assign_image_acquisition_task
Assign disk image acquisition tasks to specific endpoints and volumes, enabling data collection for forensic analysis. Configure bandwidth, compression, encryption, and storage repositories to streamline the process.
Instructions
Assign a disk image acquisition task to specific endpoints and volumes
Input Schema
Name | Required | Description | Default |
---|---|---|---|
bandwidthLimit | No | Bandwidth limit in KB/s. Defaults to 100000 | |
caseId | No | The case ID to associate the acquisition with (optional) | |
chunkCount | No | Number of chunks to acquire. Defaults to 0 (acquire until end). | |
chunkSize | No | Chunk size in bytes. Defaults to 1048576 | |
enableCompression | No | Whether to enable compression. Defaults to true | |
enableEncryption | No | Whether to enable encryption. Defaults to false | |
encryptionPassword | No | Password for encryption if enabled | |
endpoints | Yes | Array of endpoints and volumes to image (e.g., [{"endpointId": "uuid", "volumes": ["/dev/sda1"]}]). At least one endpoint and one volume per endpoint required. | |
organizationIds | No | Array of organization IDs. Defaults to [0] | |
repositoryId | Yes | The repository ID where the image will be saved | |
startOffset | No | Offset in bytes to start acquisition from. Defaults to 0. |