Data Recvovery: External Hard drive Options

September 21, 2009 — 585

The Plain Truth: The External Hard Drive Recovery Options You Have

Before there where computers we had scrap books and photo boxes full of past memories.

Now personal data is put into different drives and folders for information. Like many people your internal hard drive got to big so you started to move information over to your external hard drive. Storing more information on to drive more drive has become a bigger responsibility in the modern day. With all the moving parts and internal mechanisms they are someday going to fail over time.

Even though hard drives have changed over from being spinning drives in your computer to solid state drives this doesn’t mean there 100% reliable. Remember nothing lasts forever. External hard drive recovery is a daunting task to say the least. A word of caution if you’re not comfortable with taking apart a computer then taking apart an external hard drive to fix should not be done. Here are a few tips that should help you actually help you with hard drive recovery…

To read the full article check out External Hard Drive Recovery.Net

Posted in Data Recovery. Tags: , . Leave a Comment »

Forensics: Wiping Hard Drives….Do you need thermite?

August 24, 2009 — 585

Every week, or possibly every day, there are new forums where people (with little to no experience of data recovery) discuss the merits of different methods of wiping data and destroying hard drives. One of the the frequent conclusions is that data cannot be deleted or wiped and  thermatie is the only answer.

Some people will discuss, at length, the number of wipes that are required to wipe a hard drive, with answers varying from  7 to 32.  Some insist that once you wipe it 32 times you then need to grind the hard drive to a find powder, and then, of course, use thermite.

These answers, as anybody who actually works in the data recovery industry will attest to are complete rubbish.

Once data has been overwritten i.e. a 0 is converted to a 1, or vice versa, then that data is gone. It cannot be recovered by software, electron microscopes, or men in dark suits.  It is gone.

In addition to this, the moment that the platters of a hard drive are scratched, recovering data from them is very hard, and can be impossible. Hard drive platters are surprisingly sensitive, its just that the hard drive itself is a very good design. Anyone doubting this can perform a simple test, take an old hard drive out of your computer (one with data on, but data you don’t want), open the drive and put a long deep a scratch along the platters. Then, send the drive to a data recover company and see who can recover the data. Most data recovery companies offer a free diagnoses, i.e. you can find out for free if they can recover it.

Or, if you want to use the same service the CIA, MI5, and all the other spooks use, you can pay £100 for a diagnosis and send it to Ontrack, the worlds biggest data recovery company.

KrollOntrack recovered the data from the Shuttle, they are the company that governments use when is a major case, from the  Madrid bombing to old backup tapes that contain critical data.

To wipe data do you need thermite? No. [But that would definately work!]

Posted in 0 - Forensics, Data Recovery. Tags: , , , , . 4 Comments »

How do you destroy a hard drive?

July 7, 2009 — 585

The question of hard drive destruction is often raised, when people want to prevent access to their data, e.g. getting rid of old computers.

Questions include:

  • How do I destroy my hard drive? Will drilling it work?
  • Can I burn my hard drive, will that work ?
  • Can I put it in water?
  • How many times do I need to wipe a hard drive, to get rid of all data?

Often, the answers involve “the only thing that destroys a hard drive is thermite” or “wipe the drive 100 times, then grind it up into a fine dust and then melt the dust”.

These statements almost certainly come from those who have never been in a data recovery clean room, and certainly never worked in one.

Destroying data, on a hard drive, is relatively easy and can be done one of two ways:

1)      Wiping the entire hard drive. Just once. Not 3 or 32 or 320 times

2)      Destroying the platters. Once the platters are destroyed recovery is impossible.

The latter option can be achieved by a variety of ways, such as drilling the hard drive. In theory “somebody” could read the data around the holes, though no commercial company would ever do that. As the governments outsource their major data recovery work, to commerical companies, from the NASA Columbia disaster to international terrorist incidents if its very technical and very important it gets outsourced. Therefore who exactly “somebody” is, is unclear.

The idea that overwritten data, on a modern hard drive, can be recovered is just fanciful. Nobody has ever recovered data an overwritten modern drive, and nobody has said they can, it’s merely a theory, an old theory that was never tested or proved. However, when this theory was tested, it was not possible.

Remember wiping data is not formatting or deleting data. It is wiping every single sector on a hard dive.

In short there no evidence for recovering wiped data but there is evidence to showing wiped cannot be recovered.

Physical Methods that will not work to destroy data on a hard drive include:

  • Throwing it in the water (this does not do much)
  • Setting it on fire (the temperature is not going to be high enough at home)
  • Throwing it out of the window. Hard drives can take quite a bit of G force.  They are not heavy so the impact of the hard drive on the ground is not likely to destroy the platters.
  • Drive over the hard drive. A car, or even a tank, driving over a hard drive will do nothing, any more than they  would driving over a book. Unless the drive is actually flattened, the platters are not going to be destroyed.

Electronic Methods that will not work in destroying data are:

  • Deleting files
  • Formatting files
  • Shredding files/Wiping Files

The whole drive needs to be wiped, not just some of it. Nothing else can guarantee all data is gone.

Posted in 0 - Forensics, Data Recovery. Tags: , , , . 7 Comments »

Forensics: Does water destroy a hard drive?

June 28, 2009 — 585

In computer forensics, and data recovery, it is not unheard of to come across hard drives that have got wet, and not always accidentally. In one year, the same police force, had to recover several hard drives that had deliberately been thrown into the sea – along with the rest of the laptop.

As this type of recovery is more often than not outsourced to the civil sector this leads to the question: Does water destroy a hard drive?

Water alone is not harmful to data. If the hard drive is off, and not spinning, the water will not destroy the data. The data, after all, is stored magnetically on the platters, this is not going to lost by the addition of water.

Firstly hard drives are pretty well sealed, so a quick dunk in the water is unlikely to effect the hard drive itself. Secondly, even if the hard drive is left in the water, or sea for a long time, all is not lost.

What is important is the drying process. If a hard drive has been left in the sea or dirty water for a couple of days, and is then dried out, this is not going to work straightaway, and powering it up could be damaging. The reason for this is that the salt or dirt that is left behind once the water has evaporated will stick to the platter, as the platters spin up (if that even happens) there could be damage to the surface of the platter – which will damage the hard drive.

Once the drive has been wet for a period of time it is recommended that the drive is taken to a specialist recovery company (ideally while its still wet and before its been dried out). The company will then clean the platters professionally. Even if the entire hard drive casing is damaged/destroyed they can put the platters into a new casing and recover the data that way.

Posted in 0 - Forensics, Data Recovery. Tags: , , , . 9 Comments »

Forensics: Is it possible to recover data after wiping tapes?

May 21, 2009 — 585

Is it possible to recover data after wiping tapes? Absolutely not, and possibly yes.

The answer very much depends on what the term “wiping” means in the question. If a tape is used to store data, then reformatted and the a new set of data overwritten, the previous data cannot be recovered, it has been effectively wiped.

If a tape is wiped using degaussing technology then once again the data has been lost/wiped, and cannot be recovered. 

If a tape has been reformat ed, but not overwritten, it is possible though far from guaranteed that it can data can be recovered. The reason for this is that formatting the tape, much like a hard drive, just changes the data at the beginning, of media. But the actual data is still on the tape. However, unlike hard drives, tape software puts an End of File marker at when it has finished writting data to a media which the tape drive reads and does go past, unless its overwritten. This means that when the tape is re-formatted a new End of File marker is placed at the beginning of the tape, this means that the tape drive will not read past this, so recovery of the old data is not possible, with a regular tape drive, even though the data is still on the tape.

There are solutions to this, but they are only undertaken by specialist tape recovery companies, and very much depend on the tape and tape drive in use.

This offers an excellent opportunity for forensic investigators to recover data that may have been lost.

Posted in 0 - Forensics, Data Recovery, Tapes. Tags: , , , . Leave a Comment »
« Older posts