When we mount the drive we can see there is a forensics tool inside it. Then when we use that to analyze the drive we can see some secret files. And by separeting secret files from it we can get the flag!

Flag: castorsCTF{f0r3ns1cS_ls_ITs_0Wn_b0SS}