Portage is a package management system used by Gentoo Linux
# ChangeLog for app-forensics/mac-robber
# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/app-forensics/mac-robber/ChangeLog,v 1.4 2007/02/08 22:03:43 flameeyes Exp $
08 Feb 2007; Diego Pettenò
Regenerate digest in Manifest2 format.
11 Aug 2005; Luis Medinas
Added ~amd64 keywords.
08 May 2005; Stephanie Lockwood-Childs
mac-robber-1.00.ebuild:
mark ~ppc
26 Jan 2005; Daniel Black
+mac-robber-1.00.ebuild, +metadata.xml:
Initial import. Suggested by Michael Zanetta
DIST mac-robber-1.00.tar.gz 11483 RMD160 702e33935dddc92e3f0d5c970bb05bd9d32397a1 SHA1 4d506e1a4f7c96ca9048432e376f8410140b9f8f SHA256 e84637457580cf0b823868138e9adde9f5f5f5d516595cdf8f9f95cbbe939869
EBUILD mac-robber-1.00.ebuild 735 RMD160 9d3636d4b219e5a31ab2458892f93d3ff5bbb3a2 SHA1 1aae431c8f9f694454281d45a4f0d1773e40f212 SHA256 c55c9a44992e09f8d26bfe171d0cfa5a86d096c261af180038c9aba91305d968
MISC ChangeLog 695 RMD160 ee42516ac98c41bd1b664235f840172c84ce56aa SHA1 ac265a10ef542575ebd142abe01da047133b4808 SHA256 8e577eab4e27af5110d217cdf015cda95f876a4e7038bff88c7f7627686eeb83
MISC metadata.xml 1434 RMD160 6cf700da107a7f99b2dde2bb9ac3b730a46313ac SHA1 f5ec5c02fdd3457c7af9ff7b00e9682e9e5f73ad SHA256 963dbfaa481fa7b295efa547f3ff1bfcc8af5fa313d1be2ad65a2ec60662cbe9
# Copyright 1999-2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/app-forensics/mac-robber/mac-robber-1.00.ebuild,v 1.4 2007/07/15 03:01:24 mr_bones_ Exp $
inherit toolchain-funcs
DESCRIPTION="mac-robber is a digital forensics and incident response tool that collects data"
HOMEPAGE="http://www.sleuthkit.org/mac-robber/index.php"
SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~amd64 ~ppc x86"
IUSE=""
DEPEND="virtual/libc"
src_compile() {
emake CC="$(tc-getCC)" GCC_OPT="${CFLAGS}" \
|| die "make failed"
}
src_test() {
./mac-robber -V || die "test failed"
}
src_install() {
dobin mac-robber
dodoc README
}
mac-robber is a digital forensics and incident response tool that collects data from allocated files in a mounted file system.
The data can be used by the mactime tool in The Sleuth Kit to make a timeline of file activity. The mac-robber tool is based on
the grave-robber tool from TCT and is written in C instead of Perl.
mac-robber requires that the file system be mounted by the operating system, unlike the tools in The Sleuth Kit that process the
file system themselves. Therefore, mac-robber will not collect data from deleted files or files that have been hidden by
rootkits. mac-robber will also modify the Access times on directories that are mounted with write permissions.
"What is mac-robber good for then", you ask? mac-robber is useful when dealing with a file system that is not supported by The
Sleuth Kit or other forensic tools. mac-robber is very basic C and should compile on any UNIX system. Therefore, you can run
mac-robber on an obscure, suspect UNIX file system that has been mounted read-only on a trusted system. I have also used
mac-robber during investigations of common UNIX systems such as AIX.