September 24, 2018
Colleagues in digital forensics, please ask yourselves – do you find Arsenal Image Mounter (“AIM”) useful? Could your consulting, training, or software/hardware organization use great karma and a boost in public relations?
If you answered yes to these questions, please have your organization sponsor more “Free Mode” functionality in AIM! We have users (consultants, law enforcement, military, students, and more) across the globe, involved in digital forensics and many other pursuits, who find AIM an important part of their toolkit. We are dedicated to offering powerful and unique Free Mode functionality to our users, and your organization can help us attack a very significant development queue.
How does my Organization Benefit?
Arsenal will show our appreciation (both on our and the digital forensics community’s behalf) to AIM sponsors by acknowledging
How do we get started?
Contact us at info@ArsenalRecon.com so we can discuss pending functionality requiring sponsorship (or, you may want to suggest functionality!) and other details.
Arsenal Image Mounter Background
Arsenal Image Mounter was born when we found existing disk image mounting solutions lacking during the development of our premier digital forensics tool Registry Recon. Many disk image mounting solutions mount the contents of images in Windows as shares or partitions (rather than complete disks), which limits their usefulness. Arsenal Image Mounter mounts the contents of disk images as complete disks in Microsoft Windows® by including a virtual SCSI adapter (via a unique Storport
In “BitLocker for DFIR – Part I” we provided a quick summary of BitLocker, details regarding the various “states” of BitLocker volumes that we see most often in our casework, and some thoughts on things that are particularly relevant to digital forensics and incident response practitioners. We will now discuss launching virtual machines from BitLockered disk images.
BitLocker is a Full Volume Encryption (FVE) technology introduced by Microsoft in the Ultimate and Enterprise versions of Windows Vista. BitLocker has come a very long way since Vista, becoming quite flexible (some of our colleagues might prefer the word complicated) and secure if used properly.
Microsoft’s “Office Document Cache” (hereafter, ODC) is complex, infuriating, and misunderstood. For years there have been digital forensics practitioners who knew how valuable information within ODCs was (especially within FSD files), but they were essentially left with scraps after throwing existing tools and techniques against them. After many of the proverbial late nights and early mornings, Arsenal has now drastically improved the situation for our colleagues in digital forensics.
Stay Up to Date With The Latest News & Updates
Join Our Newsletter
Signup for the latest news on Registry, Hibernation Files, and other Digital Investigations related news.
or (617) 277-3625
Terms & Conditions