CD/DVD Imager™ USER’S MANUAL Revised February 20, 2007

Meet WiebeTech’s CD/DVD Imager You’ve earned your warrant and entered the premises intent on capturing data as quickly and efficiently as possible, only to come face to face with a pile of CDs and which need to be quickly backed up for later analysis. WiebeTech’s CD/DVD Imager comes to your aid. It automatically images and archives CDs and DVDs to hard disk, takes a picture of each CD/DVD and stores it with the disc image.

With the WiebeTech CD/DVD Imager, investigations can be performed more quickly, with greater evidence reliability, and with less expense. Just load up the robot and let it fly. The resulting disc images work easily with forensic software such as EnCase, ILook or Forensic Toolkit.

Features

• Automatically image and archive CDs and DVDs to external or network storage devices • A photograph of the actual disc is taken and stored with the disc image • Disc images are ready for addition to forensic applications such as EnCase, ILook or FTK • MD5 hashes verify that the disc image is not altered during forensic analysis • You can use the included disc imaging tools, or add your own -based disc imaging tool of choice

Table of Contents

Before Installation 2 Hardware Setup 3 Overview of Forensic Optical Media Captures 5 Hash values 5 Live CD 6 Manual Software Setup 7 Software Setup under Fedora Core 4 7 Linux Primer 8 Operating the CD/DVD Imager 10 Focusing the camera 10 Sample Output 11 Accessing disc images on a Windows computer 12 Advanced Usage 12 FAQs (Frequently Asked Questions) 13 Safety Instructions 14 Glossary 15 Technical Specifications 16

CD/DVD Imager User Manual - 1 -

WiebeTech LLC

Before Installation

1. Check the accessories with your CD/DVD Imager. Please contact WiebeTech if any items are missing or damaged. The box should contain:

CD/DVD Imager 1 WARNING: When removing the Imager

Camera mounting arm and camera 1 from the box, DO NOT LIFT OR HOLD IT BY THE DISC ARM. Doing so may USB cable 1 permanently damage the delicate mechanisms that move the arm. Power adapter & wall cord 1

Disc guide pillars 4 Manual and Warranty information (on CD)

Save the packing materials for future shipment use. Goods shipped without the original packaging may not be well protected during transport, and will void the product’s warranty.

2. Familiarize yourself with the parts of your CD/DVD Imager. This knowledge will be useful during hardware setup.

Front View Rear View

1. Robotic Disc Arm 1. Fan (see warning below) 2. Status Indicator 2. USB Jack 3. Output Bin 3. AC Power Input 4. CD/DVD Drive 4. Power Switch 5. Input Bin

WARNING: Do not block the ventilation fan during operation. Overheating may damage the device.

CD/DVD Imager User Manual - 2 -

WiebeTech LLC

Hardware Setup

The CD/DVD Imager consists of a CD/DVD-ROM, a mechanical arm (which accesses the tray and input/output hoppers) and a camera arm. The camera arm is mounted over the output tray and provides pictures of each disc as they are captured.

1. Position the camera arm. This is demonstrated in the pictures below:

Raise the arm Push the base into the receptacle Secure it in place

2. Install the four guide pillars into the input bin.

NOTE: There are two different sets of pillars, with a large or small connector. Place the similar pillars diagonally across from each other.

You can use different sizes of media by rotating the four pillars as shown in the images below:

CD/DVD Imager User Manual - 3 -

WiebeTech LLC

3. Attach the input hopper tray. Use the pictures below as a guide.

WARNING: Operating the robot with the input tray

improperly attached may result in damage to the robot. Before turning on the power, make sure that you have fully seated the input bin onto the CD/DVD Imager.

4. Attach the USB cables from the robot and camera arm to the forensic workstation. The B-male end connects to the robot. The camera arm already has the USB cable attached. Both A-male ends connect to the computer.

USB AC adapter

5. Connect power. Connect the AC adapter to the CD/DVD Imager as shown in the picture above. Connect the wall cord to the AC adapter as shown to the right. Plug the wall cord into a grounded electrical outlet. AC Adapter NOTE: Turning on power to the Imager before booting into Linux may cause Linux not to recognize the Imager. If this happens, Wall Cord simply cycle the Imager’s power.

CD/DVD Imager User Manual - 4 -

WiebeTech LLC

Forensic Optical Media Captures

Unlike hard drives, images created from optical discs may vary in minor ways each time the image is taken—even when the same disc and same optical drive are used. This is caused by a variety of factors, such as the presence of dust particles or scratches, and the use of error-catching algorithms that are less robust that those used by hard disk controllers. Considering such factors, any forensic investigation involving evidence on optical media should have the following goals.

Goal #1: To acquire disc image files that can be read and analyzed by forensic software tools designed for that purpose. There are a number of such tools available (e.g. FTK, EnCase, etc). Note: these tools are not included with CD/DVD Imager.

Goal #2: To be able to prove that the original data on the disc is not altered during copy. This can be assured by the use of imaging software that is forensically trusted for this task. The open-source, Linux-based imaging tools included with CD/DVD Imager are and cdrdao. Both of these are widely trusted by the forensic community. However, you may also substitute your own Linux-based imaging tool if you prefer. This may be necessary for some discs—no single imaging tool is likely to handle every disc you encounter. Forensic investigators must often try several tools before successfully imaging unusual or problematic discs. However dd and cdrdao will handle the vast majority of optical discs you are likely to run across.

Goal #3: To be able to prove that the disc image file isn't altered after its initial creation. This is done by creating a hash value of the image taken. By running another hash of the disc image after forensically analyzing it, you can prove that the image was not altered during the investigation.

Goal #4: To be able to match the disc image with the physical evidence. CD/DVD Imager takes a picture of each disc and stores it with the disc image. A hash value of the picture file is also generated so an analyst can later prove that the picture has not been altered.

Hash Values (MD5, SHA-1) When starting the imaging process, you will be able to choose the hash type used. You may select no hashing, hashing with MD5 (selected by default), or hashing with SHA-1. The software will automatically hash both the disc image created as well as the photograph of the disc. MD5 (A 128-bit hash value) is well established and widely trusted, and SHA-1 (160-bit) is becoming more trusted by the forensic community. Because the goal here is not encryption but verification that the disc image is not subsequently altered (without detection), either hash type should be fine. Some forensic departments may have specific rules regarding hash types; thus, both are selectable.

NOTE: It is good forensic practice to print a copy of the hash output file after a capture session and keep this (forensically marked) copy in a separate, safe location. In this way the analyst can later prove that there were no alterations to the images after the images were acquired. (If someone gains access to the hash logs, they could alter both the file and the hash log. Thus, a paper copy further strengthens the forensic chain of evidence.)

CD/DVD Imager User Manual - 5 -

WiebeTech LLC

Software Setup

Starting with Live CD

The simplest way to get started is to use the included Live CD. This CD contains the complete Linux environment required for operation, as well as the software applications you will need. Just put the CD into your computer and reboot. You may need to change the computer’s BIOS settings related to boot order. Make sure your computer’s CD or DVD drive is listed as the first boot device. Wait until after the computer is booted before turning on the CD/DVD Imager. Otherwise, the OS might have difficulty finding the device.

1. Choose Display Mode At the first prompt, you can choose the display mode. The default is text mode. If you press Enter, or wait for 30 seconds, the OS will launch as a text-only environment. Alternatively, you may press F1 and then type the following command to launch in a mode that supports graphics as well as text:

linux vga=xxx (“xxx” indicates the resolution type as shown in the list above the prompt. For example, 788 = 800 x 600 x 16 resolution)

Using this command will launch the OS in a VGA mode, which will allow you to view the camera feed, adjust the camera’s focus, and view pictures taken by the camera. All other functions of CD/DVD Imager operation can be performed in text-only mode. Note: if the graphics card in your computer is not supported by the video drivers on the Live CD, you will not be able to use a VGA mode. Instead, you can either use text mode, or manually install the Linux environment and software applications.

2. Set Time Zone Setting this correctly will ensure that any time stamps are accurate. The default is GMT (Greenwich Mean Time), so most users will need to change this setting. Next, you will be asked whether you’re actually using the local time for your zone, or using GMT. Most users will select local time—only a few international agencies are likely to use GMT.

3. Set Locale This may affect the language used for system messages. English-speaking users can either choose their specific location from the list, or just press Enter to continue.

4. A confirmation screen will appear. Press Enter to continue.

5. When you are ready to log in, press Enter one more time.

6. The “#” prompt will appear. You may now type Linux commands to navigate to your storage device and start imaging discs. Note: you cannot start the imaging process until you have mounted a storage volume and navigated to it.

For instructions on Linux navigation, see the section titled “A Brief Linux Primer”. For instructions on Imager operation, see section titled “Operating the CD/DVD Imager”.

Manual Software Installation

If you choose to use the Live CD, you may not need to manually install any software. However, there are certain situations which may preclude the use of the Live CD: • Since Live CD comprises a self-contained Linux environment, it contains the drivers needed for your computer’s hardware. If your computer contains hardware that is new or nonstandard, the CD/DVD Imager User Manual - 6 -

WiebeTech LLC

drivers may not be on the Live CD. This could lead to an error or prevent the Live CD from booting. A common example is a computer with a video card not supported by Live CD. • Live CD includes two common disc imaging tools, dd and cdrdao. If you wish to use the robot with a different imaging tool, you will need to manually install the software and edit the script that guides the robot’s operation.

If you cannot use the Live CD, you will need to manually install the software before using the CD/DVD Imager. First, make sure your computer is running a variety of the Linux operating system that is supported.* If not, you will need to install the OS before proceeding. Next, download and install the software files from the WiebeTech website. The specific instructions for this process will vary between Linux distributions.

*Currently, only Fedora Core 4 is supported.

Fedora Core 4 Instructions We recommend a full installation of Fedora Core 4. This will ensure that all files required by the CD/DVD Imager applications are present in the system. NOTE: These instructions will not work for Fedora Core 5.

1. Launch a terminal window.

2. Before proceeding, it is a good idea to update the Fedora 4 kernel. This is very easy to do. While on the internet, type the following command:

su -c 'yum update kernel'

YUM stands for Yellowdog Updater Modified. It will update your kernel automatically from official Fedora mirrors.

3. Download and Install WT Capture™ RPM for Fedora. This is the main application for operating the robot. Dependencies for WT Capture include libusb, cdrdao and coreutils. Typing the following command will automatically download and install WT Capture:

su -c 'rpm -Uhv http://www.wiebetech.com/rpms/wtcapture-0.8.5-2.i386.rpm'

4. Download and Install cdrdao (from WiebeTech's mirror). This is one of the imaging tools used by CD/DVD Imager by default. The Imager also uses dd, a tool already included with Fedora Core 4 and most other major Linux distributions. Type the following command to download and install cdrdao:

su -c 'rpm -Uhv http://www.wiebetech.com/rpms/cdrdao-1.1.9-9.i386.rpm'

5. Download and Install the camera kernel video driver from source. The camera cannot operate unless the driver is installed. Use the following commands to download and install it.

wget http://www.wiebetech.com/rpms/spca5xx-20060501.tar.gz tar zxf spca5xx-20060501.tar.gz cd spca5xx-20060501 su -c make su -c 'make install'

6. Download and Install spcaview (from WiebeTech's mirror). This is needed if you want to view live camera feed and adjust the camera’s focus.

su -c 'rpm -Uhv http://www.wiebetech.com/rpms/spcaview-20051212-2.rhfc4.lcg.i386.rpm'

CD/DVD Imager User Manual - 7 -

WiebeTech LLC

A Brief Linux Primer

Operation of the robot will require usage of basic Linux commands. If you are not an experienced Linux user, here is a description of a few of the commands you may need:

Navigating through the file structure ls or ls -l Shows the contents of the current directory.

pwd Shows the path of the directory you are in.

cd [path] Moves you to a different directory. Example: cd /mnt/sda1

Using storage devices No matter what type of storage you are using, you must create a new temporary directory, and then mount the device partition to the new directory. Navigate into this directory before starting the imaging process.

Using an external (detachable) storage device, or the computer’s internal hard drive fdisk -l Displays a list of volumes available for storing data. The output looks something like this: Disk /dev/[disk device] : [capacity] Device /dev/[partition device]

Example: Disk /dev/sda: 100,000,000 bytes Device /dev/sda1

Disk device names usually start with “sd”, and end with the partition number. Some internal disk drives may start with “hd”. If only the Disk heading appears, but not the Device heading, this indicates that the disk is not partitioned. You will need to partition the device and then format the partitions before you can use it. The next two commands are used for this procedure.

fdisk [disk device] Creates a new partition on a disk device. This is the first step in the formatting process. Example: fdisk /dev/sda

mke2fs [partition] Formats a partition. This is the final step in the formatting process. Example: mke2fs /dev/sda1 At the prompts which follow this command, enter the following choices: n (chooses creation of a New partition) p (makes the new partition a Primary one) 1 (start with the 1st cylinder) [Enter] (to continue) w (Write the partition table and exit)

mkdir [name] Creates a new directory. You must mount a partition to an empty directory before using it. Example: mkdir /mnt/folder

CD/DVD Imager User Manual - 8 -

WiebeTech LLC

mount [partition] [path] Mounts a partition device into a directory. External storage must be mounted before it can be used to store new data. Example: mount /dev/sda1 /mnt/folder

Using network storage mkdir [name] Creates a new directory. You must mount a partition to an empty directory before using it. Example: mkdir /mnt/folder

mount –t smbfs [share] [target path] Mounts a network directory for use as storage. Example: mount –t smbfs //server/share /mnt/folder

Depending on how the network share is set up, you may also need to specify a user name. In this case, use the following command: mount –t smbfs -o username=[username] [share] [target path]

For viewing a picture fbi [file] Stands for Frame Buffer Image. When using Live CD, this command displays a graphics file. Note: you must be in a VGA mode to view graphics.

Shutting down the system shutdown –h now Closes open applications and then shuts down the computer.

shutdown –r now Closes open applications and then restarts the computer.

CD/DVD Imager User Manual - 9 -

WiebeTech LLC

Operating the CD/DVD Imager

Before proceeding, make sure you have properly assembled the CD/DVD Imager and installed the necessary software according to the instructions in the previous sections.

1. Open a terminal session (or boot up Live CD).

2. Navigate to the directory in which you wish to store the disc images. The images will be stored in whatever directory you are in when you launch the acquisition process. If using Live CD, you will be in the /root directory after logging in. Images cannot be stored there, so you must create a new directory, mount your storage medium to that directory, and then navigate into it. The previous section contains descriptions of the commands you will need to use.

You can either use network storage, storage inside your computer, or a direct-attached external storage device. Unless you are using network storage, the storage device must be formatted in a Linux- compatible disk format.

NOTE: Due to Microsoft licensing, NTFS is not writable by Linux. Moreover, FAT32 has a file size limit of 2GB. The CD/DVD Imager’s Linux tools must use a that doesn't have these limitations, thus EXT3 file system is an obvious choice. There are both free and commercial tools to mount a drive with EXT3 file system on Windows or Mac OS.

3. Turn on the power to the CD/DVD Imager. Turning on power before loading the Linux environment might cause the OS to not detect the Imager.

4. Calibrate the camera (if desired). a) The command spcaview -l opens a window showing live feed from the camera. b) Make sure the arm is properly centered (aimed) at the output hopper. The entire output hopper should be visible in the calibration window. If it's not, be sure that there is nothing obstructing the Camera Arm from standing vertically. c) Place a disc in the output hopper to verify the camera is in focus. If it is not, the camera's focus is found at the lens. Turn it clockwise or counter-clockwise until the disc is in focus. d) Once the camera is focused, type q to close the camera calibration window.

5. Load the CD/DVD Imager’s input bin with up to 25 discs and make sure the output tray is empty.

6. Launch WT Capture™. This is WiebeTech's script program that controls the robot, takes photographs, and calls the Linux commands that will be used to create disc images of seized CDs/DVDs which need to be forensically examined. To start the program, first make sure you are in the directory where you wish to save your capture session, and then type the following command:

su -c wtcapture

7. Choose a session name. The default name is year/month/day/time (YYYY MM DD TTTT). This session name will be the name of the folder created by WT Capture for storing the disc images.

8. Choose a hash type. Type "none", "MD5", or "SHA-1". MD5 is the default.

CD/DVD Imager User Manual - 10 -

WiebeTech LLC

9. Press [Enter] to launch the program. When the input tray is empty it will prompt you to end the session or add more discs (if inserting more discs, be sure to clear the output tray!). When finished, the program will report the location of your log files in your session folder.

NOTE: Be sure that appropriate lighting for the camera is maintained throughout the capture session.

Location of Disc Images The files created by WT Capture are stored in a folder located in the directory you were in when the program was launched. The name of the folder is the session name that was entered (default is year/month/day/time). Enumerated folders (1, 2, 3, etc.) can be found in this folder – one for each disc captured. These enumerated folders contain all files specific to that disc (such as the disc image and photograph). Here is an example of the file structure:

(session name) 1 DiscImage1.img (disc image file) DiscHash1.txt (contains hash value for disc image) DiscPhoto1.jpg (picture of the CD) DiscPhotoHash1.txt (contains hash value for the picture) 2 DiscImage2.img DiscHash2.txt DiscPhoto2.jpg DiscPhotoHash2.txt Master Log (record of all activity; master hash value)

Logging Disc Errors All activity is captured to a master log file. In the event of disc errors, they will be noted in this file. The file also contains all hashing information. The location of this file will be noted at the end of a session.

Sample of WT Capture:

[username@localhost ~]$ su -c wtcapture Password: ****** ------WT Capture v0.8.5 - WiebeTech Disc Image Capture Utility Software. Copyright (C) 2006 WiebeTech LLC. All Rights Reserved. (BUILT: Jul 20 2006) ------Enter session name [default: 2006_07_20_0322]: Enter hash type (none, md5, sha1) [default: md5]: STATUS: Using session name: 2006_07_20_0322 STATUS: Using hash type: MD5 STATUS: Initializing robot... (one moment please) STATUS: Clearing input tray... STATUS: Getting disk... ------STATUS: Processing Disc ID: 1 STATUS: Saving Files into Directory: 2006_07_20_0322/1/

STATUS: Acquiring disc image with 'dd'... 47200+0 records in 47200+0 records out

STATUS: Recording MD5 disc hash... 837bf40150bf54fa387dd0c717ed0aad 2006_07_20_0322/1/DiscImage1.img STATUS: Archive complete in 32 seconds. CD/DVD Imager User Manual - 11 -

WiebeTech LLC

STATUS: Taking photo... STATUS: Disc finished (65 seconds). STATUS: Getting disk... No input disks found ------To continue, clear the output hopper and insert more target discs in the input hopper Enter C to continue, Q to quit: q Exiting: 1 disk(s) archived

Logfiles are available at 2006_07_20_0322/

Accessing Disc Images on a Windows computer EXT3 is a great Linux disk format to use with CD/DVD Imager. It’s fast and doesn’t have the 2GB file size limit that FAT32 has. However, if you wish to analyze the acquired images using a Windows-based forensic application, you’ll need a way to move the files to a compatible drive partition. Windows cannot normally read partitions formatted EXT3. There are several possible solutions: 1. The simplest solution is to store the images on an NTFS formatted Windows network instead of an EXT3 partition. Although Linux cannot access NTFS partitions directly, you can mount Windows shares using smbfs. This “translates” the data from one protocol to another. See the section titled “A Brief Linux Primer” for commands to do this. 2. If you are only imaging optical discs smaller than 2GB in size, FAT32 will work fine. FAT32 is a cross-platform format usable by Linux, Windows, and Mac OS. 3. You can also use a 3rd party software utility to mount an EXT3 partition in Windows. There are both free and commercial tools available for this purpose. WiebeTech does not recommend a particular tool, but one example is Explore2fs.

Advanced Usage

Linux-based imaging software is used by WT Capture for capturing images of optical discs. By default, WT Capture uses two open-source applications: cdrdao and dd.

cdrdao and dd Many forensic investigators use dd. It a great tool for hard drives, but it is limited when it comes to archiving optical discs. If WT Capture encounters a disc of a type beyond the limitations of dd (such as multi session discs), it will use cdrdao instead. However, an investigator may choose to use these or any other Linux command line utility for capture or copy.

Calling programs other than dd and cdrdao: wtdimage.sh is a bash shell script which can be edited without recompiling the program. You can edit this script to add your own calls to other programs. The stock wtdimage.sh from WiebeTech calls dd and, on an error from dd, calls cdrdao. This combination will capture a majority of data discs. Someone experienced with Bash shell scripting will see that it gives examples on how to call the programs, detect errors, write to the log files, perform the hashing routine (and store these hash values). Any Linux command can be called within this script. This script can be found at /usr/libexec/wtdimage.sh

How to uninstall the application RPM In the event that you need to uninstall the WT Capture application, use the following command: su -c 'rpm -e wtcapture'

CD/DVD Imager User Manual - 12 -

WiebeTech LLC

FAQs (Frequently Asked Questions)

Q: I launched WT Capture, but after only one CD I got an “Output file write” error. What could cause this? A: Most likely, you launched the app while in the root directory. This would cause the app to attempt to store the session data in memory instead of on your storage device. Before launching WT Capture, you must create a temporary directory, mount compatible storage to that directory, and then move into the directory. See the section titled “A Brief Linux Primer” for the commands to do these things. Another possibility is that the storage device you selected does not have enough free space available to store all the images from the capture session.

Q: Why did the OS report a “couldn’t locate CD device” error? A: First, make sure the Imager has a valid USB connection to the computer. Second, make sure the AC power is plugged in and the Imager is getting power. Third, make sure the Imager’s power is turned on. Assuming none of these things caused the problem, you probably turned on the Imager’s power before booting into Linux. This sometimes causes Linux to not see the Imager. To correct this, simply turn off the Imager’s power and then turn it on again.

Q: I tried to boot to the Live CD, but the computer just boots to its own hard drive instead. Why? A: You need to change the boot order listed in the computer’s BIOS. Make sure it is set to boot to optical discs first (before hard drives).

Q: WT Capture works fine, but I can’t view the pictures or calibrate the camera. Why? A: You are probably running in text-only mode. When booting from the Live CD, you must specify a VGA mode at the very first prompt if you want graphics capability. (See the section titled “Starting with Live CD”.)

Q: When I tried to format my external drive, I got an error that said the disk had an “invalid table”. Then the prompt changed—now it’s displaying the word “command”. What do I do? A: You may get this error if the drive was previously part of a RAID or formatted in an unfamiliar drive format. At the “command” prompt, type w to write a new table to the drive. When it’s finished, the # prompt should once again be displayed. You can then format the drive.

Q: I launched spcaview so I could calibrate the camera. The live video feed is showing some sort of strobe-like effect. What’s wrong? A: A strobe/refresh effect is normal when using spcaview. It will not affect the quality of the photographs taken by the camera.

Q: I’m ready to turn off the Imager. How do I get the disc arm back to its original resting position? A: Cycling the Imager’s power will cause it to park the disc arm in its resting position.

Q: I captured images using WT Capture and everything seemed to be working great. I rebooted my system and went looking for the files I'd just captured, but the directory I created for them was not there! Where are all my image files and how do I get to them? A: If you followed the manual correctly, then all of your image files are on the hard drive you specified. The directory you created during setup was not a physical directory on the drive, but rather a virtual directory in which the drive was mounted temporarily. After rebooting you will need to re-create a directory and re-mount the hard drive into that directory before you can access your files.

CD/DVD Imager User Manual - 13 -

WiebeTech LLC

Safety Instructions

For your safety, basic precautions should always be followed to reduce the risk of damage, electric shock, fire, and personal injury, including:

• Read this manual carefully and follow all warnings and instructions. • Always unplug the power cord before trouble-shooting and maintenance. • Use only 3-wire extension cords that have 3-prong grounding plugs and 3-pole grounding receptacles that accept your device’s plug. Make sure the device is connected to a known ground. • Do not place in direct sunlight. Make sure the environment is free from any abrupt temperature or humidity changes. (See Technical Specifications for tolerances.) • Keep away from water, flammable material, gas, dust, dirt, smoke, and pollution. • Place this device on a steady, level surface. • Do not move this device when the power is on. Handle it with care, especially the fragile parts. • Store and use this device in an air-conditioned environment. Allow space for ventilation of clean, cool air. This device generates heat during the disc burning process. Overheating may lower the output quality, increase failure rate, and cause damage to the device. • Use a reliable power source with a correct voltage and ample current supply. Out-of-specification or unstable power may lower the device’s productivity, increase failure rate, and cause damage to the device. • Give this device a dedicated power outlet. Do not share an outlet with other devices. • Make sure the power cord is secured. Always turn off the power when connecting to the power cord or cable. • Do not attempt to disassemble this device. Take it to a qualified service technician when repair work is required. Un-authorized disassembly or repair will void any warranty. • Do not touch any moving parts to avoid injury or damage.

CD/DVD Imager User Manual - 14 -

WiebeTech LLC

Glossary

An open-source, Linux disc imaging tool included with CD/DVD Imager. Cdrdao and dd cdrdao are the default imaging tools used by CD/DVD Imager. A common disc imaging tool included with most Linux distributions. Cdrdao and dd are the dd default imaging tools used by CD/DVD Imager. Directory Equivalent to a “folder” in Windows. This is a container for files or more directories. A single large file which is an exact representation of the whole set of data and programs Disc Image as it will appear on a CD, in terms of both content and logical format. One of several file systems used by Linux operating system. It is the default file system for EXT3 the Red Hat, Fedora and Debian Linux distributions. Storage for digital data that can easily be attached to or removed from a computer. Such External Storage devices are often connected to a computer via FireWire or USB connections. File system used primarily by Windows 98 & ME, but can also be used by a few other FAT32 operating systems. Has a 2GB file size limit. This is one distribution of the Linux operating system. Linux is not made by a single company; it is an open-source operating system. Fedora and several other Fedora companies/organizations have packaged a particular variety of Linux under their own name. A long integer used as a "fingerprint" for a file, and can be used to detect changes in the file. With a good hash function, a change of a single bit in the file will cause the hash value to be very different. Typically a hash value is computed on the original file, and later the Hash Value hash value is computed again. If the hash values agree, the file is guaranteed, to a very, very high degree of certainty, to have not changed. Because of the unreliability of optical media, the hash value of a disc is likely to be different each time it is computed. Hashes are only useful when used with files taken from a disc, rather than the disc itself. This is an open source operating system; meaning the core code (or “kernel”) is freely distributed and modifiable. This core code is not written by a single company, but rather by Linux a community of volunteers working in collaboration. Several companies/organizations have compiled unique distributions of the core code by altering or adding features. This is the bootable CD included with CD/DVD Imager. It contains a complete Linux Live CD environment, so it can be used with computers that do not already use a Linux OS. A standard algorithm that takes as input a message of arbitrary length and produces as MD5 output a 128-bit fingerprint or message digest of the input. Any modifications made to the data can then be detected by recalculating the digest. This is a centralized data repository. Rather than residing on a local computer, the data is Network Storage stored on a server for access across a network. Native disk format for Windows NT, 2000, and XP. Due to Microsoft licensing, NTFS is not NTFS writable by Linux, and therefore cannot be used in conjunction with CD/DVD Imager. This indicates a type of software in which the programming code is freely distributed and Open Source modifiable by users. The core of the Linux operating system is open source. A path is the general form of a file or directory name, giving a file's name and its unique Path location in a file system. Paths point to their location using a string of characters signifying directories, separated by a delimiting character, most commonly the slash "/" character. SHA-1 A message digest algorithm producing a 160-bit hash value. Share A resource made available to others across a network. This is a software application that allows you to view graphics files such as the spcaview photographs stored with the disc images. This is WiebeTech's script program that controls the robot, takes photographs, and calls WT Capture the Linux commands that will be used to create disc images of seized CDs/DVDs which need to be forensically examined.

CD/DVD Imager User Manual - 15 -

WiebeTech LLC

Technical Specifications

Product Code CDI-1 Robot Interface: USB 2.0 Interface Camera Interface: USB 2.0 Data Speeds USB 2.0 (up to 480 Mbps) External Power Supply 100-240VAC (Auto Switching) 200 Watts The input and output hopper can hold 25 discs. Hoppers may be reloaded while the Disc Capacity unit is working for continuous workflow. Disc Compatibility Windows, Mac OS, and Linux optical discs Power Switch On / Off Operating System Linux Operating Temperature 50° – 85° F (10° – 30° C) Operating Humidity 5% - 85%, noncondensing Shipping Weight 3 pounds, including AC adapter Certification FCC, CE 1-year limited warranty. See warranty statement for details and limitations. We don’t want anything to go wrong with your WiebeTech product. But if it does, Warranty Tech Support is standing by and ready to help. We offer 90 days of free phone support at 1-866-744-8722. After 90 days, email support is available at [email protected].

CD/DVD Imager is a trademark of WiebeTech LLC. Other marks are the property of their respective owners.

© 2006 WiebeTech LLC. All rights reserved.

Patent Pending

FCC Compliance Statement: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of FCC regulations. This equipment generates, uses, and can radiate radio frequency energy. If this equipment is not installed and used according to the instructions, it may cause damage to radio communications. However, there is no guarantee that interference will not occur in a particular installation.

CD/DVD Imager

Tested to comply with FCC standards

FOR HOME OR OFFICE USE

If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to correct the interference by one or more of the following measures: - Reorient or relocate the receiving antenna. - Increase separation between equipment and receiver. - Connect equipment to an outlet on a circuit different from that to which the receiver is located. - Consult your dealer or an experienced radio/TV technician.

If you have any questions or problems, please contact [email protected] for technical support. If you are interested in purchasing more WiebeTech products, check our website or contact [email protected]. We appreciate being able to serve you!

CD/DVD Imager User Manual - 16 -