It is easy to mount a cdrom or hard drive PARTITION image under linux. 
mount -o loop,ro,noatime cdrom_image.iso mountpoint/
mount -o loop,ro,noatime partition_image.img mountpoint/

[download]
However, directly trying to mount a hard drive image fails, because the start of a disk is not the start of the first partition.
The first sector of a typical hard drive looks something like 
( Description of MSDOS-style partition table and master boot record as
+ gleaned
from the soure of /parted/ and /grub/.  )
---------------------------------------------------------------- 0 - 6
+3
boot code boot code boot code boot code boot code boot code 
---------------------------------------------------------------- 64 - 
+127
boot code boot code boot code boot code boot code boot code 
---------------------------------------------------------------- 128 -
+ 191
boot code boot code boot code boot code boot code boot code 
---------------------------------------------------------------- 192 -
+ 255
boot code boot code boot code boot code boot code boot code 
---------------------------------------------------------------- 256 -
+ 319
boot code boot code boot code boot code boot code boot code 
---------------------------------------------------------------- 320 -
+ 383
boot code boot code boot code boot code boot code boot code 
---------------------------------------------------------------- 384 -
+ 447
boot code boot code boot code boot code (to 440)        AAAABB(
---------------------------------------------------------------- 448 -
+ 511
partion one  )(partion two   )(partion three )(partion four  )CC

AAAA = mbr_sig
BB = unknown 
CC = magic

Each 16 byte partion entry is 
---------------- 0 - 15
ABBBCDDDEEEEFFFF
C = type
BBB,DDD = 
EEEE = start sector from 0
FFFF = length in sectors

[download]
The sector counts are little-endian integers, easily parsable with unpack("V"). Using the offset of the partition, it is possible to mount a partition within a hard drive image file. 
mount -o ro,noatime,loop,offset=<sector offset * 512> hard_drive_image
+.img mountpoint/

[download]
On some older systems, mount only accepts offsets up to 2gb. A simple way to check if this is a problem is to run
losetup -o 5100200300 /dev/loop5 small_file
followed by
losetup /dev/loop5
A system that limits offsets to 2gb will print
/dev/loop5: [XXX]:XXXXXX (small_file) offset 2147483647, no encryption
A system that supports large offsets will print
/dev/loop5: [XXX]:XXXXXX (small file) offset 5100200300, no encryption

In reply to Re: disk image forensics by ohcamacj
in thread disk image forensics by cutlass2006

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.