Quote Originally Posted by whitelisted View Post
  • boot from the live image
  • hit [down] twice to select forensics mode from the boot menu
  • hit [e] to edit the boot parameters
  • hit [e] again to edit the kernel line
  • add the argument "break=bottom" to the boot parameters
  • hit [enter]
  • hit [b] to boot using the modified boot parameters


You should eventually find yourself at a prompt reading "(initramfs)". This is a bash shell located in the initramfs miniroot just before /proc, /dev, and /sys are remounted onto /root, which will eventually become your root filesystem.

Code:
(initramfs) egrep '(ntfs|ext[234])' /proc/filesystems
       ext3
       ext2
       ext4
       ext4dev
       ntfs
(initramfs) /root/bin/lsmod | egrep '(ntfs|ext[234])' 
(initramfs) gunzip -c /proc/config.gz | egrep -i '(ntfs|ext[34])' 
CONFIG_EXT3_FS=y
# CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set
CONFIG_EXT3_FS_XATTR=y
CONFIG_EXT3_FS_POSIX_ACL=y
CONFIG_EXT3_FS_SECURITY=y
CONFIG_EXT4_FS=y
CONFIG_EXT4DEV_COMPAT=y
CONFIG_EXT4_FS_XATTR=y
CONFIG_EXT4_FS_POSIX_ACL=y
# CONFIG_EXT4_FS_SECURITY is not set
CONFIG_NTFS_FS=y
# CONFIG_NTFS_DEBUG is not set
# CONFIG_NTFS_RW is not set
(initramfs)
Looks like the kernel has them compiled in statically.
Thanks for information. Ext3/4 support is still present, but if you use "debug" option you will see that Casper cannot mount these file systems with this error (/casper.log during initrd execution stage or /var/log/casper.log after boot):

/init: line 1: cannot open /dev/hda1: no such file

What a pity that developers didn't include existing patch to use forensically sound mounts during the boot.