Mac-robber

From SleuthKitWiki
Revision as of 08:41, 5 January 2010 by Carrier (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

mac-robber is an open source tool that can be used to collect time information from a live computer. The output of this tool can be used to make a timeline of file activity.

Unlike the TSK tools, mac-robber relies on the OS to gather information about a mounted file system. This makes it more vulnerable to rootkits, but it allows an investigator to collect data on file systems that are not supported by TSK.

http://www.sleuthkit.org/mac-robber/