How to Install and Uninstall mac-robber Package on Ubuntu 16.04 LTS (Xenial Xerus)
Last updated: November 22,2024
1. Install "mac-robber" package
This guide covers the steps necessary to install mac-robber on Ubuntu 16.04 LTS (Xenial Xerus)
$
sudo apt update
Copied
$
sudo apt install
mac-robber
Copied
2. Uninstall "mac-robber" package
This guide let you learn how to uninstall mac-robber on Ubuntu 16.04 LTS (Xenial Xerus):
$
sudo apt remove
mac-robber
Copied
$
sudo apt autoclean && sudo apt autoremove
Copied
3. Information about the mac-robber package on Ubuntu 16.04 LTS (Xenial Xerus)
Package: mac-robber
Priority: optional
Section: universe/utils
Installed-Size: 28
Maintainer: Ubuntu Developers
Original-Maintainer: Debian Forensics
Architecture: amd64
Version: 1.02-4
Depends: libc6 (>= 2.4)
Suggests: sleuthkit
Filename: pool/universe/m/mac-robber/mac-robber_1.02-4_amd64.deb
Size: 8674
MD5sum: 4208a27ea5d23389b80e08e16025c91a
SHA1: 2f2a94884f4f6847412afe1b936a143904e89618
SHA256: 2a3a0563f398ad8d9d26185f21ec52ba4e500beaa0743e003728b334fd6b6774
Description-en: collects data about allocated files in mounted filesystems
mac-robber is a digital investigation tool (digital forensics) that collects
metadata from allocated files in a mounted filesystem. This is useful during
incident response when analyzing a live system or when analyzing a dead
system in a lab. The data can be used by the mactime tool in The Sleuth Kit
(TSK or SleuthKit only) to make a timeline of file activity. The mac-robber
tool is based on the grave-robber tool from TCT (The Coroners Toolkit).
.
mac-robber requires that the filesystem be mounted by the operating system,
unlike the tools in The Sleuth Kit that process the filesystem themselves.
Therefore, mac-robber will not collect data from deleted files or files that
have been hidden by rootkits. mac-robber will also modify the Access times
on directories that are mounted with write permissions.
.
mac-robber is useful when dealing with a filesystem that is not supported
by The Sleuth Kit or other filesystem analysis tools. You can run mac-robber
on an obscure, suspect UNIX filesystem that has been mounted read-only on a
trusted system.
Description-md5: a6b5a6400c4d5a7fbaaaa60c532ae6fb
Enhances: sleuthkit
Homepage: http://www.sleuthkit.org/mac-robber
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Origin: Ubuntu
Priority: optional
Section: universe/utils
Installed-Size: 28
Maintainer: Ubuntu Developers
Original-Maintainer: Debian Forensics
Architecture: amd64
Version: 1.02-4
Depends: libc6 (>= 2.4)
Suggests: sleuthkit
Filename: pool/universe/m/mac-robber/mac-robber_1.02-4_amd64.deb
Size: 8674
MD5sum: 4208a27ea5d23389b80e08e16025c91a
SHA1: 2f2a94884f4f6847412afe1b936a143904e89618
SHA256: 2a3a0563f398ad8d9d26185f21ec52ba4e500beaa0743e003728b334fd6b6774
Description-en: collects data about allocated files in mounted filesystems
mac-robber is a digital investigation tool (digital forensics) that collects
metadata from allocated files in a mounted filesystem. This is useful during
incident response when analyzing a live system or when analyzing a dead
system in a lab. The data can be used by the mactime tool in The Sleuth Kit
(TSK or SleuthKit only) to make a timeline of file activity. The mac-robber
tool is based on the grave-robber tool from TCT (The Coroners Toolkit).
.
mac-robber requires that the filesystem be mounted by the operating system,
unlike the tools in The Sleuth Kit that process the filesystem themselves.
Therefore, mac-robber will not collect data from deleted files or files that
have been hidden by rootkits. mac-robber will also modify the Access times
on directories that are mounted with write permissions.
.
mac-robber is useful when dealing with a filesystem that is not supported
by The Sleuth Kit or other filesystem analysis tools. You can run mac-robber
on an obscure, suspect UNIX filesystem that has been mounted read-only on a
trusted system.
Description-md5: a6b5a6400c4d5a7fbaaaa60c532ae6fb
Enhances: sleuthkit
Homepage: http://www.sleuthkit.org/mac-robber
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Origin: Ubuntu