If you have a Windows system image file or WIM you can mount the file just like you would an external hard drive. Once you mount the WIM you can browse through all of the files and directories just like a running dive. This enables you to run virus scans on the WIM and even add new files modifying the WIM before unmounting it. All you need to be able to do this is a WIM file and Windows AIK.
Steps (If you already have AIK installed go to step 3)
- Download the Windows Automated Installation Kit (AIK) ISO and burn it to a CD.
- Install AIK from the CD you just created.
- Make a directory on your C:\ drive call it something like images (Example: C:\images).
- Launch the Windows PE Deployment Tools Command prompt from the Program menu (Start > All Programs > Microsoft Windows AIK — Deployment Tools Command Prompt).
- Run “imagex /mountrw <path to WIM file> 1 C:\images”
imagex /mountrw D:\test.wim 1 C:\images
Note: The number 1 indicates the WIM’s index number. Each WIM can have multiple instances or indexes.
- Now you can navigate to C:\images and see all the mounted user data. Another nice thing is your can run an antivirus scan against the directory if you suspect a root-kit or other breach.
- Once you have finished you will unmount the image and commit any changes
imagex /unmount c:\images /commit
Note: If you are not going to change the WIM skip the /commit
imagex /unmount c:\images