Arsenal Image Mounter’s Windows authentication bypass is already more powerful than any other tools we are aware of, but that has not stopped us from continuing to push boundaries. We have been working aggressively for the last month on an extension to our Windows authentication bypass that some of our colleagues in digital forensics will find quite shocking. While we continue this work, we have decided to launch another version of AIM with some new features requested by our customers.
AIM’s Volume Shadow Copy (VSC) mounting now supports mounting VSCs as “complete” disks in write-temporary mode on Windows.
Did you notice what was happening with that last screenshot? It looks like two of the VSCs have been launched into virtual machines? Yes, they have – among other things, this feature allows VSCs to be launched directly into virtual machines! Check out this video:
AIM’s Windows File System Driver Bypass mode now exposes concatenated unallocated and slack space on NTFS volumes as [UNALLOCATED] and [SLACK] “files” at the root of each volume. We have found this to be a time saver in our casework.
AIM can now be configured to launch automatically at logon and to automatically remount disk images. Again, time savers in our (and hopefully your) casework.
In addition to the features already mentioned, AIM v3.2.128 includes a security update, updated third-party libraries, minor bug fixes, and an updated readme.
Until next time… good hunting, and please help us spread the word about AIM and our other tools