REM ****************************************************************************
REM  Project:        GUYMAGER
REM ****************************************************************************
REM  Programmer:     Guy Voncken
REM                  Police Grand-Ducale
REM                  Service de Police Judiciaire
REM                  Section Nouvelles Technologies
REM ****************************************************************************
REM  Main configuration file
REM ****************************************************************************

REM Copyright 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018
REM Guy Voncken
REM
REM This file is part of Guymager.
REM
REM Guymager is free software: you can redistribute it and/or modify
REM it under the terms of the GNU General Public License as published by
REM the Free Software Foundation, either version 2 of the License, or
REM (at your option) any later version.
REM
REM Guymager is distributed in the hope that it will be useful,
REM but WITHOUT ANY WARRANTY; without even the implied warranty of
REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
REM GNU General Public License for more details.
REM
REM You should have received a copy of the GNU General Public License
REM along with Guymager. If not, see <http://www.gnu.org/licenses/>.


REM ATTENTION
REM ---------
REM Do not edit this file; put all your changes into /etc/guymager/local.cfg instead!
REM See the notes at the end of this file.

SECTION GUYMAGER

REM How this configuration file works
REM ---------------------------------


REM Guymager user interface
REM -----------------------
REM
REM The parameter Language contains the language code (for example 'de', 'fr', 'en'). If Guymager doesn't
REM find the corresponding language file it switches to english instead. Contact the author of Guymager if
REM your language is missing. The language files are named guymager_xx.qm, where xx is the language code.
REM If you installed a Debian package, they can be found in directory /usr/share/guymager.
REM Set the parameter Language to AUTO in order to detect the language in use on your system automatically.
REM
REM CheckRootRights decides whether or not Guymager shows the user a warning dialog when starting it without
REM root rights.
REM
REM The StartupXxx parameters configure the position and size of the main guymager window at startup.
REM StartupSize can be set to one of the following:
REM    STANDARD                 Let the X-Window manager choose what it thinks is best
REM    MAXIMISED or MAXIMIZED   Maximum size
REM    FULLSCREEN               Maximum size and take away the title bar
REM    MANUAL                   Use the values specified for StartupSizeManualX, StartupSizeManualY,
REM                             StartupSizeManualDx and StartupSizeManualDy.
REM The final result always slightly depends on the X-Window manager in use. For instance, there might be
REM window managers that can't distinguish MAXIMISED and FULLSCREEN.
REM
REM The dialog that appears when chooosing the image destination path can be adjusted in a similar way by
REM of the parameters FileDialogSize, FileDialogSizeManualDx, FileDialogSizeManualDy. Unfortunately, this
REM only works when using the alternative file dialog, not the Qt file dialog (see UseFileDialogFromQt
REM below).
REM
REM NumberStyle influences the way how numbers are displayed in guymager. There 3 possible values:
REM    Locale        Use the value of the system LOCALE to determine the format (set the LANG environment
REM                  correctly).
REM    DecimalComma  The format would look like 78.234,56 (normal format)
REM    DecimalPoint  The format would look like 78,234.56 (unusual american format)
REM Remark: Using Locale, more differences are possible. Thus, with the environment variable LANG set to
REM fr_FR, the number would be displayed as 78 234,56 (space as thousands separator). Setting NumberStyle
REM to something else than Locale is not recommended (you may use it if you are too lazy to set up your
REM LANG variable correctly).
REM
REM ScreenRefreshInterval      [ms] Some screen fields (speed, remaining time, ...) are refreshed regularly.
REM                            ScreenRefreshInterval specifies how often this should occur.
REM
REM UseFileDialogFromQt        When set to Yes, guymager uses the standard Qt file/directory selection dialogs.
REM                            There once was a Qt version with a bug in its dialog and an alternative dialog
REM                            was quickly added to guymager. The bug should have gone by now and this
REM                            configuration parameter should be set to Yes (the Qt dialogs are better then
REM                            the alternative programmed by the author of guymager).
REM                            Adjusting the dialog size (see configuration parameters FileDialogSize,
REM                            FileDialogSizeManualDx and FileDialogSizeManualDy) only works with the
REM                            alternative dialog.
REM
REM WarnAboutImageSize         Check if image would fit uncompressed to the destination at the moment where
REM                            the acquisition is started. If not, show a warning.
REM
REM WarnAboutSegmentFileCount  Check if the number of segment files would exceed 14972 if the data was stored
REM                            uncompressed in EWF format. If yes, show a warning. Remark: The 14972th segment
REM                            would have the file extension ZZZ and thus, more than 14972 segments may lead to
REM                            problems as there is no clear standard for EWF file names.
REM
REM DeleteAbortedImageFiles    In case an acquisition/verification is aborted, Guymager opens a confirmation dialog
REM                            containing a checkbox for knowing what to do with the already created image files.
REM                            This configuration parameter allows to set the checkbox default:
REM                               Yes  - The checkbox is ticked (image files will be removed).
REM                               No   - The checkbox is not ticked (image files will be kept).
REM                               Auto - Guymager sets the tick if the acquisition was aborted while still running
REM                                      (i.e. the image was incomplete) and doesn't if aborted during verification.
REM
REM AutoExit                   This parameter controls the default setting of the menu point "Misc/Exit" after
REM                            all acquisitions have completed.
REM
REM AutoExitCountdown = 60     If the autoexit feature becomes active (i.e. the menu flag is set and the acquisitions
REM                            end), a popup appears with a countdown. AutoExitCountdown allows to set start value
REM                            of the countdown (in seconds).

Language='auto'
CheckRootRights=yes

StartupSize = MANUAL
StartupSizeManualX  = 130
StartupSizeManualY  = 250
StartupSizeManualDx = 1000
StartupSizeManualDy = 500

FileDialogSize = MANUAL
FileDialogSizeManualDx = 800
FileDialogSizeManualDy = 500

NumberStyle=Locale

ScreenRefreshInterval = 1500

UseFileDialogFromQt = Yes

WarnAboutImageSize        = Yes
WarnAboutSegmentFileCount = Yes
DeleteAbortedImageFiles   = Auto

AutoExit          = Off
AutoExitCountdown = 60

REM Table Fonts
REM The font configuration table allows choosing own fonts for different GUI elements of Guymager. The left
REM most column of the table below specifies the object. It may be one of the following:
REM    Menu                The main Guymager menus, its submenus as well as the table popup menu.
REM    Toolbar             The toolbar just below the menu bar.
REM    Table               The main Guymager table and the table shown in the clone dialog.
REM    InfoField           The information field in the lower part of the Guymager window.
REM    AcquisitionDialogs  The dialogs for normally acquiting and cloning devices.
REM    MessageDialogs      Other message dialogs.
REM    DialogData          Dialogs with data areas (such as the device info dialog) use this font for
REM                        their data area. A monospaced font should be used, for example 'Courier' or
REM                        'Ubuntu Mono'. All other parts of the dialog are using the font specified
REM                        under MessageDialogs.
REM The remaining table columns specify the font to use (Family, Size, Weight and Italic). Column 'Italic'
REM may contain YES or NO. Weight is a number between 0 and 100. The following weights are copied from
REM the Qt documentation:
REM    Light     25
REM    Normal    50
REM    DemiBold  63
REM    Bold      75
REM    Black     87
REM In order to use the default system font comment out the correspdong line or indicate an empty
REM family name.

TABLE Fonts None
   REM Object               Family           Size   Weight Italic
   REM --------------- --------------------------------------------
REM       Menu                'Arial'            8     75      no
REM       Toolbar             'Arial'            8     75      no
REM       Table               'Arial'            8     75      no
REM       InfoField           'Arial'            8     75      no
REM       AcquisitionDialogs  'Arial'            8     75      no
REM       MessageDialogs      'Arial'            8     75      no
REM       DialogData          'Courier'          8     50      no
ENDTABLE


REM Table Columns
REM This table controls the columns that are to be shown in the main Guymager table as well as in the clone
REM dialog. The table reflects the column order, i.e. the top most column in the configuration table is shown
REM as the first one left in the GUI. Columns may also be repeated in order to have them displayed more
REM than once.
REM    ColumnName       The column name reference. This may be one of the following: SerialNr, LinuxDevice,
REM                     Model, NativePath, ByPath, Interface, State, AdditionalStateInfo, Size, HiddenAreas,
REM                     BadSectors, Progress, AverageSpeed, TimeRemaining, FifoUsage, SectorSizeLog, SectorSizePhys,
REM                     CurrentSpeed, Examiner and UserField. See below for further details on column UserField.
REM    Alignment        Alignment inside the table cell: LEFT, RIGHT or CENTER.
REM    MinWidth         On startup, Guymager gives every column the size it needs for showing its contents. But
REM                     certain columns change their content length while Guymager is running. As it might be
REM                     annoying to enlarge the corresponding column manually everytime its text gets longer,
REM                     this parameter allows for setting a bigger intial width than the one used normally.
REM                     Set to 0 for default width.
REM    ShowInMainTable  Decides whether the column should be shown in the main table; set to ON or OFF.
REM    ShowInCloneTable Decides whether the column should be shown in the clone dialog table; set to ON or OFF.
REM                     Eventhough each one of the columns might be set to ON, there's no sense in switching on
REM                     columns like CurrentSpeed, for example, as the clone dialog is not updated dynamically.
REM
REM The purpose of the special column UserField is to provide the user with a field for its own remarks. For
REM example, some people use Guymager in machines connected to disk racks. They take UserField for entering the
REM disk slot number in order to have a better overview. The column name may be configured to any string:
REM
REM    UserFieldName           Specify the name that should be displayed for the UserField column. If the string is left
REM                            empty, the column's name simply is 'UserField'.
REM
REM    AdditionalStateInfoName Similar to UserFieldName, this parameter allows for changing the name of the 
REM                            column AdditionalStateInfo. Leave it empty for the default name.

TABLE Columns None
   REM ColumnName               Alignment     MinWidth   ShowIn       ShowIn
   REM                                                   MainTable    CloneTable
   REM ------------------------------------------------------------------------------
       'SerialNr'                LEFT              0        YES         YES
       'LinuxDevice'             LEFT              0        YES         YES
       'Model'                   LEFT              0        YES         YES
       'NativePath'              LEFT              0         NO          NO
       'ByPath'                  LEFT              0         NO          NO
       'Interface'               LEFT              0         NO          NO
       'State'                   LEFT            200        YES          NO
       'AdditionalStateInfo'     LEFT              0         NO          NO
       'Size'                    RIGHT             0        YES         YES
       'HiddenAreas'             RIGHT             0        YES          NO
       'BadSectors'              RIGHT             0        YES          NO
       'Progress'                LEFT              0        YES          NO
       'AverageSpeed'            RIGHT             0        YES          NO
       'TimeRemaining'           CENTER            0        YES          NO
       'FifoUsage'               LEFT              0        YES          NO
       'SectorSizeLog'           LEFT              0         NO          NO
       'SectorSizePhys'          LEFT              0         NO          NO
       'CurrentSpeed'            LEFT              0         NO          NO
       'UserField'               LEFT              0         NO          NO
       'Examiner'                LEFT              0         NO          NO
ENDTABLE

UserFieldName           = ''
AdditionalStateInfoName = ''

REM Table Colors
REM The table contains color settings for different items on the screen:
REM    LocalDevices        Color to be used for marking local devices (i.e. devices with serial numbers found in
REM                        configuration table LocalDevices, see above) in the user interface. The whole row gets
REM                        this color.
REM    AdditionalStateX    (where X is a number) Devices maybe marked by this color depending on the values in 
REM                        the additional state info. See description of configuration parameter
REM                        CommandGetAddStateInfo for more information.
REM
REM All other entries refer to the colored dot of the acquisition state field for reflecting the current state:
REM    StateIdle              Nothing has been done with this device yet.
REM    StateAcquire           Acquisition running
REM    StateAcquirePaused     Acquisition interrupted (device cannot be accessed any longer)
REM    StateVerify            Verfication running
REM    StateVerifyPaused      Verfication interrupted (device cannot be accessed any longer)
REM    StateCleanup           Acquisition has been aborted by user and Guymager is removing partial files
REM    StateFinished          Finished successfully
REM    StateFinishedBadVerify Finished, but the MD5 check while re-reading the source after acquisition failed.
REM                           This state only can occur if MD5 verification was switched on in the acquisition dialog.
REM    StateAbortedUser       Acquisition or verification aborted by user. Not an error, as it is the user's wish.
REM    StateAbortedOther      Acquisition or verification aborted for some other reason (for instance, if writing to
REM                           the destination fails). This is an error.

TABLE Colors None
   REM Color                         R   G   B
   REM ----------------------------------------
       LocalDevices                 255 197 189
       AdditionalState1             186 255 174
       AdditionalState2             255 254 137
       AdditionalState3             255 213  66
       AdditionalState4             255 126 126
       StateIdle                    255 255 255
       StateQueued                  186 206 253
       StateAcquire                  15  73 205
       StateAcquirePaused           255 150   0
       StateVerify                  78  132 255
       StateVerifyPaused            255 150   0
       StateCleanup                 228   0 255
       StateFinished                 54 255   0
       StateFinishedBadVerify       255  30   0
       StateFinishedDuplicateFailed 255 234   0
       StateAbortedUser             255 255 255
       StateAbortedOther            255  30   0
ENDTABLE


REM Image creation
REM --------------
REM
REM EwfFormat                The EWF format (alias E01 format) differs depending on which software created
REM                          it. With this parameter, you can control which EWF subformat Guymager should use.
REM                          The subformats available depend on the Guymager compilation: 
REM                          - If compiled with support for libewf:              Encase1, Encase2, Encase3, 
REM                                                                              Encase4, Encase5, Encase6, FTK, 
REM                                                                              Linen5, Linen6 and Smart.
REM                                                                              See libewf for more information.
REM                          - If compiled with support for libewf >= 20130416:  The values above, plus Encase7, 
REM                                                                              Linen7 and EWFX.
REM                                                                              See libewf for more information.
REM                          - No matter if compiled with libewf support or not: Guymager (or AEWF, an alias for 
REM                                                                              the same).
REM                          When choosing "Guymager", the program uses its own EWF generation functions, which
REM                          require only very little RAM and still are as fast as libewf. With any other setting,
REM                          the program uses libewf in order to create the EWF images.
REM                          Generating images with segment files above 2GiB is not possible with older EWF
REM                          subformats. Select "Guymager" or at least "Encase6" for doing so.
REM                          The default and preferred setting is "Guymager".
REM
REM EwfCompression           The compression level for EWF images. Possible values are:
REM                              None   No compression at all, images become very big. Not recommended.
REM                              Empty  With this setting, Guymager does no compression, except if a block contains
REM                                     zero bytes only. Such blocks are replaced by their compressed equivalent.
REM                                     Optimal settings for slow systems.
REM                              Fast   Fast Z compression. Optimal setting for most imagers.
REM                              Best   Best Z compression. Images normally become slightly smaller than
REM                                     with setting "Fast", but CPU load grows heavily. Not recommended.
REM
REM EwfCompressionThreshold  This threshold indicates a minimal compression ratio that must be achieved or else the
REM                          data is stored uncompressed. The default value is 0.999 which means, that a chunk will
REM                          be stored compressed if the compressed data is less than 99.9% in size of the original
REM                          data. This parameter has been added to avoid mmessages about "inefficiency" in XWF.
REM
REM EwfNaming                EWF images are subdivided into segments, starting with extension E01 for the first
REM                          segment. Subsequent segments get the filename extension E02-E99, then EAA-EZZ, then
REM                          FAA-ZZZ. After that, it is unclear how to continue (there is no clear standard for the
REM                          EWF file naming).
REM                          Guymager supports two ways for naming segments beyond ZZZ:
REM                             Old  Continue with ZZZxxx, where xxx represents characters from 000 to ZZZ in base36
REM                                  notation (i.e. 0-9 and A-Z). After that, it would continue with ZZZxxxx and so on.
REM                                  Guymager version <= 0.6.9 used this naming scheme.
REM                             FTK  After ZZZ follows E14972, E14973 and so on. This naming system is the default for
REM                                  Guymager version 0.6.10 and later.
REM                          Attention: This parameter only has effect if EwfFormat is set to Guymager.
REM
REM AffEnabled               Simson Garfinkel, the inventor of the AFF format, recommends not to use AFF any longer.
REM                          Therefore, this switch has been introduced and it is 'false' by default. You might use EWF
REM                          instead.
REM                          Switch AffEnabled on in case you need to generate AFF images.
REM
REM AffCompression           The compression level for AFF images. Valid range: 1 - 9. A value of 1 results in a
REM                          fast, minimal compression and 9 in a slow, high compression.
REM                          See aff documentation for more information.
REM
REM AffMarkBadSectors        Aff supports a possibility for marking bad sectors. If this parameter is enabled and
REM                          a bad sector is encountered, then the bad sector is written with a special content to
REM                          the image ("BAD SECTOR\0" followed by 501 random bytes). If this parameter is disabled,
REM                          then bad sectors are replaced by 512 zero bytes.
REM                          This parameter only influences images in AFF format.
REM
REM SpecialFilenameChars     By default, guymager only allows the characters a-z, A-Z, 0-9 and _ to figure
REM                          in the image filenames. If you wannt to allow special chars and you are sure
REM                          that your destination file system can handle them, you might add them to
REM                          the parameter SpecialFilenameChars. Example: SpecialFilenameChars = '.- '
REM                          would allow you to use the characters . and - as well as spaces.
REM
REM CalcImageFileMD5         Switch the parameter on in order to have Guymager calculate the MD5 hashes of the image
REM                          file(s). The calculation is done over the whole file(s), not just the contents.
REM                          NOTE: The MD5 hashes are calculated during image verification and therefore, it only
REM                          is done if the checkbox for image verification is set in the acquisition dialog window.
REM                          Switching this parameter on is interesting for checking the individual files of an image.
REM
REM                          The Guymager info file can be passed directly to md5sum for image file verfication. In case
REM                          you want to do so, please observe one detail: The info file uses CR/LF for beginning a new
REM                          line (the reason is that many Windows applications fail badly when using the LF standard).
REM                          Therefore, do not use md5sum -c myimage.info but one of the following commands:
REM                             cat myimage.info | tr -d '\r'  | md5sum -c
REM                          or
REM                             cat myimage.info | dos2unix | md5sum -c
REM                          Both do the same: Eliminate the DOS-CR and pass the rest to the md5sum command. You
REM                          may ignore md5sum's warnings about improperly formatted lines (these are simply the all
REM                          the other text lines found in the info file).
REM
REM DuplicateImage           Enable Guymager to produce duplicate images, i.e. generate two identical images during
REM                          an acquisition. When switched on, the acquisition dialog has an additional button named
REM                          "Duplicate image...".
REM                          Switch this parameter off if you always want to do single images.
REM
REM DirectoryFieldEditing    The destination directory for images and info files normally is selected by mouse by means
REM                          of a dialog and the directory field is not directy editable. This is the safest way as it
REM                          ensures that you never a select a non-existent directory.
REM                          Switch this parameter on if you like to be able to directly type the directory path into
REM                          the corresponding field. This might be a faster solution for people who know their
REM                          directories by heart. At the same time it's less safe in case of typos.
REM                          If ever you enter a non-existent directory then Guymager by default asks if you would like
REM                          to create it (see parameter ConfirmDirectoryCreation).
REM
REM AllowPathInFilename      The parameter is switched off by default and entering parts of the path in the filename field
REM                          is forbidden. In case you think in relative paths it might be interesting to switch this
REM                          parameter on and thus allow entering parts of the path together with the filename.
REM                          Example: You set the directory field to "/mycases/case_0815/images" and enter the filename
REM                          "JohnDoe/Laptop". The image/info files would then be stored under
REM                          "/mycases/case_0815/images/JohnDoe/Laptop.xxx".
REM
REM ConfirmDirectoryCreation If ever the entered destination directory does not exist, Guymager tries to create it. If
REM                          this parameter is switched on then Guymager only does so after asking the user. When set to
REM                          'off' it automatically creates the directories without asking.
REM                          Attention: Setting this parameters to 'off' might lead to uncontrolled directory creation in
REM                          case of typing errors.
REM                          Normally, this parameter only has an effect if DirectoryFieldEditing or AllowPathInFilename
REM                          are switched on. Otherwise, the destination directory should always exist as it has been selected
REM                          by the file selection dialog and thus doesn't need to be created (except in the unlikely case
REM                          where the directory had been deleted in the meantime).
REM
REM AvoidEncaseProblems      Encase produces strange error messages if the EWF internal fields "Imager Version" and
REM                          "OS Version" contain more than 11 or 23 characters, respectively. Leave this flag OFF
REM                          if you don't work with Encase (default setting). Set it to ON if ever you work with
REM                          Encase and want to avoid the Encase problems.
REM
REM AvoidCifsProblems        Some NAS systems have problems for closing files (function fclose) when running under heavy
REM                          load (i.e., running several acquisitions in parallel, for example). This may result in
REM                          acquisitions aborting with errors. The problem only has been observed on systems attached via
REM                          Cifs/Samba so far. NFS systems seem to run fine. When switching parameter AvoidCifsProblems
REM                          on, Guymager flushes and synchronizes buffers before closing image files. The thus can be
REM                          avoided. The downside is a performance loss, which can be reduced by choosing a large image
REM                          file segment size.

EwfFormat                = Guymager
EwfCompression           = FAST
EwfCompressionThreshold  = 0.999
EwfNaming                = FTK
AffEnabled               = false
AffCompression           = 1
AffMarkBadSectors        = TRUE
SpecialFilenameChars     = ''
CalcImageFileMD5         = off
DuplicateImage           = on
DirectoryFieldEditing    = off
AllowPathInFilename      = off
ConfirmDirectoryCreation = on

AvoidEncaseProblems      = off
AvoidCifsProblems        = off

REM Acquisition dialog
REM ------------------

REM DefaultFormat  This parameter decides, which forensic format should be chosen by default for the
REM                first acquisition after starting Guymager. For subsequent acquisitions, the format
REM                of the previous acquisition will be selected by default.
REM                Possible values are DD, AFF and EWF.

DefaultFormat = EWF

REM InfoFieldsForDd  The dd format has no possibility for storing meta information about an image. Hence, the
REM                  fields examiner, notes, etc. usually are greyed out in the acquisition dialog when selecting
REM                  dd format. By switching on this parameter, those entry fields become available for dd images
REM                  also. The strings entered will then be written to the info file.

InfoFieldsForDd = disabled

REM The parameters below all refer to the acquisition dialog entry fields. Let us explain the different
REM fields first. There are 2 fields related to image file fragmentation:
REM SplitFileSwitch       Decides whether the image file fragmentation is on or off. For EWF images, it
REM                       is always on and for AFF images always off. For DD images, the user may choose
REM                       himself.
REM SplitFileSize         The max. size of the fragments (sometimes called segments) in MiB. The maximum
REM                       value for EWF images is 2047.
REM                       2047 is a good choice. For EWF images, the number of files will be reduced to
REM                       the minimum. For DD images, the fragments stay below the FAT limitation (2GiB).

REM There are 5 fields defined by the EWF file format, their names are self-explaining:
REM    EwfCaseNumber
REM    EwfEvidenceNumber
REM    EwfExaminer
REM    EwfDescription
REM    EwfNotes
REM Guymager uses these fields when choosing the EWF or the AFF format. When choosing the dd format, they
REM are of no use and decativated.
REM
REM There are 4 other important entry fields in the acquisition dialog:
REM    DestImageDirectory  The directory that will be used for storing the image files
REM    DestInfoDirectory   The directory that will be used for storing the info file
REM    DestImageFilename   The filename of the image files (without the extension)
REM    DestInfoFilename    The filename of the info file (without the extension)
REM
REM Finally, there are some checkboxes in the acquisition dialog that are controlled by the following
REM entry fields:
REM    HashCalcMD5         The checkbox for MD5 hash
REM    HashCalcSHA1        The checkbox for SHA-1 hash
REM    HashCalcSHA256      The checkbox for SHA-256 hash
REM    HashVerifySrc       The checkbox for the source verification (re-read source and chek if it
REM                        returns the same data than during acquisition)
REM    HashVerifyDst       The checkbox for the imager verification (read and check the image after
REM                        the acquisition has been done)
REM
REM For each one of these fields, there is an entry in configuration table DlgAcquireField. It has the
REM following structure:
REM    FieldName    The name of the field, as indicated above
REM
REM    EntryMode    Determine the bevahiour of each field; the following entry modes are available:
REM                    Hide         The corresponding field is not shown in the acquisition dialog.
REM                                 Nevertheless, it exists and it is always set to its default value
REM                                 (see below). This mode useful if a certain EWF field always should
REM                                 be filled in with the same standard value.
REM
REM                    ShowDefault  The field is visible in the acquisiton dialog and it is automatically
REM                                 filled in with the default value.
REM
REM                    ShowLast     The field is shown in the acquisiton dialog. When the acquisition
REM                                 dialog is opened for the first time after guymager startup, the field
REM                                 is filled in with the default value. On subsequent acquisition dialog
REM                                 appearances, the field contains the value entered previously (which
REM                                 may still be the default value, if it was not edited).
REM
REM    DefaultValue The default value for the field. It may contain any text you like (for the checkboxes: See
REM                 below). Guymager knows several special sequences, that will be replaced automatically.
REM                 See "Special Tokens" below.
REM
REM                 Checkboxes: Simply put '1' if you want to have the checkbox enabled or '0' for having it
REM                 disabled. Attention: Putting other values may lead to unpredictable results.
REM
REM Note that each and every field must be contained exactely once in the configuration table DlgAcquireField.
REM
REM *** Example A ***
REM    TABLE DlgAcquireField NoName
REM       REM Field               Entry        Default
REM       REM name                mode         value
REM       REM -------------------------------------------------------------------------
REM           ...
REM           'EwfNotes'          Hide         'Acquisition done by guymager %version%'
REM           ...
REM    ENDTABLE
REM The field EwfNotes would not be shown in the acquisition dialog. As it has a default value, it would always
REM be initialised with that string. The special sequence %version% would be replaced and the string written to
REM the EWF image files would be sometheing like  'Acquisition done by guymager 0.3.1'
REM
REM *** Example B **
REM    TABLE DlgAcquireField NoName
REM       REM Field               Entry        Default
REM       REM name                mode         value
REM       REM -------------------------------------------------------------------------
REM           ...
REM           'EwfExaminer'       Show         'Marc Murrsky acquired it on %d%. %MMMM% %yyyy%'
REM           ...
REM    ENDTABLE
REM With this setting, the acquisition dialog would open up with the examiner field preset to
REM something similar to 'Marc Murrsky acquired it on 5. December 2007'

TABLE DlgAcquireField NoName
   REM Field                Entry mode  Entry mode  Default
   REM name                 image       clone       value
   REM ------------------------------------------------------------------------------------
       'SplitFileSwitch'    ShowLast    Hide        '1'
       'SplitFileSize'      ShowLast    Hide        '2047'
       'SplitFileUnit'      ShowLast    Hide        'MiB'
       'EwfCaseNumber'      ShowLast    Hide        ''
       'EwfEvidenceNumber'  ShowDefault Hide        ''
       'EwfExaminer'        ShowLast    Hide        ''
       'EwfDescription'     ShowDefault Hide        ''
       'EwfNotes'           ShowDefault Hide        '%serial%'
       'UserField'          Hide        Hide        ''
       'DestImageDirectory' ShowLast    Hide        ''
       'DestInfoDirectory'  Hide        ShowLast    ''
       'DestImageFilename'  ShowDefault Hide        ''
       'DestInfoFilename'   ShowDefault ShowDefault ''
       'HashCalcMD5'        ShowLast    ShowLast    '1'
       'HashCalcSHA1'       ShowLast    ShowLast    '0'
       'HashCalcSHA256'     ShowLast    ShowLast    '0'
       'HashVerifySrc'      ShowLast    ShowLast    '0'
       'HashVerifyDst'      ShowLast    ShowLast    '1'
ENDTABLE


REM There is a another configuration table, DlgAcquireRule, which allows to copy the contents of some
REM fields automatically to others while typing. The entries in this table are processed one after the
REM other everytime you hit a key in any of the 8 fields.
REM
REM    TriggerFieldName     The trigger field is field where the action happens (i.e. which has the focus
REM                         while you are typing). If the trigger field name doesn't match, the the line
REM                         is ignored. If it matches, we have a trigger and Guymager does what the rest
REM                         of the line says.
REM
REM    DestinationFieldName On trigger, this field will be filled in with the value indicated in column
REM                         Value.
REM
REM    Value                The string to be written to the field DestinationFieldName if there's a trigger.
REM                         The value may contain the same special sequences than the ones described
REM                         above. Additionally, there are special sequences for referring to other fields.
REM                         These are constructed by putting the field name between two percent signs (for
REM                         example '%EwfNotes%')
REM
REM *** Example A ***
REM The info filename should always be the same than the image filename, i.e. when typing in the field
REM for the image filename, the contents should automatically be copied to the field for the info
REM filename:
REM    TABLE DlgAcquireRule NoName
REM       REM Trigger             Destination        Value
REM       REM field name          field name
REM       REM ----------------------------------------------------------------------
REM           'DestImageFilename' 'DestInfoFilename' '%DestImageFilename%'
REM    ENDTABLE
REM Read the entry like this: Everytime a key in DestImageFilename is hit, refresh DestInfoFilename with the
REM value %DestImageFilename%, which would be interpreted as a special sequence and corresponds to the
REM contents of DestImageFilename.
REM It still would be possible to edit the info filename separately and thus different image and info
REM filenames.
REM
REM *** Example B ***
REM Like example A, but do the same when editing te info filename; when typing in it, the image filename
REM should be changed to the new name typed for the info file:
REM    TABLE DlgAcquireRule NoName
REM       REM Trigger            Destination         Value
REM       REM field name         field name
REM       REM ---------------------------------------------------------------------
REM           'DestInfoFilename' 'DestImageFilename' '%DestImageFilename%'
REM    ENDTABLE
REM
REM *** Example C ***
REM Set the info field to the examiner name, the case name plus the date:
REM    TABLE DlgAcquireRule NoName
REM       REM Trigger         Destination  Value
REM       REM field name      field name
REM       REM ----------------------------------------------------------------------------------------------
REM           'EwfExaminer'   'EwfNotes'   'Acquired by %EwfExaminer for case %EwfCaseNumber% on %d%.%MM%.%yyyy%'
REM           'EwfCaseNumber' 'EwfNotes'   'Acquired by %EwfExaminer for case %EwfCaseNumber% on %d%.%MM%.%yyyy%'
REM    ENDTABLE
REM Note that we have to enter the same value twice here, as we have 2 triggers.

TABLE DlgAcquireRule NoName
   REM Trigger              Destination         Value
   REM field name           field name
   REM ----------------------------------------------------------------------
       'DestImageDirectory' 'DestInfoDirectory' '%DestImageDirectory%'
       'DestImageFilename'  'DestInfoFilename'  '%DestImageFilename%'
ENDTABLE


REM Special tokens
REM --------------

REM Guymager uses special tokens whenever text needs to replaced automatically according to the user's instructions.
REM Currently, these tokens are used in the configuration tables DlgAcquireRule and DlgAcquireField, RunStats module
REM and configuration parameter CommandAcquisitionEnd.

REM Date and time tokens
REM       %d%       the day as a number without a leading zero (1 to 31)
REM       %dd%      the day as a number with a leading zero (01 to 31)
REM       %ddd%     the abbreviated localized day name (e.g. 'Mon' to 'Sun')
REM       %dddd%    the long localized day name (e.g. 'Monday' to 'Sunday')
REM       %M%       the month as a number without a leading zero (1-12)
REM       %MM%      the month as a number with a leading zero (01-12)
REM       %MMM%     the abbreviated localized month name (e.g. 'Jan' to 'Dec')
REM       %MMMM%    the long localized month name (e.g. 'January' to 'December')
REM       %yy%      the year as two digit number (00-99)
REM       %yyyy%    the year as four digit number
REM
REM       %h%       the hour without a leading zero (0 to 23 or 1 to 12 if AM/PM display)
REM       %hh%      the hour with a leading zero (00 to 23 or 01 to 12 if AM/PM display)
REM       %m%       the minute without a leading zero (0 to 59)
REM       %mm%      the minute with a leading zero (00 to 59)
REM       %s%       the second without a leading zero (0 to 59)
REM       %ss%      the second with a leading zero (00 to 59)
REM       %z%       the milliseconds without leading zeroes (0 to 999)
REM       %zzz%     the milliseconds with leading zeroes (000 to 999)
REM       %AP%      use AM/PM display. %AP% will be replaced by either "AM" or "PM".
REM       %ap%      use am/pm display. %ap% will be replaced by either "am" or "pm".
REM    Remark: The date/time tokens have been copied from Trolltech's Qt documentation.
REM
REM Static tokens
REM       %Version%     Guymager software version
REM       %MacAddr%     MAC address of the 1st ethernet card found
REM       %HostName%    Computer's host name
REM
REM Device / acquisition related tokens
REM       %Dev%             Device, for example /dev/sdf
REM       %Size%            Device size in bytes
REM       %SizeHuman%       Device size in human readable format (e.g. '247G', '32M')
REM       %SizeHumanNoSep%  Like %SizeHuman%, but wihtout thousands separator
REM       %State%           The acquisition state
REM       %ExtendedState%   The acquisition state as shwon in the main GUI
REM       %Serial%          Serial number of the device
REM       %Model%           Device model
REM       %LocalDevice%     Device is part of the local PC, value is YES or NO (see configutaion table LocalDevices)
REM       %CurrentSpeed%    Current speed, unit MB/s
REM       %AverageSpeed%    Average speed, unit MB/s
REM       %Progress%        Progress, unit %
REM       %TimeRemaining%   Estimated time remaining to accomplish acquisition (format hh:mm:ss)
REM       %BadSectors%      Number of bad sectors
REM       %HiddenAreas%     The information about hidden areas as shown in the GUI
REM       %SplitFileSize%   File size of image fragmnets
REM       %VerifySrc%       Verify source, value is YES or NO
REM       %CalcMD5%         MD5 calculation enabled, value is YES or NO
REM       %CalcSHA1%        SHA1 calculation enabled, value is YES or NO
REM       %CalcSHA256%      SHA256 calculation enabled, value is YES or NO
REM       %Clone%           Device is cloned, MD5 value is YES or NO
REM       %Duplicate%       A duplicate image is written, value is YES or NO
REM       %UserField%       Contents of the user field
REM       %AddStateInfo%    Additional state information
REM    The following tokens are related to the acquisition dialog input fields. They all exist a second time with a "2"
REM    appended, for example "%CaseNumber%" and "%CaseNumber2%". The second one only is set if %Duplicate% is YES. It's empty
REM    otherwise.
REM       %CaseNumber%      Case number      \
REM       %Examiner%        Examiner         |     as entered in the
REM       %EvidenceNumber%  Evidence number  |     corresponding field
REM       %Description%     Description      |     of the acqusition dialog
REM       %Notes%           Notes            /
REM       %Image%           Path and file name of image
REM       %InfoFile%        Path and file name of .info file
REM       %VerifyDst%       Verify image, value is YES or NO
REM
REM Not all tokens are meaningful in every position. For example, there's no sense in specifying token %Progress%
REM in configuration table DlgAcquireRule, as the acquisition is not even started yet when the acquisition dialog
REM is shown.
REM
REM The special token %DEVICE_BLOCK% only can be used for the Runstats module. See the description of the RunStats 
REM module below.


REM Guymager internals
REM ------------------
REM
REM Device list scanning
REM --------------------
REM DeviceScanMethod        Guymager knows 3 methods for getting the list of the available memory devices: The old one,
REM                         that uses libparted, the new one that uses DBUS/HAL and the even newer one that uses
REM                         DeviceKit-Disks. Select your method by setting this parameter to:
REM
REM                            libudev                The newest method (recommended for Ubuntu >= 15.10). See remarks for
REM                                                   UDisks below.
REM
REM                            DBusDevKit or UDisks   Recommended for 9.04 <= Ubuntu <= 15.04. You need a Linux system
REM                                                   supporting UDisks for this setting. In older versions, UDisks was named
REM                                                   DeviceKit (in Ubuntu 9.04 and 9.10 for instance). From guymager's point
REM                                                   view, UDisks and DeviceKit are both the same. Newer distributions switched
REM                                                   from UDisks to UDisks2, but UDisks2 is incompatible and unusable. Guymager
REM                                                   therefore should be run with libudev on those systems.
REM
REM                            DBusHAL                Use the previous method (recommended for systems like Ubuntu 8.10).
REM
REM                            libparted              Use the old method. It was observed that the internal scan function hung
REM                                                   while an acquisition was running. This leads to the problem that the devices
REM                                                   shown in guymager possibly cannot be updated while an acquisition is running.
REM                                                   When using this method, the command specified in configuration parameter
REM                                                   CommandGetSerialNumber (see below) is used for finding the serial number of
REM                                                   each device (not really elegant). Again, DBusHAL is the recommended setting.
REM                         When choosing an unsupported scan method, Guymager shows the user a dialog asking to fall back
REM                         to a supported one.
REM
REM CommandGetSerialNumber  is used to extract the serial number from a device when setting DeviceScanMethod to libparted (not
REM                         recommended). When choosing another scan method, the command will never be called, except if  parameter
REM                         ForceCommandGetSerialNumber is set (see below). The placeholder %dev in the command string will be replaced
REM                         by the device (/dev/hda or /dev/sdc for instance). Examples:
REM                            CommandGetSerialNumber = 'bash -c "smartctl -i %dev | grep -i serial | awk ''{print $3 $4 $5 $6 $7 $8 $9}'' "'
REM                            CommandGetSerialNumber = 'bash -c "hdparm -I %dev | grep -i ''Serial Number'' | awk ''{print $3 $4 $5 $6 $7 $8 $9}'' "'
REM
REM ForceCommandGetSerialNumber  Use CommandGetSerialNumber not only when DeviceScanMethod is libparted, but also for others. This
REM                         can be interesting in case wrong serial numbers are displayed, which was observed to happen with
REM                         certain USB adapter devices.
REM
REM CommandGetAddStateInfo  contains the command to be executed in order to gather additional state information. By default, CommandGetAddStateInfo
REM                         simply is an empty string and no additional information is read nor displayed. If set, the command executed
REM                         is expected to return its information in three separate lines (separated by \n):
REM                            1st line: Information text. This text is displayed in the device specific screen area of Guymager
REM                                      (bottom area of the main window).
REM                            2nd line: A value of 0 tells Guymager that the device cannot be acquired. Guymager forbids the
REM                                      acquisition of the device in that case. Any other value enables device acquisition.
REM                                      If this parameter is missing, the device can be acquired.
REM                            3rd line: An integer number indicating the color to be used for marking the device. The number
REM                                      refers to the colors named AdditionalStateX in the configuration table Colors (see
REM                                      above), where X corresponds to the color returned by the command. If this parameter
REM                                      is missing, the default color (wite) is used.
REM                         The command may include the two placeholders %dev and %local which will be replaced accordingly. See
REM                         the description of CommandGetSerialNumber above for the use of %dev. %local will be replaced by 1
REM                         if the %dev refers to a local device and 0 otherwise.
REM
REM                         If you plan to use this feature, you may do a first test with the configuration setting
REM                             CommandGetAddStateInfo='bash -c "/usr/share/guymager/stateinfo.sh %dev"'
REM                         where the file /usr/share/guymager/stateinfo.sh is executable and contains the lines
REM                            echo "Moie Welt! - $1"
REM                            echo "0"
REM                            echo "2"
REM
REM CommandAcquisitionEnd   The command given is called whenever an acquisition ends. Guymager knows several special tokens (chraracter sequences)
REM                         that will be replaced automatically. See "Special tokens" above.
REM                         The parameter is left empty by default and no script called in that case.
REM
REM ScanInterval            Speficies how often an automatic device scan (for detecting newly connected devices)
REM                         should launched. Unit: Seconds. Keep in mind, that the device scan can be launched as well manually.
REM
REM QueryDeviceMediaInfo    Guymager has the possibility to gather extended media info about the connected devices. The media info
REM                         mainly includes HPA/DCO settings. Some non-standard devices do not expect the corresponding ATA
REM                         commands and may even need to be resetted when trying to query media info. In such cases,
REM                         QueryDeviceMediaInfo may be switched off. By default, it is on.
REM
REM DirectIO                Decides whether Guymager reads data in direct IO mode or not. Normally, direct mode should be a little
REM                         faster, but it was observed that reading from SSDSs may be much slower in direct mode. The default
REM                         setting therefore is "off".
REM                         IMPORTANT:
REM                            1) DirectIO only can be switched on if parameter FifoMemoryManager is also on.
REM                            2) Linux does not read single sectors when DirectIO is off. While this is good for speed, it's a
REM                               problem for disks with bad sectors ("contagious error"). Therefore, Guymager switches DirectIO
REM                               on when it encounters bad sectors, disregarding the DirectIO configuration parameter. After
REM                               the bad sectors area has been read, it switched back to the configured DirectIO mode.
REM                               See also www.elsevierscitech.com/pdfs/Contagious_errors.pdf for more information about the
REM                               contagious error problem.

DeviceScanMethod       = libudev
CommandGetSerialNumber = 'bash -c "smartctl -i %dev | grep -i serial | awk ''{print $3 $4 $5 $6 $7 $8 $9}'' "'
ForceCommandGetSerialNumber = false
CommandGetAddStateInfo = ''
CommandAcquisitionEnd  = ''

ScanInterval           = 6000
QueryDeviceMediaInfo   = on
DirectIO               = off


REM The RunStats module allows to forward information about Guymager's current state to users or applications.
REM Principally, Guymager takes a user provided template file, modifies its contents according to the
REM instructions given in the template file and writes the result to the output file. The template and output
REM are specified by the parameters RunStatsTemplateActive and RunStatsOutput.
REM
REM RunStatsTemplateActive contains the filename for the active template, i.e. the template used when Guymager
REM is running. When Guymager ends, it modifies the output file one last time just before exiting according to
REM the contents of another template file, specified by parameter RunStatsTemplateEnded. If parameter
REM RunStatsTemplateEnded is empty or doesn't point to a valid file, Guymager leaves the output with the content
REM it last wrote before exiting.
REM
REM The template file may contain special tokens which are to be replaced by Guymager. All other text is
REM transferred directly to the output file. Tokens always start and end with the % character, see "Token list"
REM above.
REM
REM The token %DEVICE_BLOCK% is specififc to the Runstats module. This token must appear twice in the RunStats
REM template file. The part in between is repeated as many times as there are devices shown in Guymager's main
REM device table.
REM
REM If you installed Guymager from a Debian package (usual way for installing programs on a Debian, Ubuntu
REM or other Debian based system) you find examples of RunStats template files in /usr/share/doc/guymager/
REM or /usr/share/doc/guymager-beta/ .
REM
REM Parameter RunStatsInterval specifies how often the output file is to be updated (unit: seconds). Guymager
REM reads the template at startup and after every 10 output file updates, thus allowing for template file changes
REM to in the appear in the output file without restarting Guymager.
REM
REM In order to switch off the Runstats module, set RunStatsInterval to 0 ot set the active template or output
REM file to an empty string.

RunStatsTemplateActive = ''
RunStatsTemplateEnded  = ''
RunStatsOutput         = ''
RunStatsInterval       = 60

REM Other settings
REM --------------
REM Block sizes: Guymager works internally with threads for doing the different jobs (read, hash calculation, compression,
REM write) and forwards the data in blocks through fifos from one thread to another. The block size may be adjusted individually
REM for the different forensic formats. There's only one exception: When using EWF with mult-threaded compression the block size
REM is 32768 bytes (32KB).
REM It is recommended to use a multiple of kilobytes or megabytes for the block sizes, because the block size corresponds to size
REM of the data read at once from the source drive and most drive's caches perform best with such "round" numbers. So, if you want
REM to work with a block size of 10 kilobyte, specify 10240 (instead of 10000).
REM
REM FifoBlockSizeDD         The block size for dd images (in bytes). Recommended value: 262144 (256K).
REM
REM FifoBlockSizeEWF        The block size for EWF images (in bytes). Recommended value: 32768 (32K). ATTENTION: Tests have shown
REM                         that the software "X-Ways Forensics" is not able to handle EWF images with a block size above 256K. Thus,
REM                         the recommended maximum value for FifoBlockSizeEWF is 262144.
REM
REM FifoBlockSizeAFF        The block size for AFF images (in bytes). Recommended value: 16777216 (16M).
REM
REM FifoMaxMem              The amount of memory used for the internal FIFO queues of an acquisition. The value is indicated in
REM                         Megabytes. If you set it to 0, Guymager uses 1/8 of the available RAM, maximally 64MB per acquisition.
REM                         Keep in mind, that the total amount of memory used by Guymager may be much higher: With a value of
REM                         256 and 4 acquisitions running in parallel, a total of 1GB RAM would be used by Guymager - only for
REM                         the FIFOs, not counting the overhead required by Guymager and the libs it uses (Qt, libewf, ...).
REM                         The recommended value is 0 (automatic memory usage calculation).
REM
REM FifoMemoryManager       Set to on to use the internal FIFO memory manager. If switched off, the classical C functions malloc and
REM                         free are used. FifoMemoryManager must be switched on in order to use direct IO (see parameter DirectIO).
REM                         It should be switched off for debug purposes only.
REM
REM UseSeparatehashThread   The hash calculation can be done in a separate thread or in the read thread (i.e. the thread reading
REM                         the data from the source). Using a separate thread led to a slight performance advantage on the
REM                         developer's machine.
REM
REM CompressionThreads      The number of threads for parallel compression. The recommended value is the number of processors.
REM                         This parameter has a significant performance influence when working with compressed file format
REM                         (EWF format). It has no impact on other formats (dd).
REM                         Set to AUTO will use the number of CPUs installed in the system (recommended).
REM                         Set to 0 for disabling multi-threaded compression and build EWF file the conventional way.
REM
REM BadSectorLogThreshold   This parameter has been introduced in order to prevent Guymager from writing excessively big log files
REM                         when acquiring devices with many (millions) bad sectors. As soon as the threshold has been reached,
REM                         Guymager does not any longer log every single bad sector it encounters but only logs from time to time. 
REM                         The number of log entries after reaching BadSectorLogThreshold depends on parameter BadSectorLogModulo.
REM                         When setting BadSectorLogModulo to 1000, then only every 1000th bad sector will be logged after reaching
REM                         BadSectorLogThreshold.
REM                         A value of 0 deactivates the bad sector log threshold feature.
REM
REM BadSectorLogModulo      Only active if BadSectorLogThreshold is not zero.
REM                         See BadSectorLogThreshold for explanations.
REM
REM LimitJobs               Limit the number of acquisitions running in parallel to the value specified in this parameter. If
REM                         the number of acquisitions started exceeds the value given by LimitJobs, the ones started last are
REM                         queued and will be held until a former acquisition ends.
REM                         The reason for this parameter is that some users observed degraded performance with heavy SATA IO load.
REM                         They claimed, that the overall performance is better when limiting the number of parallel jobs. However,
REM                         the author of Guymager has not been presented any performance test results up until now.
REM                         Setting this parameter OFF results in starting acqusitions immediately. A value of AUTO corresponds
REM                         to half the number of CPUs installed, with a maximum of value 4.
REM
REM JobMaxBadSectors        Only active if LimitJobs is ON.
REM                         With the introduction of the job queue, a problem arises with faulty disks. It could happen that healthy
REM                         disks are not going to be acquired because of faulty disks blocking the job queue. JobMaxBadSectors prevents
REM                         from this by ending acquisitions exceeding the given number of bad sectors.
REM                         Set JobMaxBadSectors to 0 in order not to end acquisitions because of bad sectors.
REM
REM JobDisconnectTimeout    Only active if LimitJobs is ON.
REM                         See remarks for JobMaxBadSectors. JobDisconnectTimeout works in a similar way. It ends acquisitions
REM                         which have been in state "disconnected" (i.e. which can no longer be accessed) for too long.
REM                         Set JobDisconnectTimeout to 0 in order not to end acquisitions because of switching to state
REM                         disconnected. Unit: Seconds.


FifoBlockSizeDD       = 262144
FifoBlockSizeEWF      = 32768
FifoBlockSizeAFF      = 16777216
FifoMaxMem            = 0
FifoMemoryManager     = On

UseSeparatehashThread = Yes
CompressionThreads    = AUTO

BadSectorLogThreshold = 0
BadSectorLogModulo    = 1000

LimitJobs             = OFF
JobMaxBadSectors      = 200
JobDisconnectTimeout  = 10000

REM Debug settings
REM --------------
REM SignalHandling          For debug purpose only. Switch off SignalHandling only when working with debuggers (gdb).
REM                         Recommended value: Enabled.
REM
REM WriteToDevNull          For debug purpose only. Writes image to /dev/null instead of the indicated file. This switch can
REM                         be used for performance tests. Only used when creating a dd images.
REM
REM UseMemWatch             For debug purpose only. Uses the memwatch malloc/free functions for finding dynamic memory problems.
REM                         Creates a file named memwatch.log when enabled in the directory where guymager is started. MemWatch
REM                         may slow down guymager significantly.
REM
REM VerboseLibewf           For debug purpose only. Have libewf output internal messages to stderr.
REM
REM CheckEwfData            For debug purpose only. When using the EWF format and working with separate compression thread(s),
REM                         Guymager does a special check on the data if this parameter is set. The check is done just before
REM                         passing the data to the EWF library function that writes it to the image. It checks if the data can
REM                         be uncompressed correctly, if the lengths match and if the CRC is ok.

SignalHandling = Enabled
WriteToDevNull = false
UseMemWatch    = false
VerboseLibewf  = false
CheckEwfData   = false


REM Device info commands
REM --------------------
REM In order to get a complete set of information for each acquired drives, guymager executes several standard Linux
REM commands. These commands are contained in the list named DeviceInfoCommands, see below. They are executed when
REM    - selecting the "Info" menu point for a device (results are shown in a dialog window)
REM    - starting an acquisition (results are written to the .info file)
REM They are executed in the order they appear. The string %dev will be replaced by the corresponding device path
REM (i.e. /dev/sdb for instance). Examples of interesting commands:
REM      'bash -c "smartctl -s on %dev ; smartctl -a %dev"'  -- for switching SMART interface on and showing SMART info
REM      'bash -c "hdparm -I %dev"'                          -- for showing other identification info

TABLE DeviceInfoCommands NoName
   REM Command
   REM -------------------------------------------
   'bash -c "search="`basename %dev`: H..t P.......d A..a de.....d" && dmesg | grep -A3 "$search" || echo "No kernel HPA messages for %dev""'
   'bash -c "smartctl -s on %dev ; smartctl -a %dev"'
   'bash -c "hdparm -I %dev"'
   'bash -c "CIDFILE=/sys/block/$(basename %dev)/device/cid; echo -n "CID: " ; if [ -e $CIDFILE ] ; then cat $CIDFILE  ; else echo "not available" ; fi "'
   REM 'bash -c disk_stat %dev'
ENDTABLE



REM Tables LocalDevices and HiddenDevices
REM The local devices may be entered here. Guymager will mark them colored and will not allow to acquire them. The
REM table allows for entering the Linux device path, serial number, model, native path or by path. Examples:
REM    '/dev/sda'
REM    'S042J10XC57542'
REM
REM Table HiddenDevices works the same way, except that devices listed here won't appear at all in the Guymaer GUI.
REM
REM LocalHiddenDevicesUseRegExp defines whether the given strings for local and hidden devices should be interpreted
REM as regular expressions or not. Example: With LocalHiddenDevicesUseRegExp switched on, the following string would
REM match all loop devices in the range 10-15 (i.e. /dev/loop10 .. /dev/loop15):
REM   '/dev/loop1[0-5]'
REM
REM For both (reg. exp. on and off) the comparison is case independent.

LocalHiddenDevicesUseRegExp = false

TABLE LocalDevices NoName
   REM Device
   REM -------------------------------------------

ENDTABLE

TABLE HiddenDevices NoName
   REM Device
   REM -------------------------------------------

ENDTABLE


REM Below we include a local configuration file. All entries in the local configuration file will override the ones above.
REM
REM If ever you want to change some of the settings above, don't do it directly here, as all your changes would be
REM gone when installing a new version of guymager. Edit /etc/guymager/local.cfg instead.

INCLUDE_OPTIONAL /etc/guymager/local.cfg
INCLUDE_OPTIONAL ./local.cfg

ENDSECTION