assign_image_acquisition_task
Assign disk image acquisition tasks to specific endpoints and volumes, enabling data collection for forensic analysis. Configure bandwidth, compression, encryption, and storage repositories to streamline the process.
Instructions
Assign a disk image acquisition task to specific endpoints and volumes
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| bandwidthLimit | No | Bandwidth limit in KB/s. Defaults to 100000 | |
| caseId | No | The case ID to associate the acquisition with (optional) | |
| chunkCount | No | Number of chunks to acquire. Defaults to 0 (acquire until end). | |
| chunkSize | No | Chunk size in bytes. Defaults to 1048576 | |
| enableCompression | No | Whether to enable compression. Defaults to true | |
| enableEncryption | No | Whether to enable encryption. Defaults to false | |
| encryptionPassword | No | Password for encryption if enabled | |
| endpoints | Yes | Array of endpoints and volumes to image (e.g., [{"endpointId": "uuid", "volumes": ["/dev/sda1"]}]). At least one endpoint and one volume per endpoint required. | |
| organizationIds | No | Array of organization IDs. Defaults to [0] | |
| repositoryId | Yes | The repository ID where the image will be saved | |
| startOffset | No | Offset in bytes to start acquisition from. Defaults to 0. |