OSFMount v Arsenal ...
 
Notifications
Clear all

OSFMount v Arsenal Image Mounter v FTK Imager

24 Posts
10 Users
0 Likes
6,703 Views
JimC
 JimC
(@jimc)
Posts: 86
Estimable Member
Topic starter
 

I've been recently been having a play with different image mounting tools.

PassMark's "OSFMount" looks pretty good and is free. It supports mounting E01 images but seems to have two limitations

1. The driver performs a "logical" mount of file system volumes. It doesn't mount the underlying sectors in a "physical" disk image

2. The E01 feature is missing write support. This means it can't be used with virtualisation software to "live boot" an image

I also had a look at Arsenal's "Image Mounter (AIM)" tool. The basic version of this is free although a little more fiddly to use. There seems to be a more (expensive?) paid version which offers more features. Crucially, it does support mounting images "physical images".

Finally, I looked at "FTK Imager". This is free and offers both "physical" mounting and E01 support. For my purposes, it therefore seems superior to both OSFMount and AIM.

Does anyone have any comments or suggestions for other image mounting tools? Did I miss anything with PassMark's tool?

Jim

www.binarymarkup.com

 
Posted : 15/10/2018 9:26 am
minime2k9
(@minime2k9)
Posts: 481
Honorable Member
 

Arsenal Recon is the best one I have used. I don't have access to the paid features but they revolve around mounting VSC's directly.

Encase does have PDE which also allows mounting of physical disks, but overkill if that's the only feature you want.

 
Posted : 15/10/2018 9:59 am
Passmark
(@passmark)
Posts: 376
Reputable Member
 

Mounting a E01 image as a volume or as a emulated physical SCSI drive accomplishes the same thing most of the time. All the sectors in all the partitions are still available in both cases. But as you pointed out there are a few cases where the difference is important. One of them is booting the image into a virtual machine, where a (emulated) physical drive is desirable. Strictly speaking there are other methods to boot the image without a physical drive, but having one make the job quicker & easier.

We are writing code at the moment to allow a physical mount option for OSFMount.
An updated version should be available in a few weeks after a bit more integration and testing.

 
Posted : 16/10/2018 3:50 am
Omnius
(@omnius)
Posts: 39
Eminent Member
 

Arsenal Recon is the best one I have used. I don't have access to the paid features but they revolve around mounting VSC's directly.

Using AR in conjunction with; https://binaryforay.blogspot.com/2018/09/introducing-vscmount.html for VSC analysis.

Using FTK for physical mounting of drives for creating VM's.

 
Posted : 16/10/2018 7:04 am
minime2k9
(@minime2k9)
Posts: 481
Honorable Member
 

Using AR in conjunction with; https://binaryforay.blogspot.com/2018/09/introducing-vscmount.html for VSC analysis.

Using FTK for physical mounting of drives for creating VM's.

Yes that is how I use AR for mounting VSC's, same technique works for creating VM's as well.
I meant paid features allow you to mount a VSC directly rather than mounting the image and then the VSC.

 
Posted : 16/10/2018 8:35 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

@JimC
JFYI, the "base" under the OFSMount tool is IMDISK, by Olof Lagerkvist, who is the same Author as Arsenal Image Mounter.

While IMDISK is completely free, besides Open Source, the AIM was developed for Arsenal Recon, it is now extremely complicated to get it, and seemingly they just switched to the "modern"[1] SAAS commercial model (and seemingly also require registration to download the "free"[2] version)

However there is a small GUI tool for it
http//reboot.pro/files/file/374-imgmount/

There is another driver that comes from MS directly, that has the same possibility of mounting a (RAW) physical image (again JFYI)
http//reboot.pro/topic/6492-virtual-storage-driver/

jaclaz

[1] "modern" is sometimes a synonym of "stupid" in my opinion
[2] that as such is not anymore "free", again in my perverted mind

 
Posted : 16/10/2018 9:30 am
ArsenalConsulting
(@arsenalconsulting)
Posts: 49
Eminent Member
 

While IMDISK is completely free, besides Open Source, the AIM was developed for Arsenal Recon, it is now extremely complicated to get it, and seemingly they just switched to the "modern"[1] SAAS commercial model (and seemingly also require registration to download the "free"[2] version)

Can you elaborate upon "extremely complicated?" I had previously signed up for our mailing list and just went to our website, clicked "Downloads", expanded "Arsenal Image Mounter", clicked "Arsenal Image Mounter", and a download began. We could eliminate one of the those three clicks (making the navigation more efficient) and I will see about getting that done this week.

[2] that as such is not anymore "free", again in my perverted mind

We are a small company and do not have marketing people. We require signing-up for our mailing list before downloading our tools, which is the primary method we use to alert current (and prospective, in the sense that they have already shown interest) users to updates in our existing tools and the launch of new tools. People can (and do) use throw-away email addresses and unsubscribe to our mailing list after they have downloaded what they want.

We don't charge for Arsenal Image Mounter's core functionality and have source code available on GitHub which we encourage open source projects to use. I feel we have launched quite a bit of free functionality in both Arsenal Image Mounter and Hibernation Recon, especially when you consider that Olof Lagerkvist is an excellent programmer (as are some of our other employees and contractors) and he does not work for free.

On a related note, developing software tends to be a way for us to lose money, not make it. If we did not have a successful consulting business, we would not be building software. Regardless, we will continue to fund more free functionality in Arsenal Image Mounter and I am open to suggestions related to that functionality, our GUI, mailing list, etc.

Thanks,

Mark Spencer, President
Arsenal Consulting, Inc.
ArsenalExperts.com
@ArsenalArmed

 
Posted : 16/10/2018 10:33 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Can you elaborate upon "extremely complicated?" I had previously signed up for our mailing list and just went to our website, clicked "Downloads", expanded "Arsenal Image Mounter", clicked "Arsenal Image Mounter", and a download began. We could eliminate one of the those three clicks (making the navigation more efficient) and I will see about getting that done this week.

[2] that as such is not anymore "free", again in my perverted mind

We are a small company and do not have marketing people. We require signing-up for our mailing list before downloading our tools, which is the primary method we use to alert current (and prospective, in the sense that they have already shown interest) users to updates in our existing tools and the launch of new tools. People can (and do) use throw-away email addresses and unsubscribe to our mailing list after they have downloaded what they want.

We don't charge for Arsenal Image Mounter's core functionality and have source code available on GitHub which we encourage open source projects to use. I feel we have launched quite a bit of free functionality in both Arsenal Image Mounter and Hibernation Recon, especially when you consider that Olof Lagerkvist is an excellent programmer (as are some of our other employees and contractors) and he does not work for free.

On a related note, developing software tends to be a way for us to lose money, not make it. If we did not have a successful consulting business, we would not be building software. Regardless, we will continue to fund more free functionality in Arsenal Image Mounter and I am open to suggestions related to that functionality, our GUI, mailing list, etc.

Thanks,

Mark Spencer, President
Arsenal Consulting, Inc.
ArsenalExperts.com
@ArsenalArmed

Mark ) ,
I knew my post would have stirred the pot, but not as much as this 😯 .

Once said that you have all the rights in the world (+1) to do whatever you want with your software, imagine that you are a non-forensics interested user in need of just a RAW image mounter.

If you go to github (the repository for the source code)
https://github.com/ArsenalRecon/Arsenal-Image-Mounter
there are "here and there" also compiled binaries, but on the "homepage" there is a hyperlink to

For end users, Arsenal Image Mounter’s full functionality (along with all our other tools) is available as part of an affordable monthly subscription. If Arsenal Image Mounter is licensed, it runs in "Professional Mode.” If Arsenal Image Mounter is run without a license, it will run in "Free Mode" and provide core functionality.
Please see Arsenal Image Mounter’s product page https://ArsenalRecon.com/weapons/image-mounter for more details.

The
https://arsenalrecon.com/weapons/image-mounter
is no more and redirects to
https://arsenalrecon.com/#products

scrolling down the page there is the choice for the various types of subscriptions, and only after it there is a

Looking for the latest
versions of our tools?

with a "Go to downloads" link to http//arsenalrecon.com/downloadsregistration/
where there is a registration form

Join our mailing list to arm yourself with Arsenal Recon updates and tools! Our mailing list is double opt-in so you will need to check your email before receiving our mailing list or downloading our tools. Please note, for the purpose of downloading our tools, cookies are required for our website to remember you in the future.

That is - again in my perverted mind - a complicated way.

To compare, check how you can get to download OFSMount
https://www.osforensics.com/tools/mount-disk-images.html
or IMDISK
http//www.ltr-data.se/opencode.html/

As said you have all the rights in the world to want people subscribing to your mailing list (while as you mentioned a number of people will provide throwaway accounts and/or unsuscribe right after having had access to the download, making it largely irrelevant), require e-mail confirmation and have cookies enabled and possibly also solve a Sudoku puzzle (besides a CAPTCHA) before allowing people to download the driver, still it is not "direct" or "easy".

Now, if you can bear another critique , you have three products
1) Registry Recon
2) Hibernation Recon
3) Image Mounter
the first two are "forensics" only (or 99.99% forensics) tools, so it is likely that people interested in them may be interested in forensics and thus in your other (future) products, the third is a (nice BTW) "generic" system tool/driver that may have tens of uses outside forensics, so it is (still IMHO) unlikely that people interested in it may have any use of the other (most probably as well very nice) tools or that are interested in forensics, let alone subscribing to the SAAS bundle to use only one tool.

Only as an anecdote, last car I bought new, I wanted, for some reasons, folding rear mirrors but I could have them only as a bundle called "Comfort Pack" or similar that for a mere 1,500 Euro or so included heated front seats and I cannot remember whatever other gadget I had no use for.

jaclaz

 
Posted : 16/10/2018 2:08 pm
JimC
 JimC
(@jimc)
Posts: 86
Estimable Member
Topic starter
 

Thank you @Passmark for confirming that OSFMount will support physical disk emulation in a future release. That would be fantastic. Please can I ask if it would also be possible to add write support (to a temp file)? Together these would make two killer features.

I agree on the comments about AIM. It is a great looking tool but rather hard to get hold of. Sure, you can download and build from the source but not many people are going to try this. It makes me think the "business" model hasn't quite been thought through.

OSFMount is free and "just works". FTK Image is free and "just works". AIM is hard to get and deliberately hard to use unless you subscribe. That is a shame because it is technically excellent once you get it working.

Jim

www.binarymarkup.com

 
Posted : 16/10/2018 2:17 pm
Passmark
(@passmark)
Posts: 376
Reputable Member
 

JFYI, the "base" under the OFSMount tool is IMDISK, by Olof Lagerkvist, who is the same Author as Arsenal Image Mounter.

True, there was a fork 8 years ago. Code is fairly different now however. We added E01 support and 64bit support. Try running some benchmarks on RAM drives for a further example of the differences.

Also it is worth stating that none of these mounting tools (at least the ones we have looked at) are totally original work. For example AIM is based on Microsoft's code.

This code here,
https://code.msdn.microsoft.com/windowshardware/WDKStorPortVirtualMiniport-973650f6
Which was released under the Apache License. And we'll also be using chunks of that code in the next OSFMount release. Although there does seem to be a few bugs in it, it is a solid starting point that people would be foolish not to use.

A big part of the job in modern software development is seamlessly gluing together other people's code and libraries to make something useful. It isn't an easy job however. It is worth paying for when done well.

 
Posted : 16/10/2018 11:51 pm
Page 1 / 3
Share: