mac-robber - collects data about allocated files in mounted filesystems

Property Value
Distribution Debian 8 (Jessie)
Repository Debian Main amd64
Package name mac-robber
Package version 1.02
Package release 3
Package architecture amd64
Package type deb
Installed size 53 B
Download size 8.55 KB
Official Mirror
mac-robber is a digital investigation tool (digital forensics) that collects
metadata from allocated files in a mounted filesystem. This is useful during
incident response when analyzing a live system or when analyzing a dead
system in a lab. The data can be used by the mactime tool in The Sleuth Kit
(TSK or SleuthKit only) to make a timeline of file activity. The mac-robber
tool is based on the grave-robber tool from TCT (The Coroners Toolkit).
mac-robber requires that the filesystem be mounted by the operating system,
unlike the tools in The Sleuth Kit that process the filesystem themselves.
Therefore, mac-robber will not collect data from deleted files or files that
have been hidden by rootkits. mac-robber will also modify the Access times
on directories that are mounted with write permissions.
mac-robber is useful when dealing with a filesystem that is not supported
by The Sleuth Kit or other filesystem analysis tools. You can run mac-robber
on an obscure, suspect UNIX filesystem that has been mounted read-only on a
trusted system.


Package Version Architecture Repository
mac-robber_1.02-3_i386.deb 1.02 i386 Debian Main
mac-robber - - -


Name Value
libc6 >= 2.4


Type URL
Binary Package mac-robber_1.02-3_amd64.deb
Source Package mac-robber

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install mac-robber deb package:
    # sudo apt-get install mac-robber




2014-08-09 - Joao Eriberto Mota Filho <>
mac-robber (1.02-3) unstable; urgency=medium
* New maintainer email address.
* debian/control:
- Updated the Standards-Version from 3.9.4 to 3.9.5.
- Updated the Vcs-Browser field.
* debian/copyright: updated packaging copyright years.
* debian/man/:
- Added to automate the manpage creation.
- Fixed minus hyphen as minus sign in mac-robber.{txt,1}.
2013-10-17 - Joao Eriberto Mota Filho <>
mac-robber (1.02-2) unstable; urgency=low
* debian/control: fixed the Vcs-Browser field.
* debian/rules: disabled the DH_VERBOSE option.
2013-05-16 - Joao Eriberto Mota Filho <>
mac-robber (1.02-1) unstable; urgency=low
* Initial release (Closes: #708528)

See Also

Package Description
macchanger-gtk_1.1-4_all.deb a GTK+ interface for GNU/MACchanger
macchanger_1.7.0-5.3_amd64.deb utility for manipulating the MAC address of network interfaces
mace2_3.3f-1.1_amd64.deb program that searches for finite models of first-order statements
macfanctld_0.6+repack1-1_amd64.deb fan control daemon for Apple MacBook / MacBook Pro computers
macopix-gtk2_1.7.4-5+b1_amd64.deb Mascot Constructive Pilot for X based on GTK+ 2
macs_2.0.9.1-1_amd64.deb Model-based Analysis of ChIP-Seq on short reads sequencers
mactelnet-client_0.4.0-1+deb8u1_amd64.deb Console tools for telneting and pinging via MAC addresses
mactelnet-server_0.4.0-1+deb8u1_amd64.deb Telnet daemon for accepting connections via MAC addresses
macutils_2.0b3-16_amd64.deb Set of tools to deal with specially encoded Macintosh files
madbomber-data_0.2.5-6_all.deb Datafiles for madbomber
madbomber_0.2.5-6_amd64.deb Kaboom! clone
madison-lite_0.20_all.deb display versions of Debian packages in an archive
madlib-doc_1.3.0-2.1_all.deb mesh adaptation library
madplay_0.15.2b-8_amd64.deb MPEG audio player in fixed point
madwimax_0.1.1-1_amd64.deb user-space driver for mWiMAX equipment based on Samsung CMC-730