Arsenal Image Mounter

Arsenal

Image Mounter

Reliable. Powerful. Trusted.

Easily Launch Virtual Machines from Disk Images

And much, much more...

Many Windows®-based disk image mounting solutions mount the contents of disk images as shares or partitions, rather than complete (aka "physical or "real") disks, which limits their usefulness to digital forensics practitioners and others. Arsenal Image Mounter mounts the contents of disk images as complete disks in Windows, allowing users to benefit from disk-specific features like integration with Disk Manager, launching virtual machines (and then bypassing Windows authentication and DPAPI), managing BitLocker-protected volumes, mounting Volume Shadow Copies, and more.

See Arsenal Image Mounter In Action

Become more familiar with AIM's powerful functionality by watching our demonstrations.

Demonstrating VM launch with DPAPI bypass and external attachment via RAM disk
Demonstrating VSC launched into VM from forensic image mounted read only
Watch More

Arsenal Image Mounter Features

Arsenal Image Mounter includes both free (Free Mode) and paid (Professional Mode) features.

Features Available in Free Mode

  • Mount raw, forensic, and virtual machine disk images as complete (a/k/a “real”) disks on Windows

  • Temporary write support with replayable differencing files for all supported disk image formats

  • Save "physically" mounted objects to various disk image formats

  • Identify (with details), unlock, fully decrypt, and disable/suspend BitLocker-protected volumes

  • Access disks, volumes, and Volume Shadow Copies as virtual dd files

  • Virtually mount optical images

  • RAM disk creation with either static or dynamic memory allocation

  • Virtually mount archives

  • Command-line interface (CLI) executables and PowerShell modules (for Command Prompt and PowerShell, respectively)

  • MBR injection, fake disk signatures, removable disk emulation, and much more

Features Available in Professional Mode

  • Effortlessly launch virtual machines from disk images

  • Extremely powerful Windows authentication and DPAPI bypasses within virtual machines

  • Linux password bypass within virtual machines

  • Database-driven Windows password attack (including Arsenal's "Password Sledgehammer") within virtual machines

  • Multiple methods of Volume Shadow Copy mounting (standard, with Windows NTFS driver bypass, or as complete disks)

  • Launch virtual machines directly from Volume Shadow Copies

  • Attach to actual physical disks (fixed and removable) to leverage virtual machine launching, VSC mounting, etc.

  • Write mounted disk images to physical disks with optional free space clearing

  • Windows file system driver bypass (FAT, NTFS, ExFAT, HFS+, Ext2/3/4, etc.)

  • Exposure of NTFS metadata, slack, and unallocated in Windows file system driver bypass mode

  • Virtually mount directories

  • Save disk images with fully-decrypted BitLocker volumes

  • Recon Reports containing valuable information about disk images (and actual physical disks) useful for triage

  • Connect to remote disks over a network with AIM Remote Agent

Latest Features
FAQs

Our Testimonials Are Compelling!

It Just Works

"I used Arsenal Image Mounter’s virtual machine launching functionality to review some previous cases that had given me issues with one of our other tools. AIM’s Windows DPAPI bypass is impressive, and I was also impressed with the Linux login bypass. On a current investigation I appreciated AIM's ease of use – I just wanted a quick look at a forensic image and didn’t want to spend much time setting it up. I was able to immediately boot the forensic image and see what I needed in a matter of minutes. With our other tool, this would have required the tedious process of initial setup and multiple rounds of correcting errors to get a forensic image booted into a virtual machine. So I really like the “it just works” aspect of AIM.”

Digital Forensic Analyst
State Police (Australia)

Must Have Digital Forensics Tool

"After executing a warrant at a suspect’s home in relation to a CSAM investigation, I returned to the lab and imaged their laptop. I then launched the forensic image into a virtual machine with Arsenal Image Mounter’s Windows authentication and DPAPI bypasses. Within minutes I located the evidence we needed to arrest the suspect. AIM is an essential part of my toolbox! Quick, reliable, and easy to use during my investigations and when I prepare cases for court. A must have digital forensics tool."

D/Cst Paul Robb
Digital Forensic Examiner, Kingston Police

More Testimonials

Unleash Arsenal Image Mounter Pro

Buy an Arsenal license and choose a subscription length (see the increasing discounts!) that works best for you. Want to try AIM first? Download AIM now and use its free functionality, or email sales to evaluate Professional Mode.

1 Year Plan
$756
~ $63/mo | Save 3%

    • Email Support

    • Purchase Annually

    • Locked-in Discount

Buy Now

3 Year Plan

$2,129

~ $59/mo | Save 9%

5 Year Plan

$3,315

~ $55/mo | Save 15%

View Pricing & Plan Details
Prices shown in USD and without tax.