Fixed various errors on last commit

root
1 parent 923b56ee
Showing 8 changed files with 32 additions and 28 deletions
types.py → bonetypes.py
digger.py
modules/edb.py
modules/evt.py
modules/info.py
modules/mft.py
modules/winreg.py
scripts/digger.sh
@@ -18,7 +18,7 @@ import logger
 from consolelogger import ConsoleLogger
 from filelogger import FileLogger
 from hashlib import sha256
-import types
+import bonetypes
 import xml.etree.ElementTree
 def getModules():
@@ -57,11 +57,15 @@ def sha256sum(file):
 def bagAndTag():
     tombPath = tomb.getPath()
     if os.path.isfile(tombPath + "MANIFEST.XML"):
-        tree = xml.etree.ElementTree.parse("MANIFEST.XML")
-        root = tree.getroot()
+        etree = xml.etree.ElementTree.parse("MANIFEST.XML")
+        xmlroot = tree.getroot()
     else:
-        root = xml.etree.ElementTree.Element("Manifest")
-        tree = xml.etree.ElementTree.ElementTree(root)
+        xmlroot = xml.etree.ElementTree.Element("Manifest")
+        newElem = xml.etree.ElementTree.Element("Case")
+        newElem.text = tomb.__getTomb__()
+        xmlroot.insert(0,newElem)
+        xmlroot.insert(1,xml.etree.ElementTree.Element("EvidenceList"))
+        etree = xml.etree.ElementTree.ElementTree(xmlroot)
     boneList = []
@@ -73,18 +77,18 @@ def bagAndTag():
     d.gauge_start(title="Hashing all collected artifacts...",width=60,height=10)
     boneCount = 0
-    evidenceList = root.find("EvidenceList")
+    evidenceList = xmlroot.find("EvidenceList")
     for bone in boneList:
-        if evidenceList.find("./Evidence[@path='" + bone + "']") != None:
+        if evidenceList.find("./Evidence[@path='" + bone["path"] + "']") != None:
             continue
-        hash = sha256sum(bone)
-        date = os.path.getmtime(bone["path"])
-        evidenceList.insert(len(evidenceList),xml.etree.ElementTree.Element("Evidence", hash=hash,path=bone["path"],type=bone["type"],date=date))
-        d.gauge_update(text=bone,percent=int(boneCount*100/len(boneList)),update_text=True)
+        hash = sha256sum(bone["path"])
+        date = str(int(os.path.getmtime(bone["path"])*1000))
+        evidenceList.insert(len(evidenceList),xml.etree.ElementTree.Element("Evidence", hash=hash,path=bone["path"][len(tombPath):],type=bone["type"],date=date))
+        d.gauge_update(text=bone["path"],percent=int(boneCount*100/len(boneList)),update_text=True)
         boneCount += 1
     d.gauge_update(text="Complete!",percent=100,update_text=True)
     time.sleep(1)
-    tree.write(tombPath + "MANIFEST.XML")
+    etree.write(tombPath + "MANIFEST.XML")
 def finish(allSuccessful):
     bagAndTag()
@@ -143,7 +147,7 @@ if __name__ == &quot;__main__&quot;:
                         except Exception as e:
                             msg = "Exception raised while preparing module \"" + module[0] + "\": " + str(e)
                             logger.msgLog(msg, module[0], logger.TYPE_ERROR)
-                            #logger.msgLog(traceback.format_exc(), module[0],  logger.TYPE_ERROR)
+                            logger.msgLog(traceback.format_exc(), module[0],  logger.TYPE_ERROR)
                             ans = showContinueDialog(d,msg)
                             if ans == "abort":
                                 finish(False)
@@ -161,7 +165,7 @@ if __name__ == &quot;__main__&quot;:
                         except Exception as e:
                             msg = "Exception raised while preparing module \"" + tag + "\": " + str(e)
                             logger.msgLog(msg,tag,logger.TYPE_ERROR)
-                            #logger.msgLog(traceback.format_exc(), tag logger.TYPE_ERROR)
+                            logger.msgLog(traceback.format_exc(), tag, logger.TYPE_ERROR)
                             ans = showContinueDialog(d, msg)
                             if ans == "abort":
                                 finish(False)
@@ -177,7 +181,7 @@ if __name__ == &quot;__main__&quot;:
                     module.execute()
                 except Exception as e:
                     logger.msgLog("Exception raised while running \"" + module.name + "\": " + str(e), module.name, logger.TYPE_ERROR)
-                    #logger.msgLog(traceback.format_exc(), module.name, logger.TYPE_ERROR)
+                    logger.msgLog(traceback.format_exc(), module.name, logger.TYPE_ERROR)
             finish(True)
@@ -6,7 +6,7 @@ import winver
 from modules.module import Module
 from mount import mount,umount
 from runcmd import runProcess
-import datetime
+import time
 def getInstance():
     return RegistryModule()
@@ -43,7 +43,7 @@ class RegistryModule(Module):
             else:
                 files += [mntpoint + "/ProgramData/Microsoft/Search/Data/Applications/Windows/Windows.edb"]
-            runProcess(["tar","-czvf",path + "evt_" + vol + "_" + str(datetime.datetime.now()) + ".tar.gz"] + files)
+            runProcess(["tar","-czvf",path + "evt_" + vol + "_" + str(int(time.time())) + ".tar.gz"] + files)
             try:
                 umount(mntid)
             except:
@@ -6,7 +6,7 @@ import winver
 from modules.module import Module
 from mount import mount,umount
 from runcmd import runProcess
-import datetime
+import time
 def getInstance():
@@ -47,7 +47,7 @@ class RegistryModule(Module):
             else:
                     files += [windir + "/System32/winevt/Logs" ]
-            runProcess(["tar","-czvf",path + "evt_" + vol + "_" + str(datetime.datetime.now()) + ".tar.gz"] + files)
+            runProcess(["tar","-czvf",path + "evt_" + vol + "_" + str(int(time.time())) + ".tar.gz"] + files)
             try:
                 umount(mntid)
             except:
@@ -3,7 +3,7 @@ import os
 import tomb
 from modules.module import Module
 from runcmd import runProcess
-import datetime
+import time
 def getInstance():
@@ -22,11 +22,11 @@ class INFOModule(Module):
         if(not os.path.exists(path)):
             os.mkdir(path)
         output,code = runProcess("lshw")
-        lshw = open(path + "lshw_" + str(datetime.datetime.now()) + ".txt", 'wb')
+        lshw = open(path + "lshw_" + str(int(time.time())) + ".txt", 'wb')
         lshw.write(output)
         lshw.close()
         output,code = runProcess("dmidecode")
-        lshw = open(path + "dmidecode_" + str(datetime.datetime.now()) + ".txt" 'wb')
+        lshw = open(path + "dmidecode_" + str(int(time.time())) + ".txt", 'wb')
         lshw.write(output)
-        lshw.close()
 \ No newline at end of file
+        lshw.close()
@@ -5,7 +5,7 @@ import tomb
 from modules.module import Module
 from runcmd import runProcess
 import pytsk3
-import datetime
+import time
 def getInstance():
@@ -47,5 +47,5 @@ class MFTModule(Module):
             os.mkdir(path)
             logger.msgLog("Extracting MFT from volumes: " + repr(self.vars['ntfsvol'].value), "mft", logger.TYPE_INFO)
         for vol in self.vars['ntfsvol'].value:
-            self.dumpMFT("/dev/" + vol,path + vol + "_" + str(datetime.datetime.now()) + ".bin")
+            self.dumpMFT("/dev/" + vol,path + vol + "_" + str(int(time.time())) + ".bin")
@@ -6,7 +6,7 @@ import winver
 from modules.module import Module
 from mount import mount,umount
 from runcmd import runProcess
-import datetime
+import time
 def getInstance():
@@ -65,7 +65,7 @@ class RegistryModule(Module):
                             #Vista+
                             files += [profile + "/AppData/Local/Microsoft/Windows/UsrClass.dat"]
-            runProcess(["tar","-czvf",path + "winreg_" + vol + "-" + str(datetime.datetime.now()) + ".tar.gz"] + files)
+            runProcess(["tar","-czvf",path + "winreg_" + vol + "-" + str(int(time.time())) + ".tar.gz"] + files)
             try:
                 umount(mntid)
             except:
@@ -7,4 +7,4 @@ GD_PATH=&quot;/opt/gravedigger&quot;
 pushd $GD_PATH > /dev/null
 /usr/bin/env python3 digger.py
-popd > /dev/null
 \ No newline at end of file
+popd > /dev/null