Tool update: mac-robber.py, (Tue, Mar 4th)

Just a quick update. I fixed a big bug in my mac-robber.py script about 2 weeks ago, but realized I hadn't published a diary about it. I didn't go back and figure out how this one slipped in because I'm sure it worked originally, but it was generating bad output for soft/symbolic links. If. you are using the script, please update immediately.

References:

[1] https://github.com/att/docker-forensics/blob/master/mac-robber.py

--------------- Jim Clausing, GIAC GSE #26 jclausing --at-- isc [dot] sans (dot) edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.