Commit 956444ddd8ce823af60a06efe849e94b023cbf07
1 parent
375d9939
Fixed evidence type handling
Showing
2 changed files
with
11 additions
and
8 deletions
bonetypes.py
| 1 | -typeDefinitions = { | ||
| 2 | - "mft": 0x00, | ||
| 3 | - "winreg": 0x01, | ||
| 4 | - "evt": 0x02, | ||
| 5 | - "edb": 0x03, | ||
| 6 | - "info": 0x04 | ||
| 7 | -} | ||
| 8 | \ No newline at end of file | 1 | \ No newline at end of file |
| 2 | +global definitions | ||
| 3 | +definitions = { | ||
| 4 | + "mft": '00', | ||
| 5 | + "winreg": '01', | ||
| 6 | + "evt": '02', | ||
| 7 | + "edb": '03', | ||
| 8 | + "info": '04' | ||
| 9 | +} | ||
| 10 | + |
digger.py
| @@ -20,6 +20,7 @@ from filelogger import FileLogger | @@ -20,6 +20,7 @@ from filelogger import FileLogger | ||
| 20 | from hashlib import sha256 | 20 | from hashlib import sha256 |
| 21 | import bonetypes | 21 | import bonetypes |
| 22 | import xml.etree.ElementTree | 22 | import xml.etree.ElementTree |
| 23 | +import binascii | ||
| 23 | 24 | ||
| 24 | def getModules(): | 25 | def getModules(): |
| 25 | choiceList = [] | 26 | choiceList = [] |
| @@ -73,7 +74,7 @@ def bagAndTag(): | @@ -73,7 +74,7 @@ def bagAndTag(): | ||
| 73 | for dir in dirnames: | 74 | for dir in dirnames: |
| 74 | for subroot, subdirnames, subfilenames in os.walk(tombPath + dir): | 75 | for subroot, subdirnames, subfilenames in os.walk(tombPath + dir): |
| 75 | for filename in subfilenames: | 76 | for filename in subfilenames: |
| 76 | - boneList.append({"path" : subroot + "/" + filename, "type": dir}) | 77 | + boneList.append({"path" : subroot + "/" + filename, "type": bonetypes.definitions[dir]}) |
| 77 | 78 | ||
| 78 | d.gauge_start(title="Hashing all collected artifacts...",width=60,height=10) | 79 | d.gauge_start(title="Hashing all collected artifacts...",width=60,height=10) |
| 79 | boneCount = 0 | 80 | boneCount = 0 |