How do I get my data back?

Steve Cassidy takes a look at what goes on behind the scenes in the world of data recovery...

"Oh yes, I think we had his drive here"

This was not what I was expecting to hear while wandering around the British offices of Kroll Ontrack, the long standing independent experts in data recovery.

Just to tease you further, I decided when that particular anecdote was presented that I wouldn't share with you the unfortunate owner of the disk in question: Ontrack has clearly been living with the lid screwed down nice and tight for many years and were enthused with an almost confessional need to share a few war stories.

I guess the takeaway lesson here is that seeing a room full of proprietary hardware that retrieves damaged sectors of spinning disks by taking their top covers off and running them naked, with a sawed-apart cover plate put back with the shear-marks still sharp and fresh (it has to support the end of the actuator spindle, they said) does not represent the daily lives of the guys actually getting the data back. If you are the unhappy chap who shipped them the disk they were talking about then you would also be paying about 700 for seeing what might be recoverable from it. And, overwhelmingly, that is an emotional process, more than a technical one.

It doesn't matter whether your drive was incinerated, stopped a bullet, rode an earthquake, or suffered the attentions of a nihilistic employee, Kroll will have a go at getting your stuff back. Its workflow is both impressive, and curiously low-tech in places a stack of Coolermaster cases out front all play host to forlorn single drives, mostly on suspiciously custom-looking USB to drive hardware adapters, some with add-on cooling fans. These are considered electrically OK, and therefore ready for a forensic copy to the BIG Ontrack disk pool, back in the server room.

I think the phrase BIG is good enough has a description of the setup, firstly because I lost count of the disks being forensically imaged while I was there, and secondly because I didn't get to see into that room. It did say rather sheepishly that it went through a short phase of recommissioning its Pentium III-based server farm because the multi-core replacements were actually slower in their resolutely simple bit-slinging usage pattern.

If a drive is electrically OK, then, and the forensic image process completes without a hitch, the data recovery process goes all virtual, with the image being worked on and recovered via more proprietary software. If it's not OK, then off with its heads a quick trip to the top lid shear cutter and on to the clean room for further attention.

When I was there, the majority of drives were laptop format, though I couldn't swear to a preponderance of any one brand over another. Once the data has been retrieved, by software or hardware-bashing methods, then it is written back to a nice new hard disk and that gets shipped back to the customer in a bouncy, foam-padded mailing box.

I am skipping over the interesting bit here though. Judging by the stories that Kroll was ready to tell, the divide between actual hardware death involving smoke coming out of your drives, and someone cocking up and then claiming it's a hardware problem is nowhere near as much in favour of dodgy hardware as you might expect. That's not to say it is running a software/human error recovery business with pretentions to status as hardware hackers. Indeed, it's quite the reverse. One corner of the clean room had iPhones in bits (info is encrypted on the chips, they said, though this isn't a showstopper), and Kroll was very confident about the largest ever disk array it had imaged and then recovered (96 drives, incidentally).

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Most Popular

REvil threatens to release Apple’s hardware schematics

REvil threatens to release Apple’s hardware schematics

21 Apr 2021
How to find RAM speed, size and type

How to find RAM speed, size and type

8 Apr 2021
Samsung Galaxy S21 Ultra review: Ultra in every sense of the word
Mobile Phones

Samsung Galaxy S21 Ultra review: Ultra in every sense of the word

22 Apr 2021