Did you use OSFClone to make the dd image or some other tool.

How many partitions did the source drive have?

If there more than 1 partition did the other partitions mount from OSFMount?

Long shot, but is there any chance we can get a copy of the dd image to debug it.

What file system was on each partition of the source disk if any (NTFS, FAT32, etc...)?

Thanks for the quick response. Yes, I used OSClone. It was an Ubuntu system with one drive, 3 partitions (ext3, plus 2 extended). None mounted.

What I'll do is try again on a smaller drive and let you know, sending the image if I still have problems!

So this might be normal behaviour.

Windows by default doesn't have any knowledge of the Linux EXT3 file system. So naturally when Windows sees a drive with this file system on it, it doesn't understand it and prompts you to format it with NTFS (or FAT32).

I think you would see the same behaviour if you pulled the physical drive from the source machine and stuck it into a Windows machine.

So I think that maybe OSFClone and OSFMount have done the right thing. But it is just a file system issue.

At the moment we are targeting OSFforensics at the Windows market (just because of the the market share). So OSFforensics also doesn't know anything about EXT3 either.

We are working on a disk sector viewer for OSFforensics, so once this is done you should be able to view the sectors of the dd image, even if the file system is unknown to Windows. This will be done in a few weeks.