Commit 2f2e7affcd43f8200ca08a9c85f1493e005fc22a
1 parent
923b56ee
Fixed various errors on last commit
Showing
8 changed files
with
32 additions
and
28 deletions
types.py renamed to bonetypes.py
digger.py
... | ... | @@ -18,7 +18,7 @@ import logger |
18 | 18 | from consolelogger import ConsoleLogger |
19 | 19 | from filelogger import FileLogger |
20 | 20 | from hashlib import sha256 |
21 | -import types | |
21 | +import bonetypes | |
22 | 22 | import xml.etree.ElementTree |
23 | 23 | |
24 | 24 | def getModules(): |
... | ... | @@ -57,11 +57,15 @@ def sha256sum(file): |
57 | 57 | def bagAndTag(): |
58 | 58 | tombPath = tomb.getPath() |
59 | 59 | if os.path.isfile(tombPath + "MANIFEST.XML"): |
60 | - tree = xml.etree.ElementTree.parse("MANIFEST.XML") | |
61 | - root = tree.getroot() | |
60 | + etree = xml.etree.ElementTree.parse("MANIFEST.XML") | |
61 | + xmlroot = tree.getroot() | |
62 | 62 | else: |
63 | - root = xml.etree.ElementTree.Element("Manifest") | |
64 | - tree = xml.etree.ElementTree.ElementTree(root) | |
63 | + xmlroot = xml.etree.ElementTree.Element("Manifest") | |
64 | + newElem = xml.etree.ElementTree.Element("Case") | |
65 | + newElem.text = tomb.__getTomb__() | |
66 | + xmlroot.insert(0,newElem) | |
67 | + xmlroot.insert(1,xml.etree.ElementTree.Element("EvidenceList")) | |
68 | + etree = xml.etree.ElementTree.ElementTree(xmlroot) | |
65 | 69 | |
66 | 70 | boneList = [] |
67 | 71 | |
... | ... | @@ -73,18 +77,18 @@ def bagAndTag(): |
73 | 77 | |
74 | 78 | d.gauge_start(title="Hashing all collected artifacts...",width=60,height=10) |
75 | 79 | boneCount = 0 |
76 | - evidenceList = root.find("EvidenceList") | |
80 | + evidenceList = xmlroot.find("EvidenceList") | |
77 | 81 | for bone in boneList: |
78 | - if evidenceList.find("./Evidence[@path='" + bone + "']") != None: | |
82 | + if evidenceList.find("./Evidence[@path='" + bone["path"] + "']") != None: | |
79 | 83 | continue |
80 | - hash = sha256sum(bone) | |
81 | - date = os.path.getmtime(bone["path"]) | |
82 | - evidenceList.insert(len(evidenceList),xml.etree.ElementTree.Element("Evidence", hash=hash,path=bone["path"],type=bone["type"],date=date)) | |
83 | - d.gauge_update(text=bone,percent=int(boneCount*100/len(boneList)),update_text=True) | |
84 | + hash = sha256sum(bone["path"]) | |
85 | + date = str(int(os.path.getmtime(bone["path"])*1000)) | |
86 | + evidenceList.insert(len(evidenceList),xml.etree.ElementTree.Element("Evidence", hash=hash,path=bone["path"][len(tombPath):],type=bone["type"],date=date)) | |
87 | + d.gauge_update(text=bone["path"],percent=int(boneCount*100/len(boneList)),update_text=True) | |
84 | 88 | boneCount += 1 |
85 | 89 | d.gauge_update(text="Complete!",percent=100,update_text=True) |
86 | 90 | time.sleep(1) |
87 | - tree.write(tombPath + "MANIFEST.XML") | |
91 | + etree.write(tombPath + "MANIFEST.XML") | |
88 | 92 | |
89 | 93 | def finish(allSuccessful): |
90 | 94 | bagAndTag() |
... | ... | @@ -143,7 +147,7 @@ if __name__ == "__main__": |
143 | 147 | except Exception as e: |
144 | 148 | msg = "Exception raised while preparing module \"" + module[0] + "\": " + str(e) |
145 | 149 | logger.msgLog(msg, module[0], logger.TYPE_ERROR) |
146 | - #logger.msgLog(traceback.format_exc(), module[0], logger.TYPE_ERROR) | |
150 | + logger.msgLog(traceback.format_exc(), module[0], logger.TYPE_ERROR) | |
147 | 151 | ans = showContinueDialog(d,msg) |
148 | 152 | if ans == "abort": |
149 | 153 | finish(False) |
... | ... | @@ -161,7 +165,7 @@ if __name__ == "__main__": |
161 | 165 | except Exception as e: |
162 | 166 | msg = "Exception raised while preparing module \"" + tag + "\": " + str(e) |
163 | 167 | logger.msgLog(msg,tag,logger.TYPE_ERROR) |
164 | - #logger.msgLog(traceback.format_exc(), tag logger.TYPE_ERROR) | |
168 | + logger.msgLog(traceback.format_exc(), tag, logger.TYPE_ERROR) | |
165 | 169 | ans = showContinueDialog(d, msg) |
166 | 170 | if ans == "abort": |
167 | 171 | finish(False) |
... | ... | @@ -177,7 +181,7 @@ if __name__ == "__main__": |
177 | 181 | module.execute() |
178 | 182 | except Exception as e: |
179 | 183 | logger.msgLog("Exception raised while running \"" + module.name + "\": " + str(e), module.name, logger.TYPE_ERROR) |
180 | - #logger.msgLog(traceback.format_exc(), module.name, logger.TYPE_ERROR) | |
184 | + logger.msgLog(traceback.format_exc(), module.name, logger.TYPE_ERROR) | |
181 | 185 | |
182 | 186 | |
183 | 187 | finish(True) | ... | ... |
modules/edb.py
... | ... | @@ -6,7 +6,7 @@ import winver |
6 | 6 | from modules.module import Module |
7 | 7 | from mount import mount,umount |
8 | 8 | from runcmd import runProcess |
9 | -import datetime | |
9 | +import time | |
10 | 10 | |
11 | 11 | def getInstance(): |
12 | 12 | return RegistryModule() |
... | ... | @@ -43,7 +43,7 @@ class RegistryModule(Module): |
43 | 43 | else: |
44 | 44 | files += [mntpoint + "/ProgramData/Microsoft/Search/Data/Applications/Windows/Windows.edb"] |
45 | 45 | |
46 | - runProcess(["tar","-czvf",path + "evt_" + vol + "_" + str(datetime.datetime.now()) + ".tar.gz"] + files) | |
46 | + runProcess(["tar","-czvf",path + "evt_" + vol + "_" + str(int(time.time())) + ".tar.gz"] + files) | |
47 | 47 | try: |
48 | 48 | umount(mntid) |
49 | 49 | except: | ... | ... |
modules/evt.py
... | ... | @@ -6,7 +6,7 @@ import winver |
6 | 6 | from modules.module import Module |
7 | 7 | from mount import mount,umount |
8 | 8 | from runcmd import runProcess |
9 | -import datetime | |
9 | +import time | |
10 | 10 | |
11 | 11 | |
12 | 12 | def getInstance(): |
... | ... | @@ -47,7 +47,7 @@ class RegistryModule(Module): |
47 | 47 | else: |
48 | 48 | files += [windir + "/System32/winevt/Logs" ] |
49 | 49 | |
50 | - runProcess(["tar","-czvf",path + "evt_" + vol + "_" + str(datetime.datetime.now()) + ".tar.gz"] + files) | |
50 | + runProcess(["tar","-czvf",path + "evt_" + vol + "_" + str(int(time.time())) + ".tar.gz"] + files) | |
51 | 51 | try: |
52 | 52 | umount(mntid) |
53 | 53 | except: | ... | ... |
modules/info.py
... | ... | @@ -3,7 +3,7 @@ import os |
3 | 3 | import tomb |
4 | 4 | from modules.module import Module |
5 | 5 | from runcmd import runProcess |
6 | -import datetime | |
6 | +import time | |
7 | 7 | |
8 | 8 | |
9 | 9 | def getInstance(): |
... | ... | @@ -22,11 +22,11 @@ class INFOModule(Module): |
22 | 22 | if(not os.path.exists(path)): |
23 | 23 | os.mkdir(path) |
24 | 24 | output,code = runProcess("lshw") |
25 | - lshw = open(path + "lshw_" + str(datetime.datetime.now()) + ".txt", 'wb') | |
25 | + lshw = open(path + "lshw_" + str(int(time.time())) + ".txt", 'wb') | |
26 | 26 | lshw.write(output) |
27 | 27 | lshw.close() |
28 | 28 | |
29 | 29 | output,code = runProcess("dmidecode") |
30 | - lshw = open(path + "dmidecode_" + str(datetime.datetime.now()) + ".txt" 'wb') | |
30 | + lshw = open(path + "dmidecode_" + str(int(time.time())) + ".txt", 'wb') | |
31 | 31 | lshw.write(output) |
32 | - lshw.close() | |
33 | 32 | \ No newline at end of file |
33 | + lshw.close() | ... | ... |
modules/mft.py
... | ... | @@ -5,7 +5,7 @@ import tomb |
5 | 5 | from modules.module import Module |
6 | 6 | from runcmd import runProcess |
7 | 7 | import pytsk3 |
8 | -import datetime | |
8 | +import time | |
9 | 9 | |
10 | 10 | |
11 | 11 | def getInstance(): |
... | ... | @@ -47,5 +47,5 @@ class MFTModule(Module): |
47 | 47 | os.mkdir(path) |
48 | 48 | logger.msgLog("Extracting MFT from volumes: " + repr(self.vars['ntfsvol'].value), "mft", logger.TYPE_INFO) |
49 | 49 | for vol in self.vars['ntfsvol'].value: |
50 | - self.dumpMFT("/dev/" + vol,path + vol + "_" + str(datetime.datetime.now()) + ".bin") | |
50 | + self.dumpMFT("/dev/" + vol,path + vol + "_" + str(int(time.time())) + ".bin") | |
51 | 51 | ... | ... |
modules/winreg.py
... | ... | @@ -6,7 +6,7 @@ import winver |
6 | 6 | from modules.module import Module |
7 | 7 | from mount import mount,umount |
8 | 8 | from runcmd import runProcess |
9 | -import datetime | |
9 | +import time | |
10 | 10 | |
11 | 11 | |
12 | 12 | def getInstance(): |
... | ... | @@ -65,7 +65,7 @@ class RegistryModule(Module): |
65 | 65 | #Vista+ |
66 | 66 | files += [profile + "/AppData/Local/Microsoft/Windows/UsrClass.dat"] |
67 | 67 | |
68 | - runProcess(["tar","-czvf",path + "winreg_" + vol + "-" + str(datetime.datetime.now()) + ".tar.gz"] + files) | |
68 | + runProcess(["tar","-czvf",path + "winreg_" + vol + "-" + str(int(time.time())) + ".tar.gz"] + files) | |
69 | 69 | try: |
70 | 70 | umount(mntid) |
71 | 71 | except: | ... | ... |