search

ArsenalRecon / Arsenal-Image-Mounter

Arsenal Image Mounter mounts the contents of disk images as complete disks in Microsoft Windows.
https://ArsenalRecon.com/weapons/image-mounter
Other
496 stars 85 forks source link

Free version AIM permissions issue #15

Closed danielLubel closed 4 years ago

danielLubel commented 4 years ago

Hi, I'm trying to use the aim with a vmdk image. The mount process was completed successfully but it looks like there is some sort of permissions issue with the mounted device. I can't access some system folders and for example can't get the MFT file from the mounted device (can extract it using 7zip). This ain't working both using this project (cli + gui) and the project from the official Arsenal site (free mode - without license, both gui and cli).

Thanks in advance.

LTRData commented 4 years ago

Yes, file permissions still apply in a mounted image. It emulates a full disk where file systems are mounted for recognized file systems just like they would for a physical disk.

The professional version of AIM has an option to not mount with physical disk emulation but instead mount as an emulated file system, bypassing Windows file system drivers and permissions. In that mode it is possible to access metadata files and deleted files etc, pretty much like with 7-zip, but using a drive letter.

EricZimmerman commented 4 years ago

you can use KAPE to get the MFT using AIM to mount the VMDK. =)

danielLubel commented 4 years ago

I tested KAPE and it worked great, thanks Eric for another great tool 😄