Wiebetech Cd/dvd imager cdi-1 User manual

CD/DVD Imager User Manual - 1 -

CD/DVD Imager™

USER’S MANUAL

Revised February 20, 2007

Meet WiebeTech’s CD/DVD Imager

You’ve earned your warrant and entered the premises intent

on capturing data as quickly and efficiently as possible, only

to come face to face with a pile of CDs and DVDs which

need to be quickly backed up for later analysis. WiebeTech’s

CD/DVD Imager comes to your aid. It automatically images

and archives CDs and DVDs to hard disk, takes a picture of

each CD/DVD and stores it with the disc image.

With the WiebeTech CD/DVD Imager, investigations can be

performed more quickly, with greater evidence reliability, and

with less expense. Just load up the robot and let it fly. The

resulting disc images work easily with forensic software such

as EnCase, ILook or Forensic Toolkit.

Features

•Automatically image and archive CDs and DVDs to external or network storage devices

•A photograph of the actual disc is taken and stored with the disc image

•Disc images are ready for addition to forensic applications such as EnCase, ILook or FTK

•MD5 hashes verify that the disc image is not altered during forensic analysis

•You can use the included disc imaging tools, or add your own Linux-based disc imaging tool of choice

Table of Contents

Before Installation 2

Hardware Setup 3

Overview of Forensic Optical Media Captures 5

Hash values 5

Live CD 6

Manual Software Setup 7

Software Setup under Fedora Core 4 7

Linux Primer 8

Operating the CD/DVD Imager 10

Focusing the camera 10

Sample Output 11

Accessing disc images on a Windows computer 12

Advanced Usage 12

FAQs (Frequently Asked Questions) 13

Safety Instructions 14

Glossary 15

Technical Specifications 16

WiebeTech LLC

CD/DVD Imager User Manual - 2 -

Before Installation

1. Check the accessories with your CD/DVD Imager. Please contact WiebeTech if any items are missing or

damaged. The box should contain:

WARNING: When removing the Imager

from the box, DO NOT LIFT OR HOLD

IT BY THE DISC ARM. Doing so may

permanently damage the delicate

mechanisms that move the arm.

CD/DVD Imager 1

Camera mounting arm and camera 1

USB cable 1

Power adapter & wall cord 1

Disc guide pillars 4

Manual and Warranty information (on CD)

Save the packing materials for future shipment use. Goods shipped without the original packaging may not be well

protected during transport, and will void the product’s warranty.

2. Familiarize yourself with the parts of your CD/DVD Imager. This knowledge will be useful during hardware

setup.

Front View Rear View

1. Robotic Disc Arm

2. Status Indicator

3. Output Bin

4. CD/DVD Drive

5. Input Bin

1. Fan (see warning below)

2. USB Jack

3. AC Power Input

4. Power Switch

WARNING: Do not block the v

fan during operation. Overheating

damage the device.

entilation

may

WiebeTech LLC

CD/DVD Imager User Manual - 3 -

Hardware Setup

The CD/DVD Imager consists of a CD/DVD-ROM, a mechanical arm (which accesses the tray and

input/output hoppers) and a camera arm. The camera arm is mounted over the output tray and provides

pictures of each disc as they are captured.

1. Position the camera arm. This is demonstrated in the pictures below:

Raise the arm Push the base into the receptacle Secure it in place

2. Install the four guide pillars into the input bin.

NOTE: There are two different sets

of pillars, with a large or small

connector. Place the similar pillars

diagonally across from each other.

You can use different sizes of media by rotating the four pillars as shown in the images below:

WiebeTech LLC

CD/DVD Imager User Manual - 4 -

3. Attach the input hopper tray. Use the pictures below as a guide.

WARNING: Operating the robot with the input tray

improperly attached may result in damage to the robot.

Before turning on the power, make sure that you have

fully seated the input bin onto the CD/DVD Imager.

4. Attach the USB cables from the robot and camera arm to the forensic workstation. The B-male end

connects to the robot. The camera arm already has the USB cable attached. Both A-male ends connect

to the computer.

USB AC

ada

5. Connect power. Connect the AC adapter to the CD/DVD Imager as shown in

the picture above. Connect the wall cord to the AC adapter as shown to the right.

Ada

Wall Cord

Plug the wall cord into a grounded electrical outlet.

NOTE: Turning on power to the Imager

before booting into Linux may cause Linux

not to recognize the Imager. If this happens,

simply cycle the Imager’s power.

WiebeTech LLC

CD/DVD Imager User Manual - 5 -

Forensic Optical Media Captures

Unlike hard drives, images created from optical discs may vary in minor ways each time the image is

taken—even when the same disc and same optical drive are used. This is caused by a variety of factors,

such as the presence of dust particles or scratches, and the use of error-catching algorithms that are less

robust that those used by hard disk controllers. Considering such factors, any forensic investigation

involving evidence on optical media should have the following goals.

Goal #1: To acquire disc image files that can be read and analyzed by forensic software tools

designed for that purpose. There are a number of such tools available (e.g. FTK, EnCase, etc). Note:

these tools are not included with CD/DVD Imager.

Goal #2: To be able to prove that the original data on the disc is not altered during copy. This can

be assured by the use of imaging software that is forensically trusted for this task. The open-source,

Linux-based imaging tools included with CD/DVD Imager are dd and cdrdao. Both of these are widely

trusted by the forensic community. However, you may also substitute your own Linux-based imaging tool

if you prefer. This may be necessary for some discs—no single imaging tool is likely to handle every disc

you encounter. Forensic investigators must often try several tools before successfully imaging unusual or

problematic discs. However dd and cdrdao will handle the vast majority of optical discs you are likely to

run across.

Goal #3: To be able to prove that the disc image file isn't altered after its initial creation. This is

done by creating a hash value of the image taken. By running another hash of the disc image after

forensically analyzing it, you can prove that the image was not altered during the investigation.

Goal #4: To be able to match the disc image with the physical evidence. CD/DVD Imager takes a

picture of each disc and stores it with the disc image. A hash value of the picture file is also generated so

an analyst can later prove that the picture has not been altered.

Hash Values (MD5, SHA-1)

When starting the imaging process, you will be able to choose the hash type used. You may select no

hashing, hashing with MD5 (selected by default), or hashing with SHA-1. The software will automatically

hash both the disc image created as well as the photograph of the disc. MD5 (A 128-bit hash value) is

well established and widely trusted, and SHA-1 (160-bit) is becoming more trusted by the forensic

community. Because the goal here is not encryption but verification that the disc image is not

subsequently altered (without detection), either hash type should be fine. Some forensic departments

may have specific rules regarding hash types; thus, both are selectable.

NOTE: It is good forensic practice to print a copy of the hash

output file after a capture session and keep this (forensically

marked) copy in a separate, safe location. In this way the analyst

can later prove that there were no alterations to the images after

the images were acquired. (If someone gains access to the hash

logs, they could alter both the file and the hash log. Thus, a p

copy further strengthens the forensic chain of evidence.) aper

WiebeTech LLC

CD/DVD Imager User Manual - 6 -

Software Setup

Starting with Live CD

The simplest way to get started is to use the included Live CD. This CD contains the complete Linux

environment required for operation, as well as the software applications you will need. Just put the CD

into your computer and reboot. You may need to change the computer’s BIOS settings related to boot

order. Make sure your computer’s CD or DVD drive is listed as the first boot device. Wait until after the

computer is booted before turning on the CD/DVD Imager. Otherwise, the OS might have difficulty

finding the device.

1. Choose Display Mode

At the first prompt, you can choose the display mode. The default is text mode. If you press Enter, or

wait for 30 seconds, the OS will launch as a text-only environment. Alternatively, you may press F1 and

then type the following command to launch in a mode that supports graphics as well as text:

linux vga=xxx (“xxx” indicates the resolution type as shown in the list above the prompt. For

example, 788 = 800 x 600 x 16 resolution)

Using this command will launch the OS in a VGA mode, which will allow you to view the camera feed,

adjust the camera’s focus, and view pictures taken by the camera. All other functions of CD/DVD Imager

operation can be performed in text-only mode. Note: if the graphics card in your computer is not

supported by the video drivers on the Live CD, you will not be able to use a VGA mode. Instead, you can

either use text mode, or manually install the Linux environment and software applications.

2. Set Time Zone

Setting this correctly will ensure that any time stamps are accurate. The default is GMT (Greenwich

Mean Time), so most users will need to change this setting. Next, you will be asked whether you’re

actually using the local time for your zone, or using GMT. Most users will select local time—only a few

international agencies are likely to use GMT.

3. Set Locale

This may affect the language used for system messages. English-speaking users can either choose their

specific location from the list, or just press Enter to continue.

4. A confirmation screen will appear. Press Enter to continue.

5. When you are ready to log in, press Enter one more time.

6. The “#” prompt will appear. You may now type Linux commands to navigate to your storage device

and start imaging discs. Note: you cannot start the imaging process until you have mounted a storage

volume and navigated to it.

For instructions on Linux navigation, see the section titled “A Brief Linux Primer”. For instructions on Imager

operation, see section titled “Operating the CD/DVD Imager”.

Manual Software Installation

If you choose to use the Live CD, you may not need to manually install any software. However, there are

certain situations which may preclude the use of the Live CD:

•Since Live CD comprises a self-contained Linux environment, it contains the drivers needed for

your computer’s hardware. If your computer contains hardware that is new or nonstandard, the

WiebeTech LLC

CD/DVD Imager User Manual - 7 -

drivers may not be on the Live CD. This could lead to an error or prevent the Live CD from

booting. A common example is a computer with a video card not supported by Live CD.

•Live CD includes two common disc imaging tools, dd and cdrdao. If you wish to use the robot

with a different imaging tool, you will need to manually install the software and edit the script that

guides the robot’s operation.

If you cannot use the Live CD, you will need to manually install the software before using the CD/DVD

Imager. First, make sure your computer is running a variety of the Linux operating system that is

supported.* If not, you will need to install the OS before proceeding. Next, download and install the

software files from the WiebeTech website. The specific instructions for this process will vary between

Linux distributions.

*Currently, only Fedora Core 4 is supported.

Fedora Core 4 Instructions

We recommend a full installation of Fedora Core 4. This will ensure that all files required by the CD/DVD

Imager applications are present in the system. NOTE: These instructions will not work for Fedora Core 5.

1. Launch a terminal window.

2. Before proceeding, it is a good idea to update the Fedora 4 kernel. This is very easy to do. While

on the internet, type the following command:

su -c 'yum update kernel'

YUM stands for Yellowdog Updater Modified. It will update your kernel automatically from official Fedora

mirrors.

3. Download and Install WT Capture™ RPM for Fedora. This is the main application for operating the

robot. Dependencies for WT Capture include libusb, cdrdao and coreutils. Typing the following command

will automatically download and install WT Capture:

su -c 'rpm -Uhv http://www.wiebetech.com/rpms/wtcapture-0.8.5-2.i386.rpm'

4. Download and Install cdrdao (from WiebeTech's mirror). This is one of the imaging tools used by

CD/DVD Imager by default. The Imager also uses dd, a tool already included with Fedora Core 4 and

most other major Linux distributions. Type the following command to download and install cdrdao:

su -c 'rpm -Uhv http://www.wiebetech.com/rpms/cdrdao-1.1.9-9.i386.rpm'

5. Download and Install the camera kernel video driver from source. The camera cannot operate

unless the driver is installed. Use the following commands to download and install it.

wget http://www.wiebetech.com/rpms/spca5xx-20060501.tar.gz

tar zxf spca5xx-20060501.tar.gz

cd spca5xx-20060501

su -c make

su -c 'make install'

6. Download and Install spcaview (from WiebeTech's mirror). This is needed if you want to view live

camera feed and adjust the camera’s focus.

su -c 'rpm -Uhv http://www.wiebetech.com/rpms/spcaview-20051212-2.rhfc4.lcg.i386.rpm'

WiebeTech LLC

CD/DVD Imager User Manual - 8 -

A Brief Linux Primer

Operation of the robot will require usage of basic Linux commands. If you are not an experienced Linux

user, here is a description of a few of the commands you may need:

Navigating through the file structure

ls or ls -l Shows the contents of the current directory.

pwd Shows the path of the directory you are in.

cd [path] Moves you to a different directory. Example: cd /mnt/sda1

Using storage devices

No matter what type of storage you are using, you must create a new temporary directory, and then

mount the device partition to the new directory. Navigate into this directory before starting the imaging

process.

Using an external (detachable) storage device, or the computer’s internal hard drive

fdisk -l Displays a list of volumes available for storing data. The output looks something like this:

Disk

/dev/[disk device] : [capacity]

Device

/dev/[partition device]

Example:

Disk

/dev/sda: 100,000,000 bytes

Device

/dev/sda1

Disk device names usually start with “sd”, and end with the partition number. Some

internal disk drives may start with “hd”. If only the Disk heading appears, but not the

Device heading, this indicates that the disk is not partitioned. You will need to partition the

device and then format the partitions before you can use it. The next two commands are

used for this procedure.

fdisk [disk device] Creates a new partition on a disk device. This is the first step in the

formatting process.

Example: fdisk /dev/sda

mke2fs[partition] Formats a partition. This is the final step in the formatting process.

Example: mke2fs /dev/sda1

At the prompts which follow this command, enter the following choices:

n(chooses creation of a New partition)

p(makes the new partition a Primary one)

1 (start with the 1st cylinder)

[Enter] (to continue)

w (Write the partition table and exit)

mkdir [name] Creates a new directory. You must mount a partition to an empty directory

before using it. Example: mkdir /mnt/folder

WiebeTech LLC

CD/DVD Imager User Manual - 9 -

mount [partition] [path] Mounts a partition device into a directory. External storage must be

mounted before it can be used to store new data.

Example: mount /dev/sda1 /mnt/folder

Using network storage

mkdir [name] Creates a new directory. You must mount a partition

to an empty directory before using it.

Example: mkdir /mnt/folder

mount –t smbfs [share] [target path] Mounts a network directory for use as storage.

Example: mount –t smbfs //server/share /mnt/folder

Depending on how the network share is set up, you may also need to specify a user name. In this case,

use the following command:

mount –t smbfs -o username=[username] [share] [target path]

For viewing a picture

fbi [file] Stands for Frame Buffer Image. When using Live CD, this command displays a graphics

file. Note: you must be in a VGA mode to view graphics.

Shutting down the system

shutdown –h now Closes open applications and then shuts down the computer.

shutdown –r now Closes open applications and then restarts the computer.

WiebeTech LLC

CD/DVD Imager User Manual - 10 -

Operating the CD/DVD Imager

Before proceeding, make sure you have properly assembled the CD/DVD Imager and installed the

necessary software according to the instructions in the previous sections.

1. Open a terminal session (or boot up Live CD).

2. Navigate to the directory in which you wish to store the disc images. The images will be stored

in whatever directory you are in when you launch the acquisition process. If using Live CD, you will be in

the /root directory after logging in. Images cannot be stored there, so you must create a new directory,

mount your storage medium to that directory, and then navigate into it. The previous section contains

descriptions of the commands you will need to use.

You can either use network storage, storage inside your computer, or a direct-attached external storage

device. Unless you are using network storage, the storage device must be formatted in a Linux-

compatible disk format.

NOTE: Due to Microsoft licensing, NTFS is not writable by

Linux. Moreover, FAT32 has a file size limit of 2GB. The

CD/DVD Imager’s Linux tools must use a file system that

doesn't have these limitations, thus EXT3 file system is an

obvious choice. There are both free and commercial tools to

mount a drive with EXT3 file system on Windows or Mac OS.

3. Turn on the power to the CD/DVD Imager. Turning on power before loading the Linux environment

might cause the OS to not detect the Imager.

4. Calibrate the camera (if desired).

a) The command spcaview -l opens a window showing live feed from the camera.

b) Make sure the arm is properly centered (aimed) at the output hopper. The entire output hopper

should be visible in the calibration window. If it's not, be sure that there is nothing obstructing the

Camera Arm from standing vertically.

c) Place a disc in the output hopper to verify the camera is in focus. If it is not, the

camera's focus is found at the lens. Turn it clockwise or counter-clockwise until

the disc is in focus.

d) Once the camera is focused, type qto close the camera calibration window.

5. Load the CD/DVD Imager’s input bin with up to 25 discs and make sure the output tray is

empty.

6. Launch WT Capture™. This is WiebeTech's script program that controls the robot, takes

photographs, and calls the Linux commands that will be used to create disc images of seized CDs/DVDs

which need to be forensically examined. To start the program, first make sure you are in the directory

where you wish to save your capture session, and then type the following command:

su -c wtcapture

7. Choose a session name. The default name is year/month/day/time (YYYY MM DD TTTT). This

session name will be the name of the folder created by WT Capture for storing the disc images.

8. Choose a hash type. Type "none", "MD5", or "SHA-1". MD5 is the default.

Table of contents

Popular Digital Imaging Accessories manuals by other brands

Pretron Technologies

Pretron Technologies VT-666 user manual

Sony

Sony PCK-LM12 Specifications

Sony

Sony HVL-IRC operating instructions

MRMC

MRMC Pan Bars quick start guide

MIOPS

MIOPS Capsule360 user manual

Sony

Sony LCS-TWM Specifications

MRMC

MRMC MRMC-1512-00 quick start guide

Rollei

Rollei Lumen Ring manual

Sony

Sony SPK-HCH operating instructions

Sony

Sony LCS-BBG Specifications

Barco

Barco ScreenShaper VMS-100 Installation and operator's manual

Sony

Sony ACC-CSFG operating instructions

Pretron

Pretron VT-333 user manual

Sony

Sony FDA-SV1 operating instructions

Veho

Veho VFS-004 deluxe user manual

Sony

Sony SPK-HCG operating instructions

Kodak

Kodak dryview 8300 Service manual

Zacuto

Zacuto GH5 Cage quick start guide

WiebeTech CD/DVD Imager CDI-1 User manual

Popular Digital Imaging Accessories manuals by other brands