Slashdot Mirror
Data Recovery - Put to the Test
Kurtis Kronk @TheTechLounge writes "Today we get a close look at perhaps the leader of this industry, ACR Data Recovery. I worked closely with Doug Roberts of ACR to find the answers to questions you might ask. Not only did I ask Doug an array of questions, I also received a sample of their Media Tools Professional 2003 to see for myself if it really works, and moreover, how well. Check out this article for the full story."
Not the pr0n stash! *panics* Now if I can think of a way to lie to the Data Recoverers and say I dunno how 60gbs of pr0n got on my computer... Must have it back though!
Whenever I think of Data Recovery, I always get this mental image of a hard drive in an operating table, and all these geeky guys with glasses and long white coats poking and prodding it with scalpels.
Looks more like an advertisement to me.
"Ask not what your country can do for you." --John F. Kennedy
This is an advertisement. ACR is allowed to prattle on endlessly about all the things they've done w/o any analysis or even details...this is Slashdot, and for an article to work it needs to have the details. This is just cheerleadering at its worst--I won't waste time and ask, "why was this posted" but instead simply cut to the chase--this article isn't worth anyone's time.
A few years ago we had an employee high up in our organization that found himself in a bit of a pickle. After about a month, he resigned from the company. When he returned his laptop, we realized he had fdisk'd his computer. He did not bother to setup the new partition either. We do know there was important data on the machine but it was not worth us sending it out for examination. It is to my knowledge that we most likely could have retrieved the data a lot easier because he did not write to the disk after he f'd it all up.
Sometimes you cannot help it. The person traveled all the time and kept some of his information on the laptop. Because of legal liability, I cannot really go into details about what we needed to get and why.
alias dir='rm -rf
BTW - if you have *real* data recovery issues try Ontrack They can recover data from dead hard drives.
This wasn't an article, or review. I'm thinking it's 'looking for people to send me free stuff to review'-esque.
I just served as an expert witness for a software theft case. Data recovery was vital in proving when and where the software was copied. ...and yes, the interview seemed a bit like a self-promo piece.
Then:
He's admitting that his own company is a chop-shop! Thanks for the heads-up...
Game dev and music blog
Often data recovery is used because of intentional "user" actions. Such as, say, the disgruntled IT employee who tried to erase the contents of a hard drive which contained the evidence of his (insert crime or suspicious activity here) with out using a secure wipe utility (which may very well still be recoverable by the truely professional recovery shop, I dunno).
Even so, I don't know anyone one that makes backups in less than 24 hour increments. You can do an awful lot of work inbetween last night's backup and tonight's. If your computer go to the great network in the sky (ok, bad metaphore) before the next backup, there could still be a lot of data to recover.
From the article (attributed to Mr. Roberts):
:D
Another warning sign is when a company gives a success rate. Companies do this to play off your insecurities. They know you want your data back and are telling you what you want to hear. In other words, any company that gives a success rate is lying.
Ummm... or maybe they understand that my number one criteria is success rate and they are honest, scrupulous, hard working individuals, trying to portray their market standing.
Of course I'd prefer if someone could do an independent review...
Damn I wish I had a couple grand of hard drives to destroy
I am disrespectful to dirt! Can you see that I am serious?!
Try waving a large electromagnetic coil over it. You may need to take the cover off to get as close as possible to the disk platters. While you're there, give the platters a good clean with some Wet & Dry to remove any ingrained dirt.
This "story" seems to be nothing more than a thinly disguised ad for the products and services of a specific company. There's nothing of any technical interest or value here.
/. going to get story modding rights so we can remove this stuff from the front page?
Now when are readers of
John.
This was billed as an "article", which strongly implies news, or analysis of some sort. Instead, all I saw was a page full of someone asking softball questions designed to give the company rep a chance to talk about how cool his product is and how you shouldn't trust their competitors, and then a page about how to use the product itself.
No analysis, no questioning (or support) of the claims made, nothing like that. Even the very real problems the reviewer briefly mentions (can only write data to a FAT32 partition, for example) are quickly handwaved away and ignored. Indeed, if it will only write to a FAT32 partition, then how do I know it will read my ext2, ext3 or ReiserFS partition? This "review" or "news piece" sure doesn't tell me.
This is not news, and not helpful. In fact, this story doesn't seem to matter, either.
Kai MacTane: Web developer for hire in San Francisco
software theft....hah
Uh huh - without touching the platters - right.
And no dust as well.
I would strongly suggest trying this on - oh say - 15 trow-away HD's before realizing that without a lot of experience you can forget about this course of action.
Send them to Ontrack or whatever : if it's worth your time to fiddle with the hardware, you can afford to send it away (or you are underpaid).
Research is what I'm doing when I don't know what I'm doing.
Seems to me like this interview is more of an advertisement. No technical details, no ethical questions, just "why are you the best?" and other such nonsense.
Nothing to see here, move along
Where's my lobbyist? Right here.
Is that the same Kurtis Kronk that posted inane comments on this forum?
Surely there can't be that many people in the world bearing the same name.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Maybe SCO can use these guys to find their code in the Linux kernel! Then they wouldn't have to resort to displaying random functions in slide presentations and waving their hands a lot (presumably to dissipate the ensuing stink).
Do they sell any software I can use to recover the time I wasted reading that "article"?
Next time just send it out as spam so my filter will eat it.
How can the reviewer dump all over non-dos data recovery software without at least doing a comparison of what the alternatives were able to recover?
I've used R-Studio to recover 3 dead hard drives now, and it got absolutely everything every time.
Last time there was a physically damaged SCSI hard drive which I got _everything_ off. (It showed up as an unpartitioned drive and had tens of thousands of bad sectors).
R-Studio is idiot proof windows software which does things like let you save off an image of the entire drive to another location before you start playing.
This guy gives a glowing review to software which has a user interface from the mid-eighties and limited him to recovering 32GB.
Even then he didn't get all of his files back! How can he tell whether this is because they're gone or the software is lousy????
When I destroyed a fat16 hard drive lately, A friend of mine and myself didn't like the tools we found, so we wrote our own. http://www.mit.edu/~raindel/ This tool: puts together 2 fat tables to make one. searches for fat chains. locates directories and builds whatever directory structure is available. sooner or later I will get around to make a general purpose free software tool out of this, but I have other stuff to do first. Me. P.s Backup is simply not enough.
Clearly the subject story is an infomercial for this vendor.
Due to a partition-magic mishap I whacked my wife's hard drive...which she had fallen out of the habit of backing up. I need to do some recovery. It's a win98 system with a fat32 filesystem.
I had a copy of norton utilities, which did not help much.
I downloaded a demo of ontrack's tool, which seems to get reasonable results but crashed a lot when previewing (presumably bad) jpeg files. It took forever to run ant the $100 version could only recover 25 files at a time. If it weren't for the crashing i'd probably just buy it - she doesn't need more than maybe 100 files, but trying to recover all 4000 jpeg files on the drive, 25 at a time, to then be able to review which ones she wants...
I tried a unix/linux based tool set called "forensics tool kit" which wasn't able to read an image of the drive.
any other suggestions?
From: cberfield@microsoft.com
To: Slashdot editors
I am the Marketing Director at a big IT company, can you please email me the prices for infomercial articles on Slashdot.
Thank You!
Chris Berfield
Marketing Director : Internet Division
Microsoft Corporation
So what you are saying is that, if somebody were to delete everything on one array, the deletion will in real time be mirrored to the other array? I certainly hope that is not your only backup strategy...
In the end we did not even need it. Spent about 2-3 weeks restoring the mail server to various points and filtering and printing emails. The emails were evidence enough. Shortly after this, we put a 5 day deletion retention on our mail server so we at least have 5 backups of any email.
alias dir='rm -rf
"Only wimps use tape backup: real men just upload their important stuff on FTP and let the rest of the world mirror it"
- Said a wise man
I hope you got a decent cut from this "sponsored by" infomercial, because you're now on my shit list along with those duping buffoons michael and Taco. Or is your share just from the ads that get served on Slashdot to everyone that's currently pointing out what a lazy, slipshod muppet you are? Hey, subscribers; did you enjoy paying to read this infomercial before anyone else did? Did that give you a warm fuzzy?
On the bright side, at least Hemos got to post this first. When michael or Taco dupes it later, Slashdot will have hit its nadir.
If you were blocking sigs, you wouldn't have to read this.
Wow... That's some HUGE document you lost. At 4KB per fragment times 50 millions that's 200K millions bytes that's a 200GB document. I'm not even certain that NTFS can have that a large document in one file (unless it's block size is greater than 4KB, but that would also mean that the document would be larger than my estimate - which is already on the lower size by assuming that each fragment is only 4KB!)
;-)
You know. You should NOT write everything in the same document
Taking the platters out and putting them in a working drive is a perfectly reasonable solution, if you have the tools. Thats why most of these data recovery people have class 100 and below clean rooms on site.
When I think of the leader of the Data Recovery Industry, I think of Ontrack.... I don't know who these other guys are.
If you pull apart a fried drive, you'll see that the platters are tied down pretty tight, but that if you pull the platters off then it is basically impossible to re-synch them. I would love to know about the tools they use there.
There are some nice software recovery tools out there, and some decent ones for about 100 bucks (check out www.z-a-recovery.com)
but the equipment for when you can't talk to the drive ... that's something else
"It is a greater offense to steal men's labor, than their clothes"
While the article itself is something of an advertisement, I _do_ have the Media Tools package and it _does_ work pretty well...horible documentation, though.
Now...staying relatively on-topic...lemme tell you just how bad OnTrack stinks. I needed a notebook PC's data recovered after a system crash. Instead of dinking around with it myself and possibly losing the data forever, I forked over some dinero to have OnTrack perform a recovery.
After two days of phone calls and emails, I finally get the info for shipping the HD. After it arrived at OnTrack's facility, I never heard word ONE from them...I had to call and badger them every time I needed a status update. After two weeks of waiting, I called only for them to tell me "Oh, I'm sorry we can't do anything with the disk." More than a month later, I finally got my HD back from them and that was only after I called a final time, talked with no less than three different people, and got a stammering apology. UPS delivered a NFG HD to me the next day.
If you plan on using OnTrack - don't. If you need data recovery - don't use OnTrack, try the recovery yourself or use a different vendor. I have crossed OnTrack off our corporate list of approved vendors and have promised to tell any of my peers who are looking for data recovery service to steer clear of OnTrack and their (very) dismal customer service.
-PONA-
+that's funny...I don't FEEL tardy.+
Indeed. I suggest a new catch phrase: "Journalistic Integrity - put to the test".
Er, wait, how about: "Journalistic Integrity - thrown out the window"
Please help metamoderate.
"Use our software, it was made in DOS, and works Real Good (tm)"
I want to hear about how you get data of a drive that's been shattered, or shot, or burned in a fire, not how amazing your marketing department is.
Weak.
CIA Industries - Running the world for fun and profit
Too bad the article did not talk about any difficult recovery scenario, like when part of the physical platters are destroyed. All that article talks about is how to recover deleted files or slack space.
From the article:
"To recover the data from the zip file, do not use WinZip or WinRAR. You will need a special DOS based ZIP program called PKZIP, which you can get here.(link)"
I guess "special" means "original." I STILL keep my PKZip 2.04G disk handy - just in case.
"As God is my witness, I thought turkeys could fly." A. Carlson
It started off as a hobby, sort of. I used to work for the old WordPerfect corporation where we had customers that sent in floppies that had "REALLY IMPORTANT" documents on them that had become corrupted or partially deleted, one way or another.
Data recovery tools weren't as advanced as they are nowadays so it was a much more arduous task. I had to scour the floppies and pull off as much data as possible, mostly using the old debug command under DOS. I was mostly doing it for fun as the WordPerfect corporation didn't want to become file recovery experts. I was just into it for the challenge and to offer a nice service to our customers.
I recovered data off a floppy that had a pencil stuck through it, floppies that had been formatted (easy) partially erased by magnets (tough), and various methods of corruption and deletion - including accidentally saving a blank document over the top of an existing document... OOPS!
I was once asked "How do you recover the data?" and I had a tough time answering, as each case was different from the other. I just told them that "Performing data recovery is like running a sausage mill backwards to manufacture pigs." What comes out of the process doesn't look pretty, but its better than starting from scratch.
I then went on to recovering data from hard drives. After WordPerfect I became a 'consultant'. One Monday morning, one of my customers had their WIN NT 3.51 server hard drive crash. It was a head crash, you could hear the heads riding the platter. An awful noise that once you hear it, you know you're screwed.
I spent 16 hours pulling data from that hard drive, and once I was done (I had pulled as much data as I could) we opened up the drive to discover that the head on the bottom platter had fallen down, and had been riding there over the weekend. It had etched away at the platter for so long that the platter had actually fallen down and was sitting in a pile of HDD shavings at the bottom of the drive. Sheesh!
Over the years I collected numerous utilities for data recovery, but I started getting out of it once LBA mode drives came out and the actual hard drives were being managed internally, rather than by the OS. Not that it made it more dificult, but you saw fewer and fewer hard drive errors because MS was finally removed from their management position over the HDD data.
Anyhow, back to work...
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
ACR Data Recovery Media Tools Professional 2003. Really! I got one of those terrible deskstar drives, and recently it started going whiirr-click. When I tried booting Win2k it decided it needed to check for integrity and after about a 1/2 hour of "fixing" rendered my hard drive unbootable and fdisk showing no partitions! I tried 4 or 5 of the "big" software solutions to no avail. Media Tools was the 1st one that actually worked. I was able to rewrite the partition and fat information and "gasp" mount my hardrive! Much of the information was corrupted but at least I got some/most of it. The only thing that really sucked was Media Tools 25 drive licence, I used 5 of my licences just to get my data back from 1 drive. I am now using a highpoint 404 controller to mirror my new drives. Less than $200 for a drive mirroring solution. I learned my lesson!
Swear to god, this was just a strange coincidence.
The reviewer lost all my respect at that sentence. If the review didn't already sound like an advert, calling PKZIP 'special' and providing a link to the PKWare store just flipped my mind a bit. You should be able to find PKZIP at Simtel.
Ah, well, I'm keeping my copies of PKZIP (v1.1 & v2.04e) safe on many archive CDs.
OSX 10.3 now has 'secure delete' build into the OS. You can remove files using secure delete and it deletes the data and then nulls out the actual data on the drive with like 3 passes.