Commit 2f2e7affcd43f8200ca08a9c85f1493e005fc22a

Authored by root
1 parent 923b56ee

Fixed various errors on last commit

types.py renamed to bonetypes.py
digger.py
... ... @@ -18,7 +18,7 @@ import logger
18 18 from consolelogger import ConsoleLogger
19 19 from filelogger import FileLogger
20 20 from hashlib import sha256
21   -import types
  21 +import bonetypes
22 22 import xml.etree.ElementTree
23 23  
24 24 def getModules():
... ... @@ -57,11 +57,15 @@ def sha256sum(file):
57 57 def bagAndTag():
58 58 tombPath = tomb.getPath()
59 59 if os.path.isfile(tombPath + "MANIFEST.XML"):
60   - tree = xml.etree.ElementTree.parse("MANIFEST.XML")
61   - root = tree.getroot()
  60 + etree = xml.etree.ElementTree.parse("MANIFEST.XML")
  61 + xmlroot = tree.getroot()
62 62 else:
63   - root = xml.etree.ElementTree.Element("Manifest")
64   - tree = xml.etree.ElementTree.ElementTree(root)
  63 + xmlroot = xml.etree.ElementTree.Element("Manifest")
  64 + newElem = xml.etree.ElementTree.Element("Case")
  65 + newElem.text = tomb.__getTomb__()
  66 + xmlroot.insert(0,newElem)
  67 + xmlroot.insert(1,xml.etree.ElementTree.Element("EvidenceList"))
  68 + etree = xml.etree.ElementTree.ElementTree(xmlroot)
65 69  
66 70 boneList = []
67 71  
... ... @@ -73,18 +77,18 @@ def bagAndTag():
73 77  
74 78 d.gauge_start(title="Hashing all collected artifacts...",width=60,height=10)
75 79 boneCount = 0
76   - evidenceList = root.find("EvidenceList")
  80 + evidenceList = xmlroot.find("EvidenceList")
77 81 for bone in boneList:
78   - if evidenceList.find("./Evidence[@path='" + bone + "']") != None:
  82 + if evidenceList.find("./Evidence[@path='" + bone["path"] + "']") != None:
79 83 continue
80   - hash = sha256sum(bone)
81   - date = os.path.getmtime(bone["path"])
82   - evidenceList.insert(len(evidenceList),xml.etree.ElementTree.Element("Evidence", hash=hash,path=bone["path"],type=bone["type"],date=date))
83   - d.gauge_update(text=bone,percent=int(boneCount*100/len(boneList)),update_text=True)
  84 + hash = sha256sum(bone["path"])
  85 + date = str(int(os.path.getmtime(bone["path"])*1000))
  86 + evidenceList.insert(len(evidenceList),xml.etree.ElementTree.Element("Evidence", hash=hash,path=bone["path"][len(tombPath):],type=bone["type"],date=date))
  87 + d.gauge_update(text=bone["path"],percent=int(boneCount*100/len(boneList)),update_text=True)
84 88 boneCount += 1
85 89 d.gauge_update(text="Complete!",percent=100,update_text=True)
86 90 time.sleep(1)
87   - tree.write(tombPath + "MANIFEST.XML")
  91 + etree.write(tombPath + "MANIFEST.XML")
88 92  
89 93 def finish(allSuccessful):
90 94 bagAndTag()
... ... @@ -143,7 +147,7 @@ if __name__ == "__main__":
143 147 except Exception as e:
144 148 msg = "Exception raised while preparing module \"" + module[0] + "\": " + str(e)
145 149 logger.msgLog(msg, module[0], logger.TYPE_ERROR)
146   - #logger.msgLog(traceback.format_exc(), module[0], logger.TYPE_ERROR)
  150 + logger.msgLog(traceback.format_exc(), module[0], logger.TYPE_ERROR)
147 151 ans = showContinueDialog(d,msg)
148 152 if ans == "abort":
149 153 finish(False)
... ... @@ -161,7 +165,7 @@ if __name__ == "__main__":
161 165 except Exception as e:
162 166 msg = "Exception raised while preparing module \"" + tag + "\": " + str(e)
163 167 logger.msgLog(msg,tag,logger.TYPE_ERROR)
164   - #logger.msgLog(traceback.format_exc(), tag logger.TYPE_ERROR)
  168 + logger.msgLog(traceback.format_exc(), tag, logger.TYPE_ERROR)
165 169 ans = showContinueDialog(d, msg)
166 170 if ans == "abort":
167 171 finish(False)
... ... @@ -177,7 +181,7 @@ if __name__ == "__main__":
177 181 module.execute()
178 182 except Exception as e:
179 183 logger.msgLog("Exception raised while running \"" + module.name + "\": " + str(e), module.name, logger.TYPE_ERROR)
180   - #logger.msgLog(traceback.format_exc(), module.name, logger.TYPE_ERROR)
  184 + logger.msgLog(traceback.format_exc(), module.name, logger.TYPE_ERROR)
181 185  
182 186  
183 187 finish(True)
... ...
modules/edb.py
... ... @@ -6,7 +6,7 @@ import winver
6 6 from modules.module import Module
7 7 from mount import mount,umount
8 8 from runcmd import runProcess
9   -import datetime
  9 +import time
10 10  
11 11 def getInstance():
12 12 return RegistryModule()
... ... @@ -43,7 +43,7 @@ class RegistryModule(Module):
43 43 else:
44 44 files += [mntpoint + "/ProgramData/Microsoft/Search/Data/Applications/Windows/Windows.edb"]
45 45  
46   - runProcess(["tar","-czvf",path + "evt_" + vol + "_" + str(datetime.datetime.now()) + ".tar.gz"] + files)
  46 + runProcess(["tar","-czvf",path + "evt_" + vol + "_" + str(int(time.time())) + ".tar.gz"] + files)
47 47 try:
48 48 umount(mntid)
49 49 except:
... ...
modules/evt.py
... ... @@ -6,7 +6,7 @@ import winver
6 6 from modules.module import Module
7 7 from mount import mount,umount
8 8 from runcmd import runProcess
9   -import datetime
  9 +import time
10 10  
11 11  
12 12 def getInstance():
... ... @@ -47,7 +47,7 @@ class RegistryModule(Module):
47 47 else:
48 48 files += [windir + "/System32/winevt/Logs" ]
49 49  
50   - runProcess(["tar","-czvf",path + "evt_" + vol + "_" + str(datetime.datetime.now()) + ".tar.gz"] + files)
  50 + runProcess(["tar","-czvf",path + "evt_" + vol + "_" + str(int(time.time())) + ".tar.gz"] + files)
51 51 try:
52 52 umount(mntid)
53 53 except:
... ...
modules/info.py
... ... @@ -3,7 +3,7 @@ import os
3 3 import tomb
4 4 from modules.module import Module
5 5 from runcmd import runProcess
6   -import datetime
  6 +import time
7 7  
8 8  
9 9 def getInstance():
... ... @@ -22,11 +22,11 @@ class INFOModule(Module):
22 22 if(not os.path.exists(path)):
23 23 os.mkdir(path)
24 24 output,code = runProcess("lshw")
25   - lshw = open(path + "lshw_" + str(datetime.datetime.now()) + ".txt", 'wb')
  25 + lshw = open(path + "lshw_" + str(int(time.time())) + ".txt", 'wb')
26 26 lshw.write(output)
27 27 lshw.close()
28 28  
29 29 output,code = runProcess("dmidecode")
30   - lshw = open(path + "dmidecode_" + str(datetime.datetime.now()) + ".txt" 'wb')
  30 + lshw = open(path + "dmidecode_" + str(int(time.time())) + ".txt", 'wb')
31 31 lshw.write(output)
32   - lshw.close()
33 32 \ No newline at end of file
  33 + lshw.close()
... ...
modules/mft.py
... ... @@ -5,7 +5,7 @@ import tomb
5 5 from modules.module import Module
6 6 from runcmd import runProcess
7 7 import pytsk3
8   -import datetime
  8 +import time
9 9  
10 10  
11 11 def getInstance():
... ... @@ -47,5 +47,5 @@ class MFTModule(Module):
47 47 os.mkdir(path)
48 48 logger.msgLog("Extracting MFT from volumes: " + repr(self.vars['ntfsvol'].value), "mft", logger.TYPE_INFO)
49 49 for vol in self.vars['ntfsvol'].value:
50   - self.dumpMFT("/dev/" + vol,path + vol + "_" + str(datetime.datetime.now()) + ".bin")
  50 + self.dumpMFT("/dev/" + vol,path + vol + "_" + str(int(time.time())) + ".bin")
51 51  
... ...
modules/winreg.py
... ... @@ -6,7 +6,7 @@ import winver
6 6 from modules.module import Module
7 7 from mount import mount,umount
8 8 from runcmd import runProcess
9   -import datetime
  9 +import time
10 10  
11 11  
12 12 def getInstance():
... ... @@ -65,7 +65,7 @@ class RegistryModule(Module):
65 65 #Vista+
66 66 files += [profile + "/AppData/Local/Microsoft/Windows/UsrClass.dat"]
67 67  
68   - runProcess(["tar","-czvf",path + "winreg_" + vol + "-" + str(datetime.datetime.now()) + ".tar.gz"] + files)
  68 + runProcess(["tar","-czvf",path + "winreg_" + vol + "-" + str(int(time.time())) + ".tar.gz"] + files)
69 69 try:
70 70 umount(mntid)
71 71 except:
... ...
scripts/digger.sh
... ... @@ -7,4 +7,4 @@ GD_PATH="/opt/gravedigger"
7 7  
8 8 pushd $GD_PATH > /dev/null
9 9 /usr/bin/env python3 digger.py
10   -popd > /dev/null
11 10 \ No newline at end of file
  11 +popd > /dev/null
... ...