imagemounter Logo

imagemounter

0
Free
Visit Website

imagemounter is a command-line utility and Python package to ease the mounting and unmounting of EnCase, Affuse, vmdk and dd disk images (and other formats supported by supported tools). It supports mounting disk images using xmount (with optional RW cache), affuse, ewfmount and vmware-mount; detecting DOS, BSD, Sun, Mac and GPT volume systems; mounting FAT, Ext, XFS UFS, HFS+, LUKS and NTFS volumes, in addition to some less known filesystems; detecting (nested) LVM volume systems and mounting its subvolumes; and reconstructing Linux Software RAID arrays. In its default mode, imagemounter will try to start mounting the base image on a temporary mount point, detect the volume system and then mount each volume seperately. If it fails finding a volume system, it will try to mount the entire image as a whole if it succeeds in detecting what it actually is. This package supports Python 3.6+. Example A very basic example of a valid mount is as follows. The command-line utility has much more features, but results vary wildly depending on the exact type of disk you are trying to mount: # imount lvm_containing_dos_volumesystem_containing_ext4

FEATURES

ALTERNATIVES

A Windows Registry hive extraction library that reads and writes Windows Registry 'hive' binary files.

Free software for extracting Microsoft cabinet files, supporting all features and formats of Microsoft cabinet files and Windows CE installation files.

Windows event log fast forensics timeline generator and threat hunting tool.

A Python-based engine for automatic creation of timelines in digital forensic analysis

Automated tool for parsing Windows registry hives and extracting valuable information for forensic analysis.

A library to access and parse Windows Shortcut File (LNK) format.

Comprehensive digital forensics and incident response platform for law enforcement, corporate, and academic institutions.

MFT and USN parser for direct extraction in filesystem timeline format with YARA rule support.