diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2018-07-14 21:03:06 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2018-07-14 21:03:06 +0100 |
commit | 8376ef56580626e9c0f796d5b85b53a0a1c7d5f5 (patch) | |
tree | 7681bbd4e8b05407772df40a4bf04cbbc8afc3fa /app-forensics/mac-robber | |
parent | 30a9caf154332f12ca60756e1b75d2f0e3e1822d (diff) |
gentoo resync : 14.07.2018
Diffstat (limited to 'app-forensics/mac-robber')
-rw-r--r-- | app-forensics/mac-robber/Manifest | 3 | ||||
-rw-r--r-- | app-forensics/mac-robber/mac-robber-1.02.ebuild | 29 | ||||
-rw-r--r-- | app-forensics/mac-robber/metadata.xml | 23 |
3 files changed, 55 insertions, 0 deletions
diff --git a/app-forensics/mac-robber/Manifest b/app-forensics/mac-robber/Manifest new file mode 100644 index 000000000000..62c6e2319a4d --- /dev/null +++ b/app-forensics/mac-robber/Manifest @@ -0,0 +1,3 @@ +DIST mac-robber-1.02.tar.gz 11708 BLAKE2B d6d35be3c52b5bc93eb779ca3693c4213c57dcb4ecfb24912e92f47b3f896d948c8ccadef39f49af3c455cdff3a92adbca7e3d1e35ef0ebc885034bfa3c0743b SHA512 5330f766eb08aa766ca3f430684e0a40ecf29b7230a582c30a36bbaaa481d52c2a8519fa04e82762f09259ada9e77466c1430aebdff22615a511d519916d54a7 +EBUILD mac-robber-1.02.ebuild 612 BLAKE2B 2e24716d4da4657367314593b8293916b63db195e968bc772e3249b6235b5b1d3deac0db616b88a6f72cd29855ed803262839f3469142088378f5a268089aaf7 SHA512 e9a37e85ec1036237297036b789e4fe35f6c6b047b04a42704ccc2f87a6b00713d15bcfb4626027f007b69eda74976759600356d81588da62755d04416b09c08 +MISC metadata.xml 1423 BLAKE2B d0058ce512ae8c56122195868b0e3c921135a3335962263bf8f144d630a525f7efaaf24d4cdd9f23166ccb0bf0ecacd41d89ec32ee8a35ccb909561e789713de SHA512 3af947bce0415529c1e0af7d8362db0a7ab53d685294c6dba69868acdf920b8199a19dbd0a9272c12bd97e6aaac1da78a5a537064793859858727286e8270dfb diff --git a/app-forensics/mac-robber/mac-robber-1.02.ebuild b/app-forensics/mac-robber/mac-robber-1.02.ebuild new file mode 100644 index 000000000000..b8497f78d985 --- /dev/null +++ b/app-forensics/mac-robber/mac-robber-1.02.ebuild @@ -0,0 +1,29 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit toolchain-funcs + +DESCRIPTION="mac-robber is a digital forensics and incident response tool that collects data" +HOMEPAGE="http://www.sleuthkit.org/mac-robber/index.php" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc x86" +IUSE="" + +src_prepare() { + default + sed -i -e 's:$(GCC_CFLAGS):\0 $(LDFLAGS):' Makefile || die +} + +src_compile() { + emake CC="$(tc-getCC)" GCC_OPT="${CFLAGS}" +} + +src_install() { + dobin mac-robber + dodoc CHANGES README +} diff --git a/app-forensics/mac-robber/metadata.xml b/app-forensics/mac-robber/metadata.xml new file mode 100644 index 000000000000..2ce6a4b5d677 --- /dev/null +++ b/app-forensics/mac-robber/metadata.xml @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <!-- maintainer-needed --> + <longdescription> +mac-robber is a digital forensics and incident response tool that collects data from allocated files in a mounted file system. +The data can be used by the mactime tool in The Sleuth Kit to make a timeline of file activity. The mac-robber tool is based on +the grave-robber tool from TCT and is written in C instead of Perl. + +mac-robber requires that the file system be mounted by the operating system, unlike the tools in The Sleuth Kit that process the +file system themselves. Therefore, mac-robber will not collect data from deleted files or files that have been hidden by +rootkits. mac-robber will also modify the Access times on directories that are mounted with write permissions. + + +"What is mac-robber good for then", you ask? mac-robber is useful when dealing with a file system that is not supported by The +Sleuth Kit or other forensic tools. mac-robber is very basic C and should compile on any UNIX system. Therefore, you can run +mac-robber on an obscure, suspect UNIX file system that has been mounted read-only on a trusted system. I have also used +mac-robber during investigations of common UNIX systems such as AIX. +</longdescription> + <upstream> + <remote-id type="sourceforge">mac-robber</remote-id> + </upstream> +</pkgmetadata> |