Insights

BitLocker for DFIR – Part III

BitLocker for DFIR – Part III

You have followed your standard operating procedure and obtained a forensic image from a laptop’s solid state drive. After making a working copy of the forensic image you open it in one of your digital forensics tools… but there’s a problem.

Arsenal Image Mounter (AIM) Walkthrough

Arsenal Image Mounter (AIM) Walkthrough

This article will briefly summarize the features of AIM’s Free and Professional Modes, explain the requirements for running AIM, and demonstrate how to launch virtual machines and mount Volume Shadow Copies (VSCs) from AIM-mounted disk images.

Introducing Arsenal Image Mounter v3.3.134 and DPAPI Bypass

Introducing Arsenal Image Mounter v3.3.134 and DPAPI Bypass

Three months ago I challenged the Arsenal team by suggesting that we could get more creative about how to access protected content in Windows, especially considering Arsenal Image Mounter was already reliably launching disk images into virtual machines and bypassing every type of Windows authentication.

Arm Yourself!

Join our mailing list to arm yourself with updates about Arsenal tools, training, and research. Our mailing list is double opt-in so you will need to check your email and confirm your subscription before receiving our mailings.

Chelsea, Massachusetts

sales@ArsenalRecon.com

(617) ARSENAL

or (617) 277-3625

Site Map

\

Home

\

Products

\

Pricing

\

Training

\

Testimonials

\

Insights

\

Contact

\

FAQ

Legal

\

Privacy Policy

\

Terms & Conditions

\

Cookie Policy

Follow Us

LinkedIn

Twitter

Facebook