assign_image_acquisition_task
Assign disk image acquisition tasks to specific endpoints and volumes, enabling data collection for forensic analysis. Configure bandwidth, compression, encryption, and storage repositories to streamline the process.
Instructions
Assign a disk image acquisition task to specific endpoints and volumes
Input Schema
Name | Required | Description | Default |
---|---|---|---|
bandwidthLimit | No | Bandwidth limit in KB/s. Defaults to 100000 | |
caseId | No | The case ID to associate the acquisition with (optional) | |
chunkCount | No | Number of chunks to acquire. Defaults to 0 (acquire until end). | |
chunkSize | No | Chunk size in bytes. Defaults to 1048576 | |
enableCompression | No | Whether to enable compression. Defaults to true | |
enableEncryption | No | Whether to enable encryption. Defaults to false | |
encryptionPassword | No | Password for encryption if enabled | |
endpoints | Yes | Array of endpoints and volumes to image (e.g., [{"endpointId": "uuid", "volumes": ["/dev/sda1"]}]). At least one endpoint and one volume per endpoint required. | |
organizationIds | No | Array of organization IDs. Defaults to [0] | |
repositoryId | Yes | The repository ID where the image will be saved | |
startOffset | No | Offset in bytes to start acquisition from. Defaults to 0. |
Input Schema (JSON Schema)
{
"properties": {
"bandwidthLimit": {
"description": "Bandwidth limit in KB/s. Defaults to 100000",
"type": "number"
},
"caseId": {
"description": "The case ID to associate the acquisition with (optional)",
"type": [
"string",
"null"
]
},
"chunkCount": {
"description": "Number of chunks to acquire. Defaults to 0 (acquire until end).",
"type": "number"
},
"chunkSize": {
"description": "Chunk size in bytes. Defaults to 1048576",
"type": "number"
},
"enableCompression": {
"description": "Whether to enable compression. Defaults to true",
"type": "boolean"
},
"enableEncryption": {
"description": "Whether to enable encryption. Defaults to false",
"type": "boolean"
},
"encryptionPassword": {
"description": "Password for encryption if enabled",
"type": "string"
},
"endpoints": {
"description": "Array of endpoints and volumes to image (e.g., [{\"endpointId\": \"uuid\", \"volumes\": [\"/dev/sda1\"]}]). At least one endpoint and one volume per endpoint required.",
"items": {
"properties": {
"endpointId": {
"type": "string"
},
"volumes": {
"items": {
"type": "string"
},
"type": "array"
}
},
"required": [
"endpointId",
"volumes"
],
"type": "object"
},
"type": "array"
},
"organizationIds": {
"description": "Array of organization IDs. Defaults to [0]",
"items": {
"type": "number"
},
"type": "array"
},
"repositoryId": {
"description": "The repository ID where the image will be saved",
"type": "string"
},
"startOffset": {
"description": "Offset in bytes to start acquisition from. Defaults to 0.",
"type": "number"
}
},
"required": [
"repositoryId",
"endpoints"
],
"type": "object"
}