mac-robber - collects data about allocated files in mounted filesystems

Distribution: Debian 8 (Jessie)
Repository: Debian Main amd64
Package name: mac-robber
Package version: 1.02
Package release: 3
Package architecture: amd64
Package type: deb
Installed size: 53 B
Download size: 8.55 KB
Official Mirror:
mac-robber is a digital investigation tool (digital forensics) that collects metadata from allocated files in a mounted filesystem. This is useful during incident response when analyzing a live system or when analyzing a dead system in a lab. The data can be used by the mactime tool in The Sleuth Kit (TSK or SleuthKit only) to make a timeline of file activity. The mac-robber tool is based on the grave-robber tool from TCT (The Coroners Toolkit). mac-robber requires that the filesystem be mounted by the operating system, unlike the tools in The Sleuth Kit that process the filesystem themselves. Therefore, mac-robber will not collect data from deleted files or files that have been hidden by rootkits. mac-robber will also modify the Access times on directories that are mounted with write permissions. mac-robber is useful when dealing with a filesystem that is not supported by The Sleuth Kit or other filesystem analysis tools. You can run mac-robber on an obscure, suspect UNIX filesystem that has been mounted read-only on a trusted system.




    Source package: mac-robber

    Install Howto

    1. Update the package index:
      # sudo apt-get update
    2. Install mac-robber deb package:
      # sudo apt-get install mac-robber


    • /usr/bin/mac-robber
    • /usr/share/doc/mac-robber/README
    • /usr/share/doc/mac-robber/changelog.Debian.gz
    • /usr/share/doc/mac-robber/changelog.gz
    • /usr/share/doc/mac-robber/copyright
    • /usr/share/man/man1/mac-robber.1.gz


    2014-08-09 - Joao Eriberto Mota Filho <> mac-robber (1.02-3) unstable; urgency=medium * New maintainer email address. * debian/control: - Updated the Standards-Version from 3.9.4 to 3.9.5. - Updated the Vcs-Browser field. * debian/copyright: updated packaging copyright years. * debian/man/: - Added to automate the manpage creation. - Fixed minus hyphen as minus sign in mac-robber.{txt,1}.

    2013-10-17 - Joao Eriberto Mota Filho <> mac-robber (1.02-2) unstable; urgency=low * debian/control: fixed the Vcs-Browser field. * debian/rules: disabled the DH_VERBOSE option.

    2013-05-16 - Joao Eriberto Mota Filho <> mac-robber (1.02-1) unstable; urgency=low * Initial release (Closes: #708528)