From 956444ddd8ce823af60a06efe849e94b023cbf07 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 24 Dec 2016 15:11:10 +0100 Subject: [PATCH] Fixed evidence type handling --- bonetypes.py | 16 +++++++++------- digger.py | 3 ++- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/bonetypes.py b/bonetypes.py index bc4f5dd..886da30 100644 --- a/bonetypes.py +++ b/bonetypes.py @@ -1,7 +1,9 @@ -typeDefinitions = { - "mft": 0x00, - "winreg": 0x01, - "evt": 0x02, - "edb": 0x03, - "info": 0x04 -} \ No newline at end of file +global definitions +definitions = { + "mft": '00', + "winreg": '01', + "evt": '02', + "edb": '03', + "info": '04' +} + diff --git a/digger.py b/digger.py index 972f258..3762bb6 100644 --- a/digger.py +++ b/digger.py @@ -20,6 +20,7 @@ from filelogger import FileLogger from hashlib import sha256 import bonetypes import xml.etree.ElementTree +import binascii def getModules(): choiceList = [] @@ -73,7 +74,7 @@ def bagAndTag(): for dir in dirnames: for subroot, subdirnames, subfilenames in os.walk(tombPath + dir): for filename in subfilenames: - boneList.append({"path" : subroot + "/" + filename, "type": dir}) + boneList.append({"path" : subroot + "/" + filename, "type": bonetypes.definitions[dir]}) d.gauge_start(title="Hashing all collected artifacts...",width=60,height=10) boneCount = 0 -- libgit2 0.22.2