guymager homepage

Introduction

guymager is a forensic imager for media acquisition. Its main features are:

Easy user interface in different languages
Runs under Linux
Really fast, due to multi-threaded design, multi-threaded data compression
Makes full usage of multi-processor machines
Generates flat (dd), EWF (E01) and AFF images

The current version is 0.4.2.

How it looks

Explanations:

The connected storage devices are listed in the upper part. New devices can be connected at any time - press the rescan button for displaying them.
The devices marked with light red color are local hard disks. They cannot be acquired, thus preventing from acquiring the wrong disks. Local hard disks are recognised by their serial numbers which can be entered in the configuation file.
The lower part shows more detailed info about the acquisition currently selected by the blue cursor.

The above screenshot shows the default acquisition dialog which can be easily adapted to fit your requirements. You may add or remove fields. You can set their default values statically (text) and dynamically (current date, size of disk, serial number, ...). Have a look at /etc/guymager/guymager.cfg.

Download and installation

The following has been tested on Debian Etch (stable) but should work as well on any other Debian based distribution (Ubuntu, Knoppix, ...). For other systems: See the source compilation section below.

Installation with the pinguin APT server

Using Daniel's pinguin server is by far the easiest way for installing Guymager and related packages:

Open a shell and get root rights
Add the pinguin server to your repository list by executing the following command:
```
    wget -P /etc/apt/sources.list.d/ http://deb.pinguin.lu/pinguin.lu.list
```
Currently, i386 and amd64 systems are supported, powerpc packages are available upon request.

Execute the following commands:

   apt-get update
   apt-get install guymager smartmontools hdparm libewf-tools

Start the program with
```
   guymager
```

Manual download and installation of the Debian packages

If you do not like to edit your /etc/apt/soures.list, you can download and install the packages manually:

Browse to apt.pinguin.lu, and choose the directory corresponding to your processor architecture (i386 or amd64).
Remark: amd64 refers to the architecture, not the processor. So, amd64 is ok for both, the AMD and Intel 64 bit processors.
Download the packages for guymager, libewf_ and libguytools1.

Installation from the command line:

Open a shell and get root rights
Change to the directory with the files you downloaded.
Use the following commands for the installation:
```
   apt-get update
   dpkg -i guymager_xxx_i386.deb libguytools_xxx_i386.deb libewf_xxx_i386.deb libewf-tools_xxx_i386.deb
   apt-get -f install
```
xxx stands for the version number. In case you have a 64 bit system, replace i386 by amd64.
The 2^nd command most probably returns some error messages about missing packages. They are installed by executing the 3^rd command.
There are 2 recommended packages you should install as well:
```
   apt-get install smartmontools hdparm
```
Start the program with
```
   guymager
```

Configuration and log

guymager works with two configuration files:

/etc/guymager/guymager.cfg
The main configuration file. You should not change it directly, as your changes might get lost when installing a new version of guymager.
/etc/guymager/local.cfg
Use this file for local changes instead. The parameters adjusted here have precedence over those in guymager.cfg. guymager.cfg includes local.cfg at its very end. If a parameter is set several times, guymager retains the last setting.

If you want to try a parameter quickly without editing local.cfg, you may put it on the command line. For example:

   guymager EwfCompression=BEST

The command line precedes both configuration files. There are 2 parameters which only can be set on the command line:

cfg - The configuration file to be used. The default is /etc/guymager/guymager.cfg.
log - The log file to be used. The default is /var/log/guymager.log.

Example:

   guymager cfg="/tests/g_special.cfg" log="/mylogs/guymager.log"

The configuration parameters are well documented inside /etc/guymager/guymager.cfg. Just remember not to do any changes there.

If ever there's a problem, have a look at the log file /var/log/guymager.log. Please attach the log file when reporting a problem.

Compiling the source code

For compilation and packaging on Debian based systems refer to the end of this section.

Get the source code:

guymager's source is stored in a subversion repository on sourceforge. Go to the guymager project and select menu point "Develop", then "Code" and finally "SVN". Follow the instructions given there.
The same procedure applies to libguytools
The sources for libewf can be downloaded directly from sourceforge. Browse to the libewf project and choose "View all files". Choose the latest non-beta release (20080501 at the time of this writing) and download the ".tar.gz" file.

Let's start with libewf:

Unpack the archive
Compile and install with the standard command trio configure, make, make install. Missing libs and tools have to be installed, refer to the error messages. You probably have to go several times through the "install missing libs / configure" cycle until everything is ok.
After successfull completion of the 3 commands, you not only have the lib required by guymager, but the libewf tools as well. So, it's easy to check if libewf works fine. Try for instance to run ewfinfo on a EWF (E01) image if you have one available. Try ewfacquire on a memory stick otherwise (see the man pages for details).

Next comes libguytools:

Change to the directory where you did the subversion checkout, go to the subdir tags and further down to the latest version.
libguytools is composed of several libs. There's a script called alltools for easy compilation. Create the Makefile:
```
   ./alltools makemake
```
Compile the libs:
```
   ./alltools make
```
Most probably, there will be some tools or libs missing, for instance the Qt developer stuff (libguytools uses qmake). The same procedure as before applies (install/retry/install...).
There is no installation procedure (except for Debian, see above). After completion of the previous step, the libs are in the subdirectory lib. Copy them to a location that is included in the search path on your system (could be /usr/local/lib, for instance) or redirect the LD_LIBRARY_PATH environment variable.
Make the headers from the subdirectory "include" available to other applications (for instance by copying to /usr/local/include).

And finally, guymager:

Change to the directory where you did the subversion checkout, go to the subdir tags and further down to the latest version.
Create the Makefile:
```
   qmake
```
Compile:
```
   make
```
If ever you have problems with the include path of libguytools: You can add it in the file guymager.pro (re-execute qmake afterwards).
Create the language files:
```
   lrelease guymager.pro
```
Copy the configuration file guymager.cfg to /etc/guymager/

guymager should now be ready. Start it with:

   ./guymager

Compilation and packaging on a Debian based system is easier. Get the sources of libewf, libguytools and guymager as described above. Then:

Make sure you have the package dpkg-dev installed.
```
   aptitude install dpkg-dev
```
Unpack libewf, change into the directory and execute

   dpkg-buildpackage -B -uc -rfakeroot

Do the same for libguytools.
Do the same for guymager. You will be told to install some of the packages you created in the previous steps (libguytools, libguytools1-dev, libewf and libewf-dev). Install these packages by means of dpkg -i (see above for the usage of dpkg).

Contact

The author of guymager can be reached by an email to vogu00 at gmail point com. If ever you want to report a problem, be sure to attach the guymager log file.

Disclaimer

The author of guymager and these pages is not responsible, not liable nor anything else for the content of extern web pages that are linked on this website nor for extern web pages linking to this one, nor for anything else. There is no garantuee for any software to work and any software may damage anything.
LPO