Difference between revisions of "Mac-robber"
(Debian import) |
(Added Debian link) |
||
| Line 23: | Line 23: | ||
that has been mounted read-only on a trusted system. | that has been mounted read-only on a trusted system. | ||
|Homepage URL=http://www.sleuthkit.org/mac-robber | |Homepage URL=http://www.sleuthkit.org/mac-robber | ||
| − | | | + | |Accepts cryptocurrency donations=No |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|Version identifier=1.02-3 | |Version identifier=1.02-3 | ||
| − | |Version download=http://ftp.debian.org/debian/pool/main/m/mac-robber/mac-robber_1.02.orig.tar.gz | + | |Version download=http://ftp.debian.org/debian/pool/main/m/mac-robber/mac-robber_1.02.orig.tar.gz |
| − | | | + | |Last review by=Bendikker |
| + | |Last review date=2018/02/21 | ||
|Submitted date=2015-07-17 | |Submitted date=2015-07-17 | ||
| − | + | |Is GNU=No | |
| − | |||
| − | | | ||
| − | |||
| − | |||
| − | |||
}} | }} | ||
{{Project license | {{Project license | ||
| Line 46: | Line 37: | ||
|License verified date=2014-08-09 | |License verified date=2014-08-09 | ||
|License note=License: gpl-2.0+ | |License note=License: gpl-2.0+ | ||
| + | }} | ||
| + | {{Resource | ||
| + | |Resource audience=Debian (Ref) | ||
| + | |Resource URL=https://tracker.debian.org/pkg/mac-robber | ||
}} | }} | ||
{{Resource | {{Resource | ||
|Resource kind=Download | |Resource kind=Download | ||
|Resource URL=http://sf.net/projects/mac-robber | |Resource URL=http://sf.net/projects/mac-robber | ||
| + | }} | ||
| + | {{Software category}} | ||
| + | {{Featured}} | ||
| + | {{Import | ||
| + | |Date=2015-07-17 | ||
| + | |Source=Debian | ||
| + | |Source link=http://packages.debian.org/sid/mac-robber | ||
}} | }} | ||
Latest revision as of 16:19, 21 February 2018
Mac-robber
http://www.sleuthkit.org/mac-robber
collects data about allocated files in mounted filesystems
mac-robber is a digital investigation tool (digital forensics) that collects metadata from allocated files in a mounted filesystem. This is useful during incident response when analyzing a live system or when analyzing a dead system in a lab. The data can be used by the mactime tool in The Sleuth Kit (TSK or SleuthKit only) to make a timeline of file activity. The mac- robber tool is based on the grave-robber tool from TCT (The Coroners Toolkit).
mac-robber requires that the filesystem be mounted by the operating system, unlike the tools in The Sleuth Kit that process the filesystem themselves. Therefore, mac-robber will not collect data from deleted files or files that have been hidden by rootkits. mac-robber will also modify the Access times on directories that are mounted with write permissions.
mac-robber is useful when dealing with a filesystem that is not supported by The Sleuth Kit or other filesystem analysis tools. You can run mac-robber on an obscure, suspect UNIX filesystem that has been mounted read-only on a trusted system.
Licensing
License
Verified by
Verified on
Notes
License
Verified by
Debian: Joao Eriberto Mota Filho <eriberto@debian.org>
Verified on
9 August 2014
Notes
License: gpl-2.0+
Leaders and contributors
Resources and communication
| Audience | Resource type | URI |
|---|---|---|
| Debian (Ref) | https://tracker.debian.org/pkg/mac-robber | |
| Download | http://sf.net/projects/mac-robber |
Software prerequisites
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.
The copyright and license notices on this page only apply to the text on this page. Any software or copyright-licenses or other similar notices described in this text has its own copyright notice and license, which can usually be found in the distribution or license text itself.