summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2015-08-08 13:49:04 -0700
committerRobin H. Johnson <robbat2@gentoo.org>2015-08-08 17:38:18 -0700
commit56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch)
tree3f91093cdb475e565ae857f1c5a7fd339e2d781e /app-forensics/mac-robber/metadata.xml
downloadgentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip
proj/gentoo: Initial commit
This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'app-forensics/mac-robber/metadata.xml')
-rw-r--r--app-forensics/mac-robber/metadata.xml23
1 files changed, 23 insertions, 0 deletions
diff --git a/app-forensics/mac-robber/metadata.xml b/app-forensics/mac-robber/metadata.xml
new file mode 100644
index 000000000000..52de7337b30e
--- /dev/null
+++ b/app-forensics/mac-robber/metadata.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>forensics</herd>
+ <longdescription>
+mac-robber is a digital forensics and incident response tool that collects data from allocated files in a mounted file system.
+The data can be used by the mactime tool in The Sleuth Kit to make a timeline of file activity. The mac-robber tool is based on
+the grave-robber tool from TCT and is written in C instead of Perl.
+
+mac-robber requires that the file system be mounted by the operating system, unlike the tools in The Sleuth Kit that process the
+file system themselves. Therefore, mac-robber will not collect data from deleted files or files that have been hidden by
+rootkits. mac-robber will also modify the Access times on directories that are mounted with write permissions.
+
+
+"What is mac-robber good for then", you ask? mac-robber is useful when dealing with a file system that is not supported by The
+Sleuth Kit or other forensic tools. mac-robber is very basic C and should compile on any UNIX system. Therefore, you can run
+mac-robber on an obscure, suspect UNIX file system that has been mounted read-only on a trusted system. I have also used
+mac-robber during investigations of common UNIX systems such as AIX.
+</longdescription>
+ <upstream>
+ <remote-id type="sourceforge">mac-robber</remote-id>
+ </upstream>
+</pkgmetadata>