How do I get my data back?

Steve Cassidy takes a look at what goes on behind the scenes in the world of data recovery...

Data Security

"Oh yes, I think we had his drive here"

This was not what I was expecting to hear while wandering around the British offices of Kroll Ontrack, the long standing independent experts in data recovery.

Just to tease you further, I decided when that particular anecdote was presented that I wouldn't share with you the unfortunate owner of the disk in question: Ontrack has clearly been living with the lid screwed down nice and tight for many years and were enthused with an almost confessional need to share a few war stories.

I guess the takeaway lesson here is that seeing a room full of proprietary hardware that retrieves damaged sectors of spinning disks by taking their top covers off and running them naked, with a sawed-apart cover plate put back with the shear-marks still sharp and fresh (it has to support the end of the actuator spindle, they said) does not represent the daily lives of the guys actually getting the data back. If you are the unhappy chap who shipped them the disk they were talking about then you would also be paying about 700 for seeing what might be recoverable from it. And, overwhelmingly, that is an emotional process, more than a technical one.

It doesn't matter whether your drive was incinerated, stopped a bullet, rode an earthquake, or suffered the attentions of a nihilistic employee, Kroll will have a go at getting your stuff back. Its workflow is both impressive, and curiously low-tech in places a stack of Coolermaster cases out front all play host to forlorn single drives, mostly on suspiciously custom-looking USB to drive hardware adapters, some with add-on cooling fans. These are considered electrically OK, and therefore ready for a forensic copy to the BIG Ontrack disk pool, back in the server room.

I think the phrase BIG is good enough has a description of the setup, firstly because I lost count of the disks being forensically imaged while I was there, and secondly because I didn't get to see into that room. It did say rather sheepishly that it went through a short phase of recommissioning its Pentium III-based server farm because the multi-core replacements were actually slower in their resolutely simple bit-slinging usage pattern.

If a drive is electrically OK, then, and the forensic image process completes without a hitch, the data recovery process goes all virtual, with the image being worked on and recovered via more proprietary software. If it's not OK, then off with its heads a quick trip to the top lid shear cutter and on to the clean room for further attention.

When I was there, the majority of drives were laptop format, though I couldn't swear to a preponderance of any one brand over another. Once the data has been retrieved, by software or hardware-bashing methods, then it is written back to a nice new hard disk and that gets shipped back to the customer in a bouncy, foam-padded mailing box.

I am skipping over the interesting bit here though. Judging by the stories that Kroll was ready to tell, the divide between actual hardware death involving smoke coming out of your drives, and someone cocking up and then claiming it's a hardware problem is nowhere near as much in favour of dodgy hardware as you might expect. That's not to say it is running a software/human error recovery business with pretentions to status as hardware hackers. Indeed, it's quite the reverse. One corner of the clean room had iPhones in bits (info is encrypted on the chips, they said, though this isn't a showstopper), and Kroll was very confident about the largest ever disk array it had imaged and then recovered (96 drives, incidentally).

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Most Popular

80% of cyber professionals say the Computer Misuse Act is working against them
Security

80% of cyber professionals say the Computer Misuse Act is working against them

20 Nov 2020
Cisco acquires container security startup Banzai Cloud
Security

Cisco acquires container security startup Banzai Cloud

18 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020