fox-it · Miauwkeru · May 7, 2025 · Apr 17, 2025 · May 7, 2025 · May 7, 2025
diff --git a/acquire/acquire.py b/acquire/acquire.py
@@ -24,6 +24,7 @@
 from dissect.target.helpers import fsutil
 from dissect.target.loaders.local import _windows_get_devices
 from dissect.target.plugins.apps.webserver import iis
+from dissect.target.plugins.os.windows.cam import CamPlugin
 from dissect.target.plugins.os.windows.log import evt, evtx
 from dissect.target.tools.utils import args_to_uri
 from dissect.util.stream import RunlistStream
@@ -568,6 +569,21 @@
         return spec
 
 
+@register_module("--cam-history")
+class CamHistory(Module):
+    DESC = "Capability Manager History Database"
+
+    @classmethod
+    def get_spec_additions(cls, target: Target, cli_args: argparse.Namespace) -> Iterator[tuple]:
+        spec = set()
+
+        cam_history_db_file = CamPlugin(target)._find_db()
+        if cam_history_db_file and cam_history_db_file.exists():
+            # Collect all files from the db path, including .db-wal and .db-shm files.
+            spec.add(("dir", cam_history_db_file.parent))
+        return spec
+
+
 @register_module("-e", "--eventlogs")
 class EventLogs(Module):
     DESC = "event logs"
@@ -1992,6 +2008,7 @@
         ActiveDirectory,
         RemoteAccess,
         ActivitiesCache,
+        CamHistory,
     )
     FULL = (
         *DEFAULT,