Publicly-Accessible Disk Images Grid for DFIR

January 12th, 2024
By:  Emina Doherty,  Anastasia Shek

A question asked in our office, and maybe in yours - “Does anyone know which publicly-accessible disk images contain (insert your artifact of interest)?”

Read More
Published:
January 12th, 2024
 |  Topic(s):  NewsTraining

Forensic Analysis of the NetWire Stack

June 2nd, 2023
Joakim has recently gone on some adventures involving the NetWire RAT (Remote Access Trojan) that we believe all our colleagues in digital forensics should start digging into as soon as possible.
Read More

BitLocker for DFIR – Part I

March 11th, 2023
We deal with BitLocker frequently in our casework at Arsenal… so frequently that we added BitLocker-specific functionality to Arsenal Image Mounter to make our lives easier.
Read More

Quick Tour Of New Features In Arsenal Image Mounter v3.9.218

July 28th, 2022
We released Arsenal Image Mounter v3.9.218 today with some truly awesome enhancements. I do not use the phrase “truly awesome” lightly, in the sense that I’m referring to enhancements that required many months of research and development ultimately resulting in even more powerful and unique functionality for AIM users.
Read More

BitLocker for DFIR – Part III

January 23rd, 2021
After making a working copy of the forensic image you open it in one of your digital forensics tools… but there’s a problem. You can’t see the expected Windows volume or any user data! To try and determine what’s wrong, you launch Arsenal Image Mounter and mount the forensic image.
Read More

Arsenal Educational Program Extended to Law Enforcement and Military Training

January 6th, 2021
We have an exciting 2021 in store for Arsenal customers. To kick things off, we are extending our educational program (basically, free licenses!) to cover law enforcement and military training.
Read More

Arsenal Image Mounter and Virtual Machine Inception

December 17th, 2020
Why would a digital forensics practitioner want to run Hyper-V and AIM within VMware? We have recently heard from our customers that they have successfully run both Hyper-V and AIM within VMware.
Read More

Introducing Arsenal Image Mounter v3.3.134 and DPAPI Bypass

October 26th, 2020
Three months ago I challenged the Arsenal team by suggesting that we could get more creative about how to access protected content in Windows. We did it!
Read More

Join the List

Arm yourself with updates about Arsenal tools, training, and research. Our mailing list is double opt-in so you will need to check your email and confirm your subscription before receiving our mailings.