Difference between revisions of "Mac-robber"

From SleuthKitWiki
Jump to: navigation, search
(created page.)
 
m (Reverted edits by Jacintheford (talk) to last revision by Apriestman)
 
(3 intermediate revisions by 3 users not shown)
(No difference)

Latest revision as of 06:00, 18 May 2016

mac-robber is an open source tool that can be used to collect time information from a live computer. The output of this tool can be used to make a timeline of file activity.

Unlike the TSK tools, mac-robber relies on the OS to gather information about a mounted file system. This makes it more vulnerable to rootkits, but it allows an investigator to collect data on file systems that are not supported by TSK.

http://www.sleuthkit.org/mac-robber/