Can you find the flag in this disk image? The right one is Linux! One wrong step and its all gone!
Hint: How can you extract/isolate a partition?
The given file for this challenge is disko-2.dd. The problem indicates that the flag is hidden in a Linux partition on this image. Upon opening the image in FTK Imager, I found two partitions along with some data in the unallocated space.
At this point I poked around in the unallocated space and found a couple of false flags, which reminded me that the problem specified that the right one is located in a Linux partition. So I moved the file onto my Kali VM and ran fdisk -l disko-2.dd to check the partitions.
This means that the first partition in the disk is the Linux partition and the flag should be located in there. To carve out this partition, I ran dd if=disko-2.dd of=linux_partition.img bs=512 skip=2048 count=51200.
Now I have the Linux partition carved out as linux_partition.img and can start my analysis for the flag. Since I know the flag format of picoGym is picoCTF, I can run strings along with grep to find the flag.
picoCTF{4_P4Rt_1t_i5_a93c3ba0}