How do I get my data back?

Steve Cassidy takes a look at what goes on behind the scenes in the world of data recovery...

"Oh yes, I think we had his drive here"

This was not what I was expecting to hear while wandering around the British offices of Kroll Ontrack, the long standing independent experts in data recovery.

Just to tease you further, I decided when that particular anecdote was presented that I wouldn't share with you the unfortunate owner of the disk in question: Ontrack has clearly been living with the lid screwed down nice and tight for many years and were enthused with an almost confessional need to share a few war stories.

I guess the takeaway lesson here is that seeing a room full of proprietary hardware that retrieves damaged sectors of spinning disks by taking their top covers off and running them naked, with a sawed-apart cover plate put back with the shear-marks still sharp and fresh (it has to support the end of the actuator spindle, they said) does not represent the daily lives of the guys actually getting the data back. If you are the unhappy chap who shipped them the disk they were talking about then you would also be paying about 700 for seeing what might be recoverable from it. And, overwhelmingly, that is an emotional process, more than a technical one.

It doesn't matter whether your drive was incinerated, stopped a bullet, rode an earthquake, or suffered the attentions of a nihilistic employee, Kroll will have a go at getting your stuff back. Its workflow is both impressive, and curiously low-tech in places a stack of Coolermaster cases out front all play host to forlorn single drives, mostly on suspiciously custom-looking USB to drive hardware adapters, some with add-on cooling fans. These are considered electrically OK, and therefore ready for a forensic copy to the BIG Ontrack disk pool, back in the server room.

I think the phrase BIG is good enough has a description of the setup, firstly because I lost count of the disks being forensically imaged while I was there, and secondly because I didn't get to see into that room. It did say rather sheepishly that it went through a short phase of recommissioning its Pentium III-based server farm because the multi-core replacements were actually slower in their resolutely simple bit-slinging usage pattern.

If a drive is electrically OK, then, and the forensic image process completes without a hitch, the data recovery process goes all virtual, with the image being worked on and recovered via more proprietary software. If it's not OK, then off with its heads a quick trip to the top lid shear cutter and on to the clean room for further attention.

When I was there, the majority of drives were laptop format, though I couldn't swear to a preponderance of any one brand over another. Once the data has been retrieved, by software or hardware-bashing methods, then it is written back to a nice new hard disk and that gets shipped back to the customer in a bouncy, foam-padded mailing box.

I am skipping over the interesting bit here though. Judging by the stories that Kroll was ready to tell, the divide between actual hardware death involving smoke coming out of your drives, and someone cocking up and then claiming it's a hardware problem is nowhere near as much in favour of dodgy hardware as you might expect. That's not to say it is running a software/human error recovery business with pretentions to status as hardware hackers. Indeed, it's quite the reverse. One corner of the clean room had iPhones in bits (info is encrypted on the chips, they said, though this isn't a showstopper), and Kroll was very confident about the largest ever disk array it had imaged and then recovered (96 drives, incidentally).

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
How to wipe a laptop easily and securely
Security

How to wipe a laptop easily and securely

5 Oct 2020
iPhone 12 lineup official with A14 Bionic chip and 5G support
Mobile Phones

iPhone 12 lineup official with A14 Bionic chip and 5G support

13 Oct 2020