I am currently working with a dvr i have retrieved, inside it a 2 TB seagate hard drive, after i've taken an image of it and opened it using FTK it show me 3 partitions, one NTFS which only has logs and 2 others are LINUX (un-allocated space) and it has a lot of data!
How can i read that LINUX (un-allocated space data )
Have you tried carving the 'Linux' to see if there recognisable file types?
Can we get a bit of clarification?
Linux is an operating system.
What file systems are on the non-NTFS partitions?
With more details we can help you narrow it down.
I am currently working with a dvr i have retrieved, inside it a 2 TB seagate hard drive, after i've taken an image of it and opened it using FTK it show me 3 partitions, one NTFS which only has logs and 2 others are LINUX (un-allocated space) and it has a lot of data!
How can i read that LINUX (un-allocated space data )
One partition said NTFS and the other one said (Linux Native).. soomehow when we mounted it in out forensic workstation nothing has appeared however in the disk manamgnet it shows that the paritition holds an EXT2 partition.
Have you tried viewing the partition table using 'parted' in Linux?
What version of FTK are you using? More recent versions support ext2 and ext3 without a problem.
An alternate way of getting to see the ext2 partitions is to get