 Welcome back everyone. I had just posted a video on logical volume manager and mounting a logical volume in Linux and LVM is normally used in Linux. Windows, you know, doesn't support it. It can't read it. And I don't know a really very good way to, um, support it in windows, uh, in Linux, because everything's built in, you can just use a normal kind of Linux system with, um, basically the drivers installed and you're good to go with windows since it doesn't really support that. And I don't see a way to support it. I reached out to a group called Arsenal recon and they have a tool called Arsenal image, Mount her, and I've heard a lot about this tool. I think I used it one time, a long time ago. And, um, I remember that you could basically mount forensic disc images and then run them essentially in our virtual machine or mount them as like local devices. So I contacted them and I said, Hey, do you support LVM? And they said, we don't, but that seems easy enough to do. And then a couple of days later, they sent me an update to their Arsenal image mount her, uh, so I just thought I would talk about it because they got LVM working and it seems like the easiest possible way to get logical volume, manager support, if your forensic workstation is a windows system. So Arsenal recon.com, so we can go to downloads. We can go to Arsenal image, Mount her current version is 3.6, but I think the LVM support will come out in 3.9. And then if you just click download, it'll take you directly to a download link. And they do have kind of a free version that has, um, features restricted. And then they have a paid version, which is like pro and you get all the features. I'm not sure if the LVM support is going to be in the free or the pro version, but just to know it is out there and I will show you kind of how it works. So Arsenal recon, go check out some of their tools. I'm using the Arsenal image, Mount her. Um, and then the version I'm going to show is 3.9 Arsenal image, Mount her, and then we open up Arsenal image, Mount her EXE. Okay. So the interface is very simple. Basically, we would just want to mount a disc image. Um, they have support for all different types of things. If you are in windows, you can do things with BitLocker. And they have a lot of advanced features. We're just talking about mounting a disc image first. Uh, we have our Africa CTF week one. And then this is our Linux forensic disc image in expert witness format that has a LVM partition. Look open and then you have the options, uh, how you want to mount the disc. So what we want to choose because windows does not support LVM directly, like the windows software that's built in doesn't support LVM and it doesn't support Linux partition types or file systems. We need to bypass all of the windows drivers, essentially. So we need to select the windows file system driver bypass, which is exactly what we need whenever we're dealing with a Linux, uh, system here. So then whenever we select that, a lot of other options are, are cut out. Again, the arsenal image mounter is very powerful. And there's a couple of different ways that you can attach to the data, depending on what your issues are. Since we have a Linux system, I'm going to choose the windows file system driver bypass read only, click okay. And then that's the only option. Now it's going through the mount point is e drive. And we have partition two, just a little bit of information about it. And the partition it was mounted was 18 gig, which I know is our root. Partition here. Okay. So now if I just go into my system, uh, we now have this new no name e drive. And if I click on it, then we have boot, dev, et cetera, home. So if I go into home, I should see the user's profile. Yep. And then there is the, um, username that I know was for this suspect disc image. So I am accessing on my e drive mounted e drive right now, an ext for partition running through LVM on windows. So it's just amazing. So I can't believe that they actually got this working really quickly. Um, I just came to them and said, Hey, we have this disk LVM is really common in a Linux file system. Can you support that? And they said, yeah, sure. And then they basically just rolled us a new version for that. So I guess really great support and, uh, it's a really interesting solution. So now if you're running, for example, autopsy or any of your forensic tools in windows, um, then you can just mount up this logical volume and then add files from a folder. Uh, autopsy, for example, has the option to add files from folder. So now you can just select the e drive, uh, inside autopsy, and then it will run through just like a normal disk image and process all of that. So you basically get ext for support and LVM support inside windows. Just awesome. So this is really the only way that I know to do it. And by far the easiest way that I know to do it in windows in a previous video, I showed how to do it in Linux. It's also, you know, fairly straightforward. If you're used to using the command line, but, you know, most people are already on windows, so I wanted to try to find some way to do it on windows and arsenal recon really had the best solution that I've seen so far. So, uh, if you know another way to do it in windows, please let me know. So that's how you to use arsenal image, mount her to get access to an LVM ext for suspect disk image partition in windows. Hope that was helpful. Thank you very much.