Mac-robber

From Free Software Directory
 
Jump to: navigation, search


[edit]

Mac-robber

http://www.sleuthkit.org/mac-robber
collects data about allocated files in mounted filesystems

mac-robber is a digital investigation tool (digital forensics) that collects metadata from allocated files in a mounted filesystem. This is useful during incident response when analyzing a live system or when analyzing a dead system in a lab. The data can be used by the mactime tool in The Sleuth Kit (TSK or SleuthKit only) to make a timeline of file activity. The mac- robber tool is based on the grave-robber tool from TCT (The Coroners Toolkit).

mac-robber requires that the filesystem be mounted by the operating system, unlike the tools in The Sleuth Kit that process the filesystem themselves. Therefore, mac-robber will not collect data from deleted files or files that have been hidden by rootkits. mac-robber will also modify the Access times on directories that are mounted with write permissions.

mac-robber is useful when dealing with a filesystem that is not supported by The Sleuth Kit or other filesystem analysis tools. You can run mac-robber on an obscure, suspect UNIX filesystem that has been mounted read-only on a trusted system.





Licensing

License

Verified by

Verified on

Notes

License

Other

Verified by

Debian: Joao Eriberto Mota Filho <eriberto@debian.org>

Verified on

9 August 2014

Notes

License: gpl-2.0+




Leaders and contributors

Resources and communication

AudienceResource typeURI
Debian (Ref)https://tracker.debian.org/pkg/mac-robber
Downloadhttp://sf.net/projects/mac-robber


Software prerequisites




Entry







"Debian (Ref)" is not in the list (General, Help, Bug Tracking, Support, Developer) of allowed values for the "Resource audience" property.








Date 2015-07-17
Source Debian
Source link http://packages.debian.org/sid/mac-robber

[[Category:]]



Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.

The copyright and license notices on this page only apply to the text on this page. Any software or copyright-licenses or other similar notices described in this text has its own copyright notice and license, which can usually be found in the distribution or license text itself.