Perl's not really suited to low-level stuff, except maybe for the regexing of the binary data you pump out. I know an old trick to read a bios is to use dd (on linux)

dd if=/dev/mem bs=32k skip=31 count=1 | strings -n 10 | grep -i bios
[download]

dd   if=/dev/hdb0  | strings -n 10 | grep -i  secretkey
[download]

my $pid = open(FH, " dd if=/dev/hdb0 | ") or die "$!\n";

while(  my $rrv = sysread( FH, my $buf, 1012 ) ){
         #regex your $buf here for whatever
         #of course you will have to worry about missing full strings
         #on your chunk boundaries, so you may need to save a few 
         #hunderd bytes of each $buf to add to the next one
      }
[download]

What's the filesystem? That determines many other things. How are attributes, ownership, and timestamps stored? Is there journaling involved? If so, what part of the data is the journal?

What's the block size? Many filesystems allow different block sizes to be configured.

What's the byte order of the stored data? Is it determined by the filesystem spec, or does the filesystem use whatever is native to the platform?

The best reference for a filesystem is often the implementation of the FS driver for the platform on which the image was created. IOW, it's usually easiest to mount the file system (possibly read-only) and look at the files and directories that way.

Perl could certainly be used to read and manipulate data according to a filesystem specification, but you're looking at reinventing many very intricate wheels.

It's been years since I cracked it open but IIRC "Perl for System Administration" ISBN 9781565926097 opens with an example of scanning of a dropped laptop's hard drive block by block to rescue everything that wasn't damaged. I'm sure there would be some good info in there related to whatever you're doing.

Many moons ago I ended up writing a mound of code in order to recover data from a busted ext3 file system.

You can use sysopen and sysread directly on /dev/whatever -- you end up reading blocks of bytes, and picking over those either with substr or unpack. I implemented a modest cached buffering system, for obvious reasons. (Of course you can open the device read-only.)

Mind you, after a while I began to wonder if Perl really was the best language to do this in !

codeboot

mount -o loop,ro,noatime cdrom_image.iso mountpoint/
mount -o loop,ro,noatime partition_image.img mountpoint/
[download]

( Description of MSDOS-style partition table and master boot record as
+ gleaned
from the soure of /parted/ and /grub/.  )
---------------------------------------------------------------- 0 - 6
+3
boot code boot code boot code boot code boot code boot code 
---------------------------------------------------------------- 64 - 
+127
boot code boot code boot code boot code boot code boot code 
---------------------------------------------------------------- 128 -
+ 191
boot code boot code boot code boot code boot code boot code 
---------------------------------------------------------------- 192 -
+ 255
boot code boot code boot code boot code boot code boot code 
---------------------------------------------------------------- 256 -
+ 319
boot code boot code boot code boot code boot code boot code 
---------------------------------------------------------------- 320 -
+ 383
boot code boot code boot code boot code boot code boot code 
---------------------------------------------------------------- 384 -
+ 447
boot code boot code boot code boot code (to 440)        AAAABB(
---------------------------------------------------------------- 448 -
+ 511
partion one  )(partion two   )(partion three )(partion four  )CC

AAAA = mbr_sig
BB = unknown 
CC = magic

Each 16 byte partion entry is 
---------------- 0 - 15
ABBBCDDDEEEEFFFF
C = type
BBB,DDD = 
EEEE = start sector from 0
FFFF = length in sectors
[download]

mount -o ro,noatime,loop,offset=<sector offset * 512> hard_drive_image
+.img mountpoint/
[download]