diff --git a/acquire/acquire.py b/acquire/acquire.py
index 910e28f4..efe72195 100644
--- a/acquire/acquire.py
+++ b/acquire/acquire.py
@@ -366,11 +366,14 @@ def _run(cls, target: Target, cli_args: argparse.Namespace, collector: Collector
             filenames = [
                 "$MFT",
                 "$Boot",
-                "$Secure:$SII",
                 "$Secure:$SDS",
                 "$LogFile",
             ]
 
+            sii_fh = fs.ntfs.mft.get("$Secure").index("$SII")._index_stream
+
+            collector.output.write(fsutil.join(main_mountpoint, "$Secure:$SII"), sii_fh)
+
             for filename in filenames:
                 if main_mountpoint is not None:
                     path = fsutil.join(main_mountpoint, filename)