How do I get my data back?

Steve Cassidy takes a look at what goes on behind the scenes in the world of data recovery...

"Oh yes, I think we had his drive here"

This was not what I was expecting to hear while wandering around the British offices of Kroll Ontrack, the long standing independent experts in data recovery.

Just to tease you further, I decided when that particular anecdote was presented that I wouldn't share with you the unfortunate owner of the disk in question: Ontrack has clearly been living with the lid screwed down nice and tight for many years and were enthused with an almost confessional need to share a few war stories.

I guess the takeaway lesson here is that seeing a room full of proprietary hardware that retrieves damaged sectors of spinning disks by taking their top covers off and running them naked, with a sawed-apart cover plate put back with the shear-marks still sharp and fresh (it has to support the end of the actuator spindle, they said) does not represent the daily lives of the guys actually getting the data back. If you are the unhappy chap who shipped them the disk they were talking about then you would also be paying about 700 for seeing what might be recoverable from it. And, overwhelmingly, that is an emotional process, more than a technical one.

It doesn't matter whether your drive was incinerated, stopped a bullet, rode an earthquake, or suffered the attentions of a nihilistic employee, Kroll will have a go at getting your stuff back. Its workflow is both impressive, and curiously low-tech in places a stack of Coolermaster cases out front all play host to forlorn single drives, mostly on suspiciously custom-looking USB to drive hardware adapters, some with add-on cooling fans. These are considered electrically OK, and therefore ready for a forensic copy to the BIG Ontrack disk pool, back in the server room.

I think the phrase BIG is good enough has a description of the setup, firstly because I lost count of the disks being forensically imaged while I was there, and secondly because I didn't get to see into that room. It did say rather sheepishly that it went through a short phase of recommissioning its Pentium III-based server farm because the multi-core replacements were actually slower in their resolutely simple bit-slinging usage pattern.

If a drive is electrically OK, then, and the forensic image process completes without a hitch, the data recovery process goes all virtual, with the image being worked on and recovered via more proprietary software. If it's not OK, then off with its heads a quick trip to the top lid shear cutter and on to the clean room for further attention.

When I was there, the majority of drives were laptop format, though I couldn't swear to a preponderance of any one brand over another. Once the data has been retrieved, by software or hardware-bashing methods, then it is written back to a nice new hard disk and that gets shipped back to the customer in a bouncy, foam-padded mailing box.

I am skipping over the interesting bit here though. Judging by the stories that Kroll was ready to tell, the divide between actual hardware death involving smoke coming out of your drives, and someone cocking up and then claiming it's a hardware problem is nowhere near as much in favour of dodgy hardware as you might expect. That's not to say it is running a software/human error recovery business with pretentions to status as hardware hackers. Indeed, it's quite the reverse. One corner of the clean room had iPhones in bits (info is encrypted on the chips, they said, though this isn't a showstopper), and Kroll was very confident about the largest ever disk array it had imaged and then recovered (96 drives, incidentally).

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
Police use of facial recognition ruled unlawful in the UK
privacy

Police use of facial recognition ruled unlawful in the UK

11 Aug 2020