app-forensics / mac-robber

mac-robber is a digital forensics and incident response tool that collects data

Official package sites : ·

mac-robber is a digital forensics and incident response tool that collects data from allocated files in a mounted file system. The data can be used by the mactime tool in The Sleuth Kit to make a timeline of file activity. The mac-robber tool is based on the grave-robber tool from TCT and is written in C instead of Perl. mac-robber requires that the file system be mounted by the operating system, unlike the tools in The Sleuth Kit that process the file system themselves. Therefore, mac-robber will not collect data from deleted files or files that have been hidden by rootkits. mac-robber will also modify the Access times on directories that are mounted with write permissions. "What is mac-robber good for then", you ask? mac-robber is useful when dealing with a file system that is not supported by The Sleuth Kit or other forensic tools. mac-robber is very basic C and should compile on any UNIX system. Therefore, you can run mac-robber on an obscure, suspect UNIX file system that has been mounted read-only on a trusted system. I have also used mac-robber during investigations of common UNIX systems such as AIX.

v1.02-r1 :: 0 :: gentoo

x86 ~amd64 ~ppc
Repository mirror & CI · gentoo
Merge updates from master
Lucio Sauer · gentoo
*/*: inline mirror://sourceforge
bump copyright of touched ebuilds to 2024 Signed-off-by: Lucio Sauer <> Signed-off-by: Michał Górny <>
Repository mirror & CI · gentoo
Merge updates from master
David Seifert · gentoo
app-forensics/mac-robber: update EAPI 6 -> 8
Closes: Signed-off-by: David Seifert <>
Mikle Kolyada · gentoo
app-forensics/mac-robber: EAPI bump
Package-Manager: Portage-2.3.24, Repoman-2.3.6
Robin H. Johnson · gentoo
Drop $Id$ per council decision in bug #611234.
Signed-off-by: Robin H. Johnson <>
Robin H. Johnson · gentoo
proj/gentoo: Initial commit
This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <> X-Thanks: Alec Warner <> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <> - validation scripts X-Thanks: Patrick Lauer <> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed