Guymager is another standalone acquisition tool that can be used for creating forensic images and also performing disk cloning. Developed by Guy Voncken, Guymager is completely open source, has many of the same features of DC3DD, and is also only available for Linux-based hosts. While some investigators may prefer CLI tools, Guymager is a GUI tool and it is for beginners, so it may be preferred.

For this acquisition, I'll also use the very same 2 GB flash drive used in the DC3DD examples, at the end of which we can compare results. It's also important to remember to continue using your write-blocker when acquiring and creating forensic images of evidence and drives, in an effort to not write data to the drives or modify the original evidence files.

As previously done in the DC3DD acquisition, we should first ensure that we are familiar with the devices attached to our machine, using the fdisk -l or sudo fdisk -l command.