Creating hard disk images with Guymager

Mirror, Mirror…

© Lead Image © wajan, 123RF.com

© Lead Image © wajan, 123RF.com

Article from Issue 168/2014
Author(s):

If malware has taken root on a system, you need a way to safeguard the evidence. Guymager helps you create verified disk images.

Forensic data backup tools are used in situations in which analysis of the original medium is not advisable because it could cause structural changes. The best way to study a storage medium for evidence of malware or intrusion activity is to make an accurate copy and perform your analysis on the copy. However, you need a way to verify that the duplicate is an accurate copy of the original.

Conventional disk image copy tools usually are not suitable for this type of undertaking because they lack an option for validating the image. On the other end, a high-end, professional forensics distro is sometimes more than you need. In these cases, Guymager [1] disk image tool is an interesting option. Guymager quickly creates images and, at the same time, provides evidence of identical data structures.

Getting Guymager

Guymager is available from the repositories on Debian and Ubuntu and their derivatives. For openSUSE [2] and Fedora  [3], you can pick up the packages online. Additionally, a few Live distros like Deft or Kali Linux also contain the tool. For all other systems, your only option is to build from the source code, which you will find on the project web page along with detailed instructions.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Caine

    Caine is a Linux distribution based on Ubuntu 10.04 for forensic scientists and security-conscious administrators. Poised to do battle against IT ne’er-do-wells, Caine has a comprehensive selection of software, a user-friendly GUI, and responsive support.

    more »
  • ATA over Ethernet

    We'll show you how to build a network-based virtual RAID solution using ATA over Ethernet.

    more »
  • Clonezilla SE

    Managing a network of computers can be an involved process. Clonezilla SE lets you image and roll out multiple machines with ease.

    more »
  • BackTrack and Sleuth Kit

    Once you determine a system has been attacked, boot to the BackTrack Live forensics distro and start your investigation with Sleuth Kit.

    more »
  • OCFA

    Automate the forensics process with the Dutch police department's Open Computer Forensics Architecture.

    more »
comments powered by Disqus