Results 1 to 5 of 5

Thread: Retrieving the MFT timestamps

Threaded View

  1. June 11th, 2008, 07:21 PM #2
    nebulus200
    nebulus200 is offline
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    macdaddy?

    http://www.opensourceforensics.org/tools/unix.html

    Title: mac-daddy Author: Rob Lee
    Description: MAC Time collector for forensic incident response. This toolset is a modified version of the two programs tree.pl and mactime from the Coroner's Toolkit by Dan Farmer and Venema Weiste. This program is portable and can be run directly from a floppy or a cdrom with a perl interpreter that can also be on the floppy or cdrom.
    Website: http://www.xxxxxxxxxx [Site has been removed]
    Source: http://www.xxxxxxxxxxx [Site has been removed]

    Moderator's Note: The links have been censored because they lead to a pr0n site

    Title: mac-robber Author: Brian Carrier
    Description: mac-robber is a forensics and incident response program that collects Modified, Access, and Change (MAC) times from files. Its output can be used as input to the 'mactime' tool in The Sleuth Kit to make a time line of file activity.
    Website: http://www.sleuthkit.org/mac-robber
    Source: http://www.sleuthkit.org/mac-robber/download.php

    Just keep in mind there are plenty of tools available to timestomp/mangle the MACs and make it alot harder....
    Last edited by nihil; June 15th, 2008 at 07:16 AM.
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. Auditor vs BackTrack in retrieving password hashes
    By Ignatius in forum Newbie Security Questions
    Replies: 7
    Last Post: May 25th, 2006, 11:41 PM
  2. Retrieving an sql database
    By Hades in forum Newbie Security Questions
    Replies: 8
    Last Post: May 31st, 2005, 05:58 PM
  3. Retrieving data from old hard drive
    By dontease in forum Hardware
    Replies: 8
    Last Post: January 27th, 2005, 04:03 PM
  4. Retrieving access time information
    By tatui in forum Computer Forensics
    Replies: 3
    Last Post: February 2nd, 2003, 10:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules