How to Install and Uninstall mac-robber Package on Ubuntu 21.10 (Impish Indri)
Last updated: November 22,2024
1. Install "mac-robber" package
This is a short guide on how to install mac-robber on Ubuntu 21.10 (Impish Indri)
$
sudo apt update
Copied
$
sudo apt install
mac-robber
Copied
2. Uninstall "mac-robber" package
This is a short guide on how to uninstall mac-robber on Ubuntu 21.10 (Impish Indri):
$
sudo apt remove
mac-robber
Copied
$
sudo apt autoclean && sudo apt autoremove
Copied
3. Information about the mac-robber package on Ubuntu 21.10 (Impish Indri)
Package: mac-robber
Architecture: amd64
Version: 1.02-12
Priority: optional
Section: universe/utils
Origin: Ubuntu
Maintainer: Ubuntu Developers
Original-Maintainer: Debian Security Tools
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 34
Depends: libc6 (>= 2.4)
Suggests: sleuthkit
Enhances: sleuthkit
Filename: pool/universe/m/mac-robber/mac-robber_1.02-12_amd64.deb
Size: 10136
MD5sum: f734760b939ea52f9acffa71558d106a
SHA1: a89953c1c90a1610253a0b449aed414bd80b524c
SHA256: 6c79ad154604ece201e17809cb5507a178ab873080ae781062ac33fd5d89a54c
SHA512: 748eb86b24abbaa8801e58912fedb227d73dd287acf5ecc76c87e4c0e00f252b5e76b5e970ab059276fdaf465972b5fae5963237dbc5eabbbc92690bcce6c46f
Homepage: https://www.sleuthkit.org/mac-robber
Description-en: collects data about allocated files in mounted filesystems
mac-robber is a digital investigation tool (digital forensics) that collects
metadata from allocated files in a mounted filesystem. This is useful during
incident response when analyzing a live system or when analyzing a dead
system in a lab. The data can be used by the mactime tool in The Sleuth Kit
(TSK or SleuthKit only) to make a timeline of file activity. The mac-robber
tool is based on the grave-robber tool from TCT (The Coroners Toolkit).
.
mac-robber requires that the filesystem be mounted by the operating system,
unlike the tools in The Sleuth Kit that process the filesystem themselves.
Therefore, mac-robber will not collect data from deleted files or files that
have been hidden by rootkits. mac-robber will also modify the Access times
on directories that are mounted with write permissions.
.
mac-robber is useful when dealing with a filesystem that is not supported
by The Sleuth Kit or other filesystem analysis tools. You can run mac-robber
on an obscure, suspect UNIX filesystem that has been mounted read-only on a
trusted system.
Description-md5: a6b5a6400c4d5a7fbaaaa60c532ae6fb
Architecture: amd64
Version: 1.02-12
Priority: optional
Section: universe/utils
Origin: Ubuntu
Maintainer: Ubuntu Developers
Original-Maintainer: Debian Security Tools
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 34
Depends: libc6 (>= 2.4)
Suggests: sleuthkit
Enhances: sleuthkit
Filename: pool/universe/m/mac-robber/mac-robber_1.02-12_amd64.deb
Size: 10136
MD5sum: f734760b939ea52f9acffa71558d106a
SHA1: a89953c1c90a1610253a0b449aed414bd80b524c
SHA256: 6c79ad154604ece201e17809cb5507a178ab873080ae781062ac33fd5d89a54c
SHA512: 748eb86b24abbaa8801e58912fedb227d73dd287acf5ecc76c87e4c0e00f252b5e76b5e970ab059276fdaf465972b5fae5963237dbc5eabbbc92690bcce6c46f
Homepage: https://www.sleuthkit.org/mac-robber
Description-en: collects data about allocated files in mounted filesystems
mac-robber is a digital investigation tool (digital forensics) that collects
metadata from allocated files in a mounted filesystem. This is useful during
incident response when analyzing a live system or when analyzing a dead
system in a lab. The data can be used by the mactime tool in The Sleuth Kit
(TSK or SleuthKit only) to make a timeline of file activity. The mac-robber
tool is based on the grave-robber tool from TCT (The Coroners Toolkit).
.
mac-robber requires that the filesystem be mounted by the operating system,
unlike the tools in The Sleuth Kit that process the filesystem themselves.
Therefore, mac-robber will not collect data from deleted files or files that
have been hidden by rootkits. mac-robber will also modify the Access times
on directories that are mounted with write permissions.
.
mac-robber is useful when dealing with a filesystem that is not supported
by The Sleuth Kit or other filesystem analysis tools. You can run mac-robber
on an obscure, suspect UNIX filesystem that has been mounted read-only on a
trusted system.
Description-md5: a6b5a6400c4d5a7fbaaaa60c532ae6fb