Difference between revisions of "Mac-robber"
From SleuthKitWiki
(created page.) |
Apriestman (Talk | contribs) m (Reverted edits by Jacintheford (talk) to last revision by Apriestman) |
(3 intermediate revisions by 3 users not shown) | |
(No difference)
|
Latest revision as of 06:00, 18 May 2016
mac-robber is an open source tool that can be used to collect time information from a live computer. The output of this tool can be used to make a timeline of file activity.
Unlike the TSK tools, mac-robber relies on the OS to gather information about a mounted file system. This makes it more vulnerable to rootkits, but it allows an investigator to collect data on file systems that are not supported by TSK.