The primary superblock in your EXT file system image is corrupted. How can you use the command-line to locate a backup superblock and how can you mount the file system using that information?
1. Use "mke2fs -n $device" to find blocks where backup blocks are stored
2. Use "e2fsck -b $block-number $device" to restore
Should work
@oliverwiegers It's a forensic copy, so I want to be able to mount it without modifying the image. 🙂
@hal_pomeranz @oliverwiegers you can support temporary changes by using xmount --cache or something similar . Xmount is nice because you can work directly with a virtual disk image when your image is E01.
https://manpages.ubuntu.com/manpages/xenial/man1/xmount.1.html
You can also work in a vm. Make a simple vmdk or other disk format pointing to the forensic image and add it to your vm, then make a snapshot - this should have the same effect. You should of course have other measures in place to avoid writing to the forensic image.
@kefir @hal_pomeranz I like that. Thanks