The Ultimate Guide to Arsenal Image Mounter
Рет қаралды 3,757
Күн бұрын
@deepaknarayanan3619 7 ай бұрын
One of the best forensic channel I came across in youtube. Great and unique content as always❤ keep rocking brother.
@RandolphNwaiwu 10 ай бұрын
A great episode as always.
@bryan6066 2 ай бұрын
i have the free version but when mounting an image, the DIsk device, write original option is greyed out. Why is that
@13Cubed 2 ай бұрын
Do you have read/write access to the image file, or read only?
@NoEgg4u 5 ай бұрын
This is the first time that I have heard of Arsenal Image Mounter. Your tutorial was very good, considering the complexity of the tool. That brings me to my questions: I have an old computer that I want to replace with a new computer. However, I have 15 years of programs installed on the old computer, and I do not have all of the installation files, activation codes, etc. So if I get a new computer, and I cannot find a program or there is only a new version available and I would have to re-purchase it, etc, I would still want to have access to my old computer. Yet, I want to toss my old computer (it is a large case, and I want to reclaim the space). This is where Arsenal Image Mounter (if I understand it) will come in handy. Will I be able to make an image of my old computer (it has 3 logical drives on a single partition), and then boot that image via Arsenal Image Mounter, and hopefully everything will work, just as if I was on my old computer? I read one of your other replies, to use FTK Imager. So in summary, I could make an image of my old computer (with FTK Imager), and then mount that image on my new computer via Arsenal Image Mounter? Thanks for your help. I will take a look at your previous Arsenal Image Mounter videos.
@13Cubed 5 ай бұрын
Arsenal Image Mounter isn't really the right tool for that. There are plenty of commercial software products that can help you move programs and data between computers, though I have no personal experience with them. If you just want to use your old computer as a VM, you can probably perform a physical-to-virtual migration with tools from VMware or other virtualization providers.
@vishnu-ob7cl 7 ай бұрын
How we get the disk image files as i am new to this can we get image file from locked system or hardrive
@13Cubed 7 ай бұрын
You can create a disk image of a Windows device using a tool like FTK Imager, which is free software. For example, if the disk is BitLocker encrypted but the image is taken while the system is live/running, then you can acquire a logical capture that will contain non-encrypted data. If you image the disk in an offline state, the resultant disk image would be encrypted and would not be accessible unless the BitLocker Recovery Key was provided to Arsenal Image Mounter during the mounting process.
@TheIvalen 10 ай бұрын
it still cannot mount logical evidence files. I’ve asked them several times for this feature. I rarely use full disk
@13Cubed 10 ай бұрын
Can you give me an example of what you mean? If, for example, you pulled triage data with KAPE, you could write that to a VHD/VHDX and mount the container. Otherwise, if it's just a zip archive or something along those lines, why would you need to mount it?
@TheIvalen 10 ай бұрын
@@13Cubed .AFF, .L01, .LX01, .CTR, .DD - any of these that don’t contain the full filesystem, simply a collection of files/data in an evidence container. I use Mount Image Pro, for example, to mount these. Case example, NTFS user profile analysis. I’ll capture the entire profile and then run tools against it. Axiom/Intella for example can parse these containers natively, other tools require mounting first.
@CharanjitSingh-lb6qq 8 ай бұрын
Great video really helpful I have a question The documentation of arsenal tells that it supports affv4 I have aff files so will it work for image mount what is difference between them And can you please suggest me some more tools for windows cli through which I can mount forensic images and support most formats open source checked xways,xmount but both are of Linux and need something better than osfmount
@13Cubed 8 ай бұрын
AFFv4 is just one of many formats you can use, like E01, RAW/dd, etc. AIM should work with all of these. One of the main differences between these formats is the ability to compress data with some of them, whereas raw/dd images of a full disk will always be equal to the full size of the disk. As for tools, I just use AIM, or WSL 2 to mount Linux disk images. I'll have an episode coming out about that in the next month or so.
@CharanjitSingh-lb6qq 7 ай бұрын
@@13Cubed Thank you for your guidance helped a lot, i have another question that does any opensource or commercial tool has sdk available for development purpose can you please help me regarding it.
@13Cubed 7 ай бұрын
@@CharanjitSingh-lb6qq What kind of tool do you need, or which one are you referring to?
@CharanjitSingh-lb6qq 7 ай бұрын
@@13Cubeddont have specific in mind, my priority is using sdk [.net, java] for image mount [disk imaging] aresnal image mount doesn't provide sdk, does vound intella, belkasoft, magnet axiom provide it didnt found any information about it in documentation
@mussaabdi 10 ай бұрын
Amazing tutorial..kindly do the Linux forensic and macOS just like windows
Comedy Club
Рет қаралды 6 МЛН