# tabledevil/dissect — Fox-IT dissect DFIR framework (target-query, rdump, …).
#
# Installs the latest `dissect` meta-package from PyPI at build time; the bot's
# release: watch on fox-it/dissect triggers the rebuild. The meta-package pulls
# in target-query, target-shell, target-fs, rdump and the parsers/loaders.
#
#   docker run --rm -v /evidence:/data:ro tabledevil/dissect \
#       target-query /data/disk.E01 -f hostname
#   docker run --rm -it -v /evidence:/data:ro tabledevil/dissect \
#       target-shell /data/disk.E01

FROM python:3.12-slim

RUN apt-get update && apt-get install -y --no-install-recommends \
        ca-certificates libfuse2 \
    && rm -rf /var/lib/apt/lists/*

RUN pip install --no-cache-dir dissect

WORKDIR /data
ENTRYPOINT ["target-query"]
CMD ["--help"]