrapper around the core C++ 'acquire' executable, which is typically installed alongside the Python package. The binary must be discoverable in the system's PATH or explicitly provided.","package":"acquire (C++ binary)","optional":false}],"imports":[{"symbol":"AcquireBinary","correct":"from acquire import AcquireBinary"},{"symbol":"DiskCollection","correct":"from acquire import DiskCollection"},{"symbol":"LiveCollection","correct":"from acquire import LiveCollection"},{"note":"Base class for different acquisition methods.","symbol":"AcquisitionTool","correct":"from acquire import AcquisitionTool"}],"quickstart":{"code":"import os\nfrom acquire import AcquireBinary, DiskCollection\n\n# --- Configuration ---\n# IMPORTANT: Replace '/path/to/your/image.e01' with an actual path to a forensic image file.\n# If you don't have one, this example for DiskCollection will fail.\n# For a real run, ensure this path exists and is accessible.\nimage_path = os.environ.get('ACQUIRE_IMAGE_PATH', '/tmp/example_image.e01')\noutput_dir = os.environ.get('ACQUIRE_OUTPUT_DIR', './acquired_artifacts')\n\n# Ensure the output directory exists\nos.makedirs(output_dir, exist_ok=True)\n\ntry:\n    # Initialize AcquireBinary. The 'acquire' C++ executable should be in PATH\n    # or installed alongside the Python package via pip.\n    acq_binary = AcquireBinary()\n\n    # For disk image acquisition\n    collection = DiskCollection(\n        binary=acq_binary,\n        source_path=image_path,\n        output_path=output_dir,\n        collection_id=\"my-disk-collection\",\n        case_id=\"my-case\"\n    )\n    print(f\"Starting collection from disk image: {image_path} to {output_dir}\")\n    collection.start()\n    print(\"Disk image acquisition complete.\")\n\n    # For live acquisition, use LiveCollection:\n    # from acquire import LiveCollection\n    # live_collection = LiveCollection(binary=acq_binary, output_path=output_dir)\n    # live_collection.start() # Note: Live collection often requires elevated privileges.\n\nexcept Exception as e:\n    print(f\"An error occurred: {e}\")\n    print(\"Please ensure:\")\n    print(\"1. The 'acquire' C++ binary is installed and in your system's PATH.\")\n    print(\"2. For DiskCollection, ACQUIRE_IMAGE_PATH points to a valid and accessible image file.\")\n    print(\"3. The output directory has write permissions.\")\n","lang":"python","description":"This quickstart demonstrates how to use `acquire` to perform a disk image collection. It initializes the `AcquireBinary` and then uses `DiskCollection` to gather artifacts from a specified image path to an output directory. Note that the example `image_path` is a placeholder and must be replaced with a valid forensic image for the code to run successfully. Live collection (commented out) is also possible but often requires elevated privileges."},"warnings":[{"fix":"Rewrite Python modules to use the new v3 API, primarily focusing on `acquire.DiskCollection` and `acquire.LiveCollection` classes as entry points.","message":"Acquire v3.x (released August 2023) is a major rewrite, introducing significant changes to the Python API compared to v2.x. Existing Python modules built for v2.x will likely not work with v3.x without modification.","severity":"breaking","affected_versions":">=3.0.0"},{"fix":"Ensure the `acquire` C++ binary is in your system's PATH. If `AcquireBinary()` fails, explicitly pass the path to the executable, e.g., `AcquireBinary(binary_path='/opt/acquire/bin/acquire')`.","message":"The Python `acquire` library is a wrapper around a C++ executable, which must be installed and discoverable (e.g., in your system's PATH). While `pip install acquire` typically handles this, issues can arise if the binary isn't found.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Verify that `source_path` is correct, the file exists, and the user running the script has read permissions to it. For `LiveCollection`, ensure appropriate system permissions (e.g., root/administrator) are granted.","message":"When using `DiskCollection`, the `source_path` must point to a valid and accessible forensic image file (e.g., E01, RAW). Using a non-existent or inaccessible path will result in collection failure.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-17T00:00:00.000Z","next_check":"2026-07-16T00:00:00.000Z","problems":[{"fix":"Ensure the 'acquire' C++ executable is installed and available in your system's PATH. If pip installed, it should be automatically. Otherwise, specify its full path: `AcquireBinary(binary_path='/path/to/acquire/binary')`.","cause":"The Python `AcquireBinary` class cannot find the underlying C++ 'acquire' executable.","error":"FileNotFoundError: [Errno 2] No such file or directory: 'acquire'"},{"fix":"Double-check the `image_path` variable. Ensure it is a correct, absolute, or relative path to an actual forensic image file on your system.","cause":"The `source_path` provided to `DiskCollection` does not point to an existing forensic image file.","error":"FileNotFoundError: [Errno 2] No such file or directory: '/path/to/your/image.e01'"},{"fix":"Change the `output_dir` to a location where the current user has write permissions, or run the script with elevated privileges (e.g., `sudo`).","cause":"The script does not have sufficient write permissions to create or write to the specified `output_dir`.","error":"PermissionError: [Errno 13] Permission denied: './acquired_artifacts'"}]}