Arsenal Image Mounter

Arsenal

Image Mounter

Reliable. Powerful. Trusted.

Easily Launch Virtual Machines from Disk Images

And much, much more...

Many Windows®-based disk image mounting solutions mount the contents of disk images as shares or partitions, rather than complete (aka "physical or "real") disks, which limits their usefulness to digital forensics practitioners and others. Arsenal Image Mounter mounts the contents of disk images as complete disks in Windows, allowing users to benefit from disk-specific features like integration with Disk Manager, launching virtual machines (and then bypassing Windows authentication and DPAPI), managing BitLocker-protected volumes, mounting Volume Shadow Copies, and more.

See Arsenal Image Mounter In Action

Become more familiar with AIM's powerful functionality by watching our demonstrations.

Demonstrating launch of BitLockered Windows Storage Space into a virtual machine with DPAPI bypass
Demonstrating Windows authentication and DPAPI bypasses against BelkaCTF Party Girl
Watch More

Arsenal Image Mounter Features

Arsenal Image Mounter includes both free (Free Mode) and paid (Professional Mode) features.

Features Available in Free Mode

  • Mount raw, forensic, and virtual machine disk images as complete (aka "real) disks on Windows

  • Temporary write support with replayable delta files for all supported disk image formats

  • Save "physically" mounted objects to various disk image formats

  • Virtually mount optical images

  • RAM disk creation with either static or dynamic memory allocation

  • Command-line interface (CLI) executables

  • MBR injection, fake disk signatures, removable disk emulation, and much more

  • Identify (with details), unlock, fully decrypt, and disable/suspend BitLocker-protected volumes

Features Available in Professional Mode

  • Effortlessly launch virtual machines from disk images

  • Extremely powerful Windows authentication and DPAPI bypasses within virtual machines

  • Volume Shadow Copy mounting (standard, with Windows NTFS driver bypass, or as complete disks)

  • Launch virtual machines directly from Volume Shadow Copies

  • Windows file system driver bypass (FAT, NTFS, ExFAT, HFS+, Ext2/3/4, etc.)

  • Exposure of NTFS metadata, slack, and unallocated in Windows file system driver bypass mode

  • Virtually mount archives and directories

  • Save disk images with fully-decrypted BitLocker volumes

  • Attach to actual physical disks (fixed and removable) to leverage virtual machine launching, VSC mounting, etc.

Latest Features
FAQs

Our Testimonials Are Compelling!

Gather Valuable Website Credentials

Arsenal Image Mounter’s ability to reliably launch disk images into virtual machines has worked great in our ICAC (Internet Crimes Against Children) cases, especially when using DPAPI bypass to gather valuable website credentials for follow-up investigation and when capturing screenshots from within virtual machines as we prepare for court.

Brandon Canary
Computer Forensics Technician, Fontana Police Department

AIM Was Far Easier

“I recently had a CSAM case in which we needed to find a way to decrypt EFS-encrypted files found on an external hard drive. While examining various pieces of electronic evidence, we discovered that the EFS keys were on one of the suspect’s laptops. Using Arsenal Image Mounter, I launched a forensic image obtained from the laptop into a virtual machine, logged in with a Windows password we cracked with Hashcat, attached a forensic image obtained from the external hard drive to the virtual machine, and proceeded to decrypt all the EFS-encrypted files. This entire process with AIM was far easier than the other tool our agency used previously to launch forensic images into virtual machines. I have also had another CSAM case in which AIM’s latest DPAPI bypass functionality allowed us to access a suspect’s Opera-stored website credentials - without knowing the suspect’s Windows password!”

Territorial Police (UK)

More Testimonials

Unleash Arsenal Image Mounter Pro

Buy an Arsenal license and choose a subscription length (see the increasing discounts!) that works best for you. Want to try AIM first? Download AIM now and use its free functionality, or email sales to evaluate Professional Mode.

1 Year Plan
$756
~ $63/mo | Save 3%

    • Email Support

    • Renew Annually

    • Locked-in Discount

Buy Now

3 Year Plan

$2,129

~ $59/mo | Save 9%

5 Year Plan

$3,315

~ $55/mo | Save 15%

View Pricing & Plan Details
Prices shown in USD and without tax.