Menu item to select Acquire image

Forensic Imager

Brought to you by: gvoncken

#17 Menu item to select Acquire image

Status: open

Owner: nobody

Labels: None

Priority: medium

Updated: 2021-02-18

Created: 2021-02-17

Creator: Ole G. Gjelland

Private: No

Your software is brilliant for imaging computers by booting them from USB - my agency has been using it all the time for years. But there are som very rare cases with laptops where linux does not discover the touchpad. Normally there is an external mouse nearby, but not always when we're out in the field. I haven't found any way to get around this (the already listed devices cannot be added as special devices).

Discussion

guy - 2021-02-17

Many thanks for your kind words.
I just tried it myself and indeed - as stupid as it sounds - you can't acquire a device without a mouse! You're completely right, this must be fixed!
I found a solution that might work as a very last possibility. You need internet connection for it (I know, that's not allowed in many cases):

CTRL-ALT-T for getting a shell

sudo apt install xdotool

Move the mouse to correct position over the Guymager device line. Do it with xdotool mousemove 500 500 (you'll have to play a bit with the coordinates)

xdotool click 3
Looks like a silly challenge in a hacker CTF :-)

👍
1

Last edit: guy 2021-02-18
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

guy - 2021-02-18

I added keyboard support in my trunk. You'll be able to get the context menu by pressing Space or Enter. The complete sequence for starting an acquisition without pointing device would be:

Select device with arrow up/down keys

Press Space or Enter

Select the desired entry in the context menu ("Acquire image") by using the arrow up/down keys, then press Enter

Navigate through the acquisition dialog by using

TAB / SHIFT TAB for switching to next/prev element

Arrow keys for changing the selection of a radio button field

Space for opening drop down selections, toggling flags and pushing buttons

ESC for "Cancel" ; ENTER for "Start" (alternatively, navigate to these buttons with TAB and press Space)
Note: Most of the keyboard navigation functions are included by default in Qt.
Contact me via develop at faert point net if you'd like to get the updated version without waiting for a new release.

👍
1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ole G. Gjelland - 2021-02-18

Great, thanks!
Just getting past the device selection most forensic personell should be able to make their way with just the keyboard. For now I'm comfortable with the xdotool exercise, it was already included in my boot disk ISO image for more general purposes. I've put the tip itself to be displayed in a wrapper script that fires up guymager.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.