Take a photo of the media

Open

• Use gvucview

Open

• Images placed in  /home/bcadmin

Use Read-only mounting and Writeblocker when possible

Use Guymanger to image

You can do multiple disks at once

• DVD drives are named TEAC DV_W28S-B

• Use Linux raw dd image

• Split image files over 2046 MiB

• Use a consistent or descriptive filename

• Only md5 checksums are necessary

• Verifying the image is a good idea

Guymanger docs

Try to mount the disk

Eject the disk first to avoid confusion and mounting the actual disk!

• The image should have a .dd or .000 extention

• Right click and select "Disk Image Mount" under "Scripts"

• Use the folder/explorer to see what mount you are viewing

If the image doesn't mount, use disktype to detect image format

1. Open a Terminal (CTRL + ALT + T)

2. Navigate to a disk image with:

   • cd to change directory: cd Desktop/myfolder

   • ls to list files and directories: ls

3. Run disktype

   • disktype myimage.dd 

4. View output:

The filesystem type for this image is FAT16

Then run Brunnhilde GUI

In Applications/Forensics and Reports

If there are PII concerns run BulkReviewer

Documentation

If there are virus concerns, run Clamtk

Ingest the Image or the files

• Make a folder in Library/SPE_Processing/ingest with the collection ID

• Ingest with the Processing app using the collection ID