I prefer the old fashioned manual method in a hex viewer. I like to avoid false negatives by scanning the image for all executable signature 0x55AA. That way, I can quickly identify all Volume Boot Record (VBR ), identify the file system, ignore the backup VBRs, quickly ignore the false positives, and then any of the above mentioned tools can be used to recover partitions if needed. That way, I can verify if the tool can recognize all the partitions. I sleep better if I don't need to worry about false negatives. You or the tool might not even know the file system signature, but the 0x55AA will be there.
Brian Carrier showed us years ago that people can come up with strange ways to manipulate the partitions that tools might miss like extended partition in extended partition.
↧