Skip to main content

What are the Command Line Parameters

Below are the command line parameters supported by Cado Host:

usage: cado-host.exe [-h] [--presigned_data PRESIGNED_DATA] [--presigned_url PRESIGNED_URL]
               [--storage {aws,local,gcp,azure}] [--bucket BUCKET] [--access_key ACCESS_KEY]
               [--secret_key SECRET_KEY] [--region REGION] [--sas SAS] [-l]
               [-a ADDITIONAL_FILES [ADDITIONAL_FILES ...]] [-ap ADDITIONAL_FILES_PATH]
               [--only_additional_files] [--single_file_unzipped SINGLE_FILE_UNZIPPED]
               [--include_large_varc] [--skip_linux_memory] [--get_windows_memory] [-v]
               [--verbose] [--verbose_network] [-dd DEFAULT_DRIVE] [-o OUTPUT_PATH]
               [--no_cleanup] [--dev]

options:
  -h, --help            Show this help message and exit.
  --presigned_data PRESIGNED_DATA
                        Encoded upload credentials generated by Cado.
  --presigned_url PRESIGNED_URL
                        Specify the presigned URL to upload files to.
  --storage {aws,local,gcp,azure}
                        Specify the storage provider (AWS, Local, GCP, Azure).
  --bucket BUCKET       The bucket to upload files to.
  --access_key ACCESS_KEY
                        AWS access key.
  --secret_key SECRET_KEY
                        AWS secret key.
  --region REGION       AWS region.
  --sas SAS             Shared Access Signature for uploading triage or full disk to an Azure container.
  -l, --light_mode      Enable light mode to retrieve files smaller than 10 MB.
  -a ADDITIONAL_FILES [ADDITIONAL_FILES ...], --additional_files ADDITIONAL_FILES [ADDITIONAL_FILES ...]
                        List of files/folders to collect, separated by space.
  -ap ADDITIONAL_FILES_PATH, --additional_files_path ADDITIONAL_FILES_PATH
                        Path to a file containing a list of files/folders to collect, with one per line.
  --only_additional_files
                        Only collect files and folders specified in `--additional_files`.
  --single_file_unzipped SINGLE_FILE_UNZIPPED
                        Directly upload a single file to storage for import (e.g., for uploading files to Cado).
  --include_large_varc  Include open files and memory larger than 1MB (may slow down acquisition).
  --skip_linux_memory   Skip memory collection on Linux (faster).
  --get_windows_memory  Acquire process memory on Windows systems (disabled by default for speed).
                        Implicitly enables `--include_large_varc`.
  -v, --version         Show version information.
  --verbose             Enable verbose logging.
  --verbose_network     Enable verbose network logging.
  -dd DEFAULT_DRIVE, --default_drive DEFAULT_DRIVE
                        Specify the default drive for local storage.
  -o OUTPUT_PATH, --output_path OUTPUT_PATH
                        Set the output path for local storage.
  --no_cleanup          Disable cleanup after triage completion.
  --dev                 Run Cado Host in development mode.

Example Command Line

cado-host.exe --additional_files "C:\tools\secretfile.txt" "C:\SuperSecretFolder"
tip

Note: Folders should NOT have trailing slashes. File and folder paths must be separated by spaces and enclosed in double quotes.