ARSENAL IMAGE MOUNTER V3.12.331
Arsenal Image Mounter mounts the contents of disk images as complete disks in Windows, allowing users to benefit from disk-specific features like integration with Disk Manager, launching virtual machines (and then bypassing Windows authentication and DPAPI), managing BitLocker-protected volumes
Easily Launch Virtual Machines from Disk Images
And much, much more...
Many Windows®-based disk image mounting solutions mount the contents of disk images as shares or partitions, rather than complete (aka "physical or "real") disks, which limits their usefulness to digital forensics practitioners and others. Arsenal Image Mounter mounts the contents of disk images as complete disks in Windows, allowing users to benefit from disk-specific features like integration with Disk Manager, launching virtual machines (and then bypassing Windows authentication and DPAPI), managing BitLocker-protected volumes, mounting Volume Shadow Copies, and more.Arsenal Image Mounter Features
Arsenal Image Mounter includes both free (Free Mode) and paid (Professional Mode) features.Features Available in Free Mode
- Mount raw, forensic, and virtual machine disk images as complete (a/k/a “real”) disks on Windows
- Temporary write support with replayable differencing files for all supported disk image formats
- Save "physically" mounted objects to various disk image formats
- Identify (with details), unlock, fully decrypt, and disable/suspend BitLocker-protected volumes
- Access disks, volumes, and Volume Shadow Copies as virtual dd files
- Virtually mount optical images
- RAM disk creation with either static or dynamic memory allocation
- Virtually mount archives
- Command-line interface (CLI) executables and PowerShell modules (for Command Prompt and PowerShell, respectively)
- MBR injection, fake disk signatures, removable disk emulation, and much more
Features Available in Professional Mode
- Effortlessly launch virtual machines from disk images
- Extremely powerful Windows authentication and DPAPI bypasses within virtual machines
- Linux password bypass within virtual machines
- Database-driven Windows password attack (including Arsenal's "Password Sledgehammer") within virtual machines
- Multiple methods of Volume Shadow Copy mounting (standard, with Windows NTFS driver bypass, or as complete disks)
- Launch virtual machines directly from Volume Shadow Copies
- Attach to actual physical disks (fixed and removable) to leverage virtual machine launching, VSC mounting, etc.
- Write mounted disk images to physical disks with optional free space clearing
- Windows file system driver bypass (FAT, NTFS, ExFAT, HFS+, Ext2/3/4, etc.)
- Exposure of NTFS metadata, slack, and unallocated in Windows file system driver bypass mode
- Virtually mount directories
- Save disk images with fully-decrypted BitLocker volumes
- Recon Reports containing valuable information about disk images (and actual physical disks) useful for triage
- Connect to remote disks over a network with AIM Remote Agent
