Commit 2f2e7affcd43f8200ca08a9c85f1493e005fc22a

Authored by root
1 parent 923b56ee

Fixed various errors on last commit

types.py renamed to bonetypes.py
digger.py
@@ -18,7 +18,7 @@ import logger @@ -18,7 +18,7 @@ import logger
18 from consolelogger import ConsoleLogger 18 from consolelogger import ConsoleLogger
19 from filelogger import FileLogger 19 from filelogger import FileLogger
20 from hashlib import sha256 20 from hashlib import sha256
21 -import types 21 +import bonetypes
22 import xml.etree.ElementTree 22 import xml.etree.ElementTree
23 23
24 def getModules(): 24 def getModules():
@@ -57,11 +57,15 @@ def sha256sum(file): @@ -57,11 +57,15 @@ def sha256sum(file):
57 def bagAndTag(): 57 def bagAndTag():
58 tombPath = tomb.getPath() 58 tombPath = tomb.getPath()
59 if os.path.isfile(tombPath + "MANIFEST.XML"): 59 if os.path.isfile(tombPath + "MANIFEST.XML"):
60 - tree = xml.etree.ElementTree.parse("MANIFEST.XML")  
61 - root = tree.getroot() 60 + etree = xml.etree.ElementTree.parse("MANIFEST.XML")
  61 + xmlroot = tree.getroot()
62 else: 62 else:
63 - root = xml.etree.ElementTree.Element("Manifest")  
64 - tree = xml.etree.ElementTree.ElementTree(root) 63 + xmlroot = xml.etree.ElementTree.Element("Manifest")
  64 + newElem = xml.etree.ElementTree.Element("Case")
  65 + newElem.text = tomb.__getTomb__()
  66 + xmlroot.insert(0,newElem)
  67 + xmlroot.insert(1,xml.etree.ElementTree.Element("EvidenceList"))
  68 + etree = xml.etree.ElementTree.ElementTree(xmlroot)
65 69
66 boneList = [] 70 boneList = []
67 71
@@ -73,18 +77,18 @@ def bagAndTag(): @@ -73,18 +77,18 @@ def bagAndTag():
73 77
74 d.gauge_start(title="Hashing all collected artifacts...",width=60,height=10) 78 d.gauge_start(title="Hashing all collected artifacts...",width=60,height=10)
75 boneCount = 0 79 boneCount = 0
76 - evidenceList = root.find("EvidenceList") 80 + evidenceList = xmlroot.find("EvidenceList")
77 for bone in boneList: 81 for bone in boneList:
78 - if evidenceList.find("./Evidence[@path='" + bone + "']") != None: 82 + if evidenceList.find("./Evidence[@path='" + bone["path"] + "']") != None:
79 continue 83 continue
80 - hash = sha256sum(bone)  
81 - date = os.path.getmtime(bone["path"])  
82 - evidenceList.insert(len(evidenceList),xml.etree.ElementTree.Element("Evidence", hash=hash,path=bone["path"],type=bone["type"],date=date))  
83 - d.gauge_update(text=bone,percent=int(boneCount*100/len(boneList)),update_text=True) 84 + hash = sha256sum(bone["path"])
  85 + date = str(int(os.path.getmtime(bone["path"])*1000))
  86 + evidenceList.insert(len(evidenceList),xml.etree.ElementTree.Element("Evidence", hash=hash,path=bone["path"][len(tombPath):],type=bone["type"],date=date))
  87 + d.gauge_update(text=bone["path"],percent=int(boneCount*100/len(boneList)),update_text=True)
84 boneCount += 1 88 boneCount += 1
85 d.gauge_update(text="Complete!",percent=100,update_text=True) 89 d.gauge_update(text="Complete!",percent=100,update_text=True)
86 time.sleep(1) 90 time.sleep(1)
87 - tree.write(tombPath + "MANIFEST.XML") 91 + etree.write(tombPath + "MANIFEST.XML")
88 92
89 def finish(allSuccessful): 93 def finish(allSuccessful):
90 bagAndTag() 94 bagAndTag()
@@ -143,7 +147,7 @@ if __name__ == "__main__": @@ -143,7 +147,7 @@ if __name__ == "__main__":
143 except Exception as e: 147 except Exception as e:
144 msg = "Exception raised while preparing module \"" + module[0] + "\": " + str(e) 148 msg = "Exception raised while preparing module \"" + module[0] + "\": " + str(e)
145 logger.msgLog(msg, module[0], logger.TYPE_ERROR) 149 logger.msgLog(msg, module[0], logger.TYPE_ERROR)
146 - #logger.msgLog(traceback.format_exc(), module[0], logger.TYPE_ERROR) 150 + logger.msgLog(traceback.format_exc(), module[0], logger.TYPE_ERROR)
147 ans = showContinueDialog(d,msg) 151 ans = showContinueDialog(d,msg)
148 if ans == "abort": 152 if ans == "abort":
149 finish(False) 153 finish(False)
@@ -161,7 +165,7 @@ if __name__ == "__main__": @@ -161,7 +165,7 @@ if __name__ == "__main__":
161 except Exception as e: 165 except Exception as e:
162 msg = "Exception raised while preparing module \"" + tag + "\": " + str(e) 166 msg = "Exception raised while preparing module \"" + tag + "\": " + str(e)
163 logger.msgLog(msg,tag,logger.TYPE_ERROR) 167 logger.msgLog(msg,tag,logger.TYPE_ERROR)
164 - #logger.msgLog(traceback.format_exc(), tag logger.TYPE_ERROR) 168 + logger.msgLog(traceback.format_exc(), tag, logger.TYPE_ERROR)
165 ans = showContinueDialog(d, msg) 169 ans = showContinueDialog(d, msg)
166 if ans == "abort": 170 if ans == "abort":
167 finish(False) 171 finish(False)
@@ -177,7 +181,7 @@ if __name__ == "__main__": @@ -177,7 +181,7 @@ if __name__ == "__main__":
177 module.execute() 181 module.execute()
178 except Exception as e: 182 except Exception as e:
179 logger.msgLog("Exception raised while running \"" + module.name + "\": " + str(e), module.name, logger.TYPE_ERROR) 183 logger.msgLog("Exception raised while running \"" + module.name + "\": " + str(e), module.name, logger.TYPE_ERROR)
180 - #logger.msgLog(traceback.format_exc(), module.name, logger.TYPE_ERROR) 184 + logger.msgLog(traceback.format_exc(), module.name, logger.TYPE_ERROR)
181 185
182 186
183 finish(True) 187 finish(True)
modules/edb.py
@@ -6,7 +6,7 @@ import winver @@ -6,7 +6,7 @@ import winver
6 from modules.module import Module 6 from modules.module import Module
7 from mount import mount,umount 7 from mount import mount,umount
8 from runcmd import runProcess 8 from runcmd import runProcess
9 -import datetime 9 +import time
10 10
11 def getInstance(): 11 def getInstance():
12 return RegistryModule() 12 return RegistryModule()
@@ -43,7 +43,7 @@ class RegistryModule(Module): @@ -43,7 +43,7 @@ class RegistryModule(Module):
43 else: 43 else:
44 files += [mntpoint + "/ProgramData/Microsoft/Search/Data/Applications/Windows/Windows.edb"] 44 files += [mntpoint + "/ProgramData/Microsoft/Search/Data/Applications/Windows/Windows.edb"]
45 45
46 - runProcess(["tar","-czvf",path + "evt_" + vol + "_" + str(datetime.datetime.now()) + ".tar.gz"] + files) 46 + runProcess(["tar","-czvf",path + "evt_" + vol + "_" + str(int(time.time())) + ".tar.gz"] + files)
47 try: 47 try:
48 umount(mntid) 48 umount(mntid)
49 except: 49 except:
modules/evt.py
@@ -6,7 +6,7 @@ import winver @@ -6,7 +6,7 @@ import winver
6 from modules.module import Module 6 from modules.module import Module
7 from mount import mount,umount 7 from mount import mount,umount
8 from runcmd import runProcess 8 from runcmd import runProcess
9 -import datetime 9 +import time
10 10
11 11
12 def getInstance(): 12 def getInstance():
@@ -47,7 +47,7 @@ class RegistryModule(Module): @@ -47,7 +47,7 @@ class RegistryModule(Module):
47 else: 47 else:
48 files += [windir + "/System32/winevt/Logs" ] 48 files += [windir + "/System32/winevt/Logs" ]
49 49
50 - runProcess(["tar","-czvf",path + "evt_" + vol + "_" + str(datetime.datetime.now()) + ".tar.gz"] + files) 50 + runProcess(["tar","-czvf",path + "evt_" + vol + "_" + str(int(time.time())) + ".tar.gz"] + files)
51 try: 51 try:
52 umount(mntid) 52 umount(mntid)
53 except: 53 except:
modules/info.py
@@ -3,7 +3,7 @@ import os @@ -3,7 +3,7 @@ import os
3 import tomb 3 import tomb
4 from modules.module import Module 4 from modules.module import Module
5 from runcmd import runProcess 5 from runcmd import runProcess
6 -import datetime 6 +import time
7 7
8 8
9 def getInstance(): 9 def getInstance():
@@ -22,11 +22,11 @@ class INFOModule(Module): @@ -22,11 +22,11 @@ class INFOModule(Module):
22 if(not os.path.exists(path)): 22 if(not os.path.exists(path)):
23 os.mkdir(path) 23 os.mkdir(path)
24 output,code = runProcess("lshw") 24 output,code = runProcess("lshw")
25 - lshw = open(path + "lshw_" + str(datetime.datetime.now()) + ".txt", 'wb') 25 + lshw = open(path + "lshw_" + str(int(time.time())) + ".txt", 'wb')
26 lshw.write(output) 26 lshw.write(output)
27 lshw.close() 27 lshw.close()
28 28
29 output,code = runProcess("dmidecode") 29 output,code = runProcess("dmidecode")
30 - lshw = open(path + "dmidecode_" + str(datetime.datetime.now()) + ".txt" 'wb') 30 + lshw = open(path + "dmidecode_" + str(int(time.time())) + ".txt", 'wb')
31 lshw.write(output) 31 lshw.write(output)
32 - lshw.close()  
33 \ No newline at end of file 32 \ No newline at end of file
  33 + lshw.close()
modules/mft.py
@@ -5,7 +5,7 @@ import tomb @@ -5,7 +5,7 @@ import tomb
5 from modules.module import Module 5 from modules.module import Module
6 from runcmd import runProcess 6 from runcmd import runProcess
7 import pytsk3 7 import pytsk3
8 -import datetime 8 +import time
9 9
10 10
11 def getInstance(): 11 def getInstance():
@@ -47,5 +47,5 @@ class MFTModule(Module): @@ -47,5 +47,5 @@ class MFTModule(Module):
47 os.mkdir(path) 47 os.mkdir(path)
48 logger.msgLog("Extracting MFT from volumes: " + repr(self.vars['ntfsvol'].value), "mft", logger.TYPE_INFO) 48 logger.msgLog("Extracting MFT from volumes: " + repr(self.vars['ntfsvol'].value), "mft", logger.TYPE_INFO)
49 for vol in self.vars['ntfsvol'].value: 49 for vol in self.vars['ntfsvol'].value:
50 - self.dumpMFT("/dev/" + vol,path + vol + "_" + str(datetime.datetime.now()) + ".bin") 50 + self.dumpMFT("/dev/" + vol,path + vol + "_" + str(int(time.time())) + ".bin")
51 51
modules/winreg.py
@@ -6,7 +6,7 @@ import winver @@ -6,7 +6,7 @@ import winver
6 from modules.module import Module 6 from modules.module import Module
7 from mount import mount,umount 7 from mount import mount,umount
8 from runcmd import runProcess 8 from runcmd import runProcess
9 -import datetime 9 +import time
10 10
11 11
12 def getInstance(): 12 def getInstance():
@@ -65,7 +65,7 @@ class RegistryModule(Module): @@ -65,7 +65,7 @@ class RegistryModule(Module):
65 #Vista+ 65 #Vista+
66 files += [profile + "/AppData/Local/Microsoft/Windows/UsrClass.dat"] 66 files += [profile + "/AppData/Local/Microsoft/Windows/UsrClass.dat"]
67 67
68 - runProcess(["tar","-czvf",path + "winreg_" + vol + "-" + str(datetime.datetime.now()) + ".tar.gz"] + files) 68 + runProcess(["tar","-czvf",path + "winreg_" + vol + "-" + str(int(time.time())) + ".tar.gz"] + files)
69 try: 69 try:
70 umount(mntid) 70 umount(mntid)
71 except: 71 except:
scripts/digger.sh
@@ -7,4 +7,4 @@ GD_PATH="/opt/gravedigger" @@ -7,4 +7,4 @@ GD_PATH="/opt/gravedigger"
7 7
8 pushd $GD_PATH > /dev/null 8 pushd $GD_PATH > /dev/null
9 /usr/bin/env python3 digger.py 9 /usr/bin/env python3 digger.py
10 -popd > /dev/null  
11 \ No newline at end of file 10 \ No newline at end of file
  11 +popd > /dev/null