mac-robber - collects data about allocated files in mounted filesystems

Property Value
Distribution Debian 10 (Buster)
Repository Debian Main amd64
Package filename mac-robber_1.02-7_amd64.deb
Package name mac-robber
Package version 1.02
Package release 7
Package architecture amd64
Package type deb
Category utils
License -
Maintainer Debian Security Tools <>
Download size 9.50 KB
Installed size 34.00 KB
mac-robber is a digital investigation tool (digital forensics) that collects
metadata from allocated files in a mounted filesystem. This is useful during
incident response when analyzing a live system or when analyzing a dead
system in a lab. The data can be used by the mactime tool in The Sleuth Kit
(TSK or SleuthKit only) to make a timeline of file activity. The mac-robber
tool is based on the grave-robber tool from TCT (The Coroners Toolkit).
mac-robber requires that the filesystem be mounted by the operating system,
unlike the tools in The Sleuth Kit that process the filesystem themselves.
Therefore, mac-robber will not collect data from deleted files or files that
have been hidden by rootkits. mac-robber will also modify the Access times
on directories that are mounted with write permissions.
mac-robber is useful when dealing with a filesystem that is not supported
by The Sleuth Kit or other filesystem analysis tools. You can run mac-robber
on an obscure, suspect UNIX filesystem that has been mounted read-only on a
trusted system.


Package Version Architecture Repository
mac-robber_1.02-7_i386.deb 1.02 i386 Debian Main
mac-robber - - -


Name Value
libc6 >= 2.4


Type URL
Binary Package mac-robber_1.02-7_amd64.deb
Source Package mac-robber

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install mac-robber deb package:
    # sudo apt-get install mac-robber




2018-10-25 - Joao Eriberto Mota Filho <>
mac-robber (1.02-7) unstable; urgency=medium
* debian/control: bumped Standards-Version to 4.2.1.
* debian/copyright:
- Added rights for Helmut Grohne and Raphaël Hertzog.
- Updated packaging copyright years.
- Using a secure URI in Source field.
* debian/tests/*: added a trivial test.
2018-04-19 - Raphaël Hertzog <>
mac-robber (1.02-6) unstable; urgency=medium
* Team upload.
[ Raphaël Hertzog ]
* Update team maintainer address to Debian Security Tools
* Update Vcs-Git and Vcs-Browser for the move to
* Bump Standards-Version to 4.1.4
* Bump debhelper compat level to 11
[ Helmut Grohne ]
* Fix FTCBFS: let dh_auto_build pass cross tools to make (Closes: #894967)
2016-12-30 - Joao Eriberto Mota Filho <>
mac-robber (1.02-5) unstable; urgency=medium
* Bumped DH level to 10.
* debian/control:
- Bumped Standards-Version to 3.9.8.
- Updated the Vcs-* fields to use https instead of http and git.
* debian/copyright: updated the packaging copyright years.
* debian/man/:
- Renamed to debian/manpage.
- Switched by
* debian/manpages: created to install the local manpage.
* debian/patches/Makefile.patch: renamed to 10_add-GCC-hardening.patch.
* debian/rules: removed the --parallel option from dh.
* debian/watch: bumped to version 4.
2015-09-07 - Joao Eriberto Mota Filho <>
mac-robber (1.02-4) unstable; urgency=medium
* debian/control:
- Bumped Standards-Version to 3.9.6.
- Removed netcat from Suggests field.
* debian/copyright:
- Dropped dot-zero from GPL license short name.
- Updated the packaging copyright years.
* debian/rules: added the DEB_BUILD_MAINT_OPTIONS
variable to improve the GCC hardening.
2014-08-09 - Joao Eriberto Mota Filho <>
mac-robber (1.02-3) unstable; urgency=medium
* New maintainer email address.
* debian/control:
- Updated the Standards-Version from 3.9.4 to 3.9.5.
- Updated the Vcs-Browser field.
* debian/copyright: updated packaging copyright years.
* debian/man/:
- Added to automate the manpage creation.
- Fixed minus hyphen as minus sign in mac-robber.{txt,1}.
2013-10-17 - Joao Eriberto Mota Filho <>
mac-robber (1.02-2) unstable; urgency=low
* debian/control: fixed the Vcs-Browser field.
* debian/rules: disabled the DH_VERBOSE option.
2013-05-16 - Joao Eriberto Mota Filho <>
mac-robber (1.02-1) unstable; urgency=low
* Initial release (Closes: #708528)

See Also

Package Description
macchanger_1.7.0-5.4_amd64.deb utility for manipulating the MAC address of network interfaces
macfanctld_0.6+repack1-2_amd64.deb fan control daemon for Apple MacBook / MacBook Pro computers
macopix-gtk2_1.7.4-6+b1_amd64.deb Mascot Constructive Pilot for X based on GTK+ 2
macs_2.1.2.1-1_amd64.deb Model-based Analysis of ChIP-Seq on short reads sequencers
macsyfinder_1.0.5-2_all.deb detection of macromolecular systems in protein datasets
mactelnet-client_0.4.4-4_amd64.deb Console tools for telneting and pinging via MAC addresses
mactelnet-server_0.4.4-4_amd64.deb Telnet daemon for accepting connections via MAC addresses
macutils_2.0b3-16+b2_amd64.deb Set of tools to deal with specially encoded Macintosh files
madbomber-data_0.2.5-8_all.deb Datafiles for madbomber
madbomber_0.2.5-8_amd64.deb Kaboom! clone
madison-lite_0.24_all.deb display versions of Debian packages in an archive
madlib-doc_1.3.0-2.1_all.deb mesh adaptation library
madplay_0.15.2b-8.3_amd64.deb MPEG audio player in fixed point
madwimax_0.1.1-1+b2_amd64.deb user-space driver for mWiMAX equipment based on Samsung CMC-730
maelstrom_1.4.3-L3.0.6+main-9_amd64.deb Arcade-style game resembling Asteroids