![]() The ‘Driver setup in progress’ message window will appear. If you see the window below related to installing an updated driver, select ‘Yes ’. ![]() Opening AIM by double clicking ‘ArsenalImageMounter.exe’ will launch AIM and install the AIM driver. It is strongly recommended that digital forensic practitioners review and understand the information presented in both ‘readme.txt’ and ‘readme_cli.txt’. The readme files contain detailed descriptions on the features of AIM and usage of the product. The contents of the AIM folder include the executable ‘ArsenalImageMounter.exe’ (GUI version), ‘aim_cli.exe’ (CLI version), and readme files for both the GUI and CLI versions of AIM. Once you have downloaded AIM, extract the contents of the ‘Arsenal-Image-Mounter…’ ZIP file to a folder of your choice. It is also recommended that you exclude Arsenal Image Mounter’s folder and/or executables in your antivirus applications. If you do not have Hyper-V installed, please enable it using the directions provided in the link below:Īlso make sure your virtualization technology setting in workstation BIOS or UEFI is enabled. Outside of the recommended operating systems noted, most of, if not all of AIM’s core functionality is available on Windows systems only as far back as Windows 7 and Server 2012/2012 R2 圆4.Īrsenal Image Mounter requires Hyper-V for launching virtual machines. launching virtual machines and BitLocker-related functionality) works as intended. File systems supported by this mount option include FAT 12/16/32 and NTFS, with experimental support for Btrfs, Ext2/3/4 (except with 64 bit header fields used by some of the latest Linux distributions), ExFAT, HFS+, SquashFs, UDF, and XFS.Īrsenal Image Mounter is designed to run (ideally) on Windows 10 (and Server 2016/2019) 圆4 so that all functionality (e.g. ![]() File systems mounted by Arsenal include NTFS, FAT32, ReFS, exFAT, HFS+, UFS, and EXT3.ĪIM also supports bypassing Windows file system drivers and using DiscUtils file system drivers via the “Windows file system driver bypass” mount option. Many types of file systems contained within disk images can be mounted on a forensic workstation running AIM, assuming the appropriate Windows file system drivers are installed. Virtual Machine Disk Files (VHD, VDI, XVA, VMDK, OVA) and checkpoints (AVHD, AVHDX) if DiscUtils is available Save disk images with fully-decrypted BitLocker volumesĮnCase (E01 and Ex01) if libewf is available Windows file system driver bypass support for disk image mounting Volume Shadow Copy (VSC) mounting with optional Windows NTFS driver bypass Includes all Free Mode functionality plus:Įffortlessly launch (and often login to) virtual machines MBR injection, “fake” disk signatures, removable disk emulation, and much more ![]() Save “physically” mounted objects to various disk image formats Temporary write support with replayable delta files for all supported disk image formats Mount raw, forensic, and virtual machine disk images as “real” disks on Windows Here is a summary of AIM features cited directly from the FAQs: Features Overview The Hunter disk image from is used for purposes of demonstration.Īrsenal’s FAQ Page clearly explains AIM’s features, including the differences between the “Free Mode” (run without a license) and “Professional Mode” (full functionality enabled). This walkthrough was built while running AIM version 3.3.134 on Windows 10 圆4 version 2004 (OS Build 19041.572) and Windows 10 圆4 20H2 (OS Build 19042.630). This article will briefly summarize the features of the AIM’s Free and Professional Modes, explain the requirements for running AIM, and demonstrate how to launch virtual machines and mount Volume Shadow Copies (VSCs) from AIM-mounted disk images. Mounting disk images this way has many benefits for digital forensics practitioners – launching virtual machines (and then bypassing the Windows authentication within them), managing BitLocker-protected volumes, mounting Volume Shadow Copies, and more. AIM’s core purpose involves mounting the contents of disk images as if they are “real” disks on Windows. Welcome to our first Insights article from a guest author, Shafik Punja! BackgroundĪrsenal Image Mounter (AIM) is one of several outstanding products developed by Arsenal Recon for digital forensics practitioners. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |