Kali Linux Tool- Guymager (capturing forensic images)

How to capture a forensic image using guymager (Kali linux)?

Guymager is a free forensic imager for media acquisition which runs under Linux and is completely open source and free of charges. It is very fast due to multi-threaded, pipelined design and multi-threaded data compression. It makes full usage of multi-processor machines and has a very easy user interface available in different languages. It generates flat (dd), EWF (E01) and AFF images, and also supports disk cloning.

Here are the steps to capture a forensic image using guymager tool of kali linux.

1.    Go to Applications -> Kali Linux -> Forensics -> Forensic Imaging Tools -> guymager

 2.    Guymager will open up and will look something like this.

     3.     Select the model; you want to create an image of.

4 4.     Right click on it. A pop up will appear. Select “acquire image”.

    5.  A pop up for acquiring image will open up, it will look something like this. There, click on “Advanced forensic image (file extension .aff)”.

    6.  Fill up the details like case number, evidence number, examiner, description and provide notes if you like.

7. Type the location of Image directory or click on “…” to search one.

8. Now select your destination folder and click ‘Choose’.

 9. Now type the image file name (without extension). When you type it, the info file name will be entered the same itself.

     10.   Remember never include special characters like space, hash or anything. If you do so, an error like this will appear.

So, try to provide simple names for the image file.

      11.   Now click on “OK”.

     12.  The state will change ‘Idle’ to ‘acquisition running’ and progress, time remaining; average speed etc. will be shown to you.

      13.   After it completes, you can see your image file (.aff) in the directory you provided.