Slashdot Mirror
Recovering Data From Broken Hard Drives and SSDs (Video)
Russell Chozick owns a small company in Austin. TX, called Flashback Data that recovers data from messed-up hard drives. And SSDs and Flash memory, too. How badly damaged does a drive have to be to defeat Russell and his crew? Apparently, smashed to bits. Not long aqo we did a video about a company that destroys data on hard drives, and we've had at least one Ask Slashdot where the question was, "What's the Best Way To Destroy Hard Drives?" In today's video, Russell is talking about the opposite of destruction -- except that he destroys data upon request, too. Obviously, checking the wrong box on a customer order form could cause big problems at Flashback Data, couldn't it? Let's hope they never do that -- and let's hope we all back up all of our data so we never need to use a data recovery service. You do back up all your data, don't you?
One hopes with this extra source of funds Slashdot might hire some editors.
Do one overwrite with zeros for magnetic media. They cannot recover that. Open the drive, take out the platters, bend or break them, they cannot recover that. SSDs are more tricky, but one overwrite with random data assures that no more than the spare capacity can be recovered.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
...is to literally destroy the drive...
A small four-pound sledge and a suitable hard surface to act as an anvil and one can break the aluminum case into bits in a couple minutes and crease and crack the platters to the point that there realistically isn't anything being read from there. If you're REALLY worried, break out the plasma cutter and just cut the platters into bits...
Speaking of bits, Spanish colonial currency were "pieces of eight". "Shave and a Haircut, two bits" is a $0.25 cost. So, eight bits to a full unit... Coincidence for eight bits to a byte, or intentional?
Do not look into laser with remaining eye.
Does this company offer a way to recover a Slashdot that doesn't disguise advertising as a story?
Look where all this talking got us, baby.
Thanks to Slashdot's video implementation, I get a big div in the middle of the screen that says,
This plugin is vulnerable and should be updated.
Check for updates...
Click here to activate the Adobe Flash plugin.
Now my Firefox is up to date and the Flash plugin was updated earlier this month.
I assumed the video was just a shameless promotion for the company, but clicked it anyway. Then, I saw that I was supposed to sit through a 30 second advertisement for some other random $#!T just so I can see an ad for this company ?
Sorry, No.
s/that recovers data from messed-up hard drives/that has learned the value of sponsored content advertising through the dice network/
Good people go to bed earlier.
We really need a way to exclude video stories. Also, where do I sign up to buy a front page story?
I is sick of thems.
>> I imagine it makes a lot of sense to keep the size of a byte as a power of two (for addressing reasons, maybe?)
I hope you're kidding, but in case you're not: http://en.wikipedia.org/wiki/Byte
This is such a random interview, he should of sat down and planned what he was going to say, this just sounds quick, dirty and unprofessional. I can't take a company seriously where the interviewer doesn't answer questions using a solid brief format. He's not even answers the questions properly, I give this a 2 / 10, to be fair I give most interviews about a 4 / 10, If you include PR you lose marks. Sit down, right out all the question and answer you want to talk about, practice it, re practice it and then go. Every time you stutter or have throw off a question you just look bad to the camera, I hate to be hating on this guy but it's pretty bad.
What about all these hard drive recovery tools?
Are they good or are the whack?
Why is this stupid marketing BS still displayed?
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Did you basically just use Youtube's auto-closed-captioning function? The quality of the transcript is so bad it's virtually unreadable.
Please help metamoderate.
Fuck right off.
Not disagreeing that the video was pretty bad - I can't say I'd do any better if asked to do an interview off the cuff. Definitely not a well planned advertisement if that's what it was supposed to be.
I've had customers that have used these guys with about a 50/50 success rate at getting 100% data back. The times they couldn't get the data were due to head crashes that had scrapped the platters clean.
It never seems to fail, customer declares they absolutely don't need backups for their workstations, they only need it for their servers and that their users will always remember to put the data on the server. Except they don't . . . and there ends up being something business critical on Joe User's laptop that they just dropped/spilled on/etc.
The way Flashback works is they'll do an eval on the drive (which they used to charge a couple hundred bucks to just do the eval, but they've gotten cheaper on the more common drive types) - after they get you the list of files that they can get back, they'll quote you what it takes to recover the data and you can choose whether to move forward. If they can't get anything, they let you know and you aren't out thousands of bucks with nothing to show for it.
As much as we try to avoid the situation where an individual drive matters when it comes to data, the human part of business seems to generate conditions that causes these guys to be needed. I rarely have had to take anything to these guys, but overall I've been happy with the turn around, the pricing is reasonable compared to the national-mailin type chains and they don't sell you on things that are impossible. Usually I end up just bringing them a boxxed drive to dump the data on if they can get it, but they've been flexible at getting the important files up on a site that we can ftp it if the customer desperately wanted it.
(and that's probably a better slashvertisement than what ended up coming across in the video - there was still some good info in it about how the ssd recovery differs from platter based if you can sit through the eye twitching and 'ums'). In any case - they haven't come across as the usual scum/basement recovery operations.
This stuff isn't It's not easy,and the costs can go rediculously through the roof. Having done a TINY bit myself, shipping out some work, etc..
See my Sig though, it's all right there.
How much is your data worth? Back it up now.
When you first installed AdBlock (years and years ago, I assume), what did you think the logical end-point was? Surely you weren't just thinking "well, it'll just be me and a handful of other savvy computer geeks so it won't fundamentally impact the way that every website I read is funded", were you?
As Kant said, "act only according to that maxim whereby you can, at the same time, will that it should become a universal law." If everyone installs AdBlock, or a sufficient fraction of everyone, traditional advertizing no longer provides revenue, so revenue must come from elsewhere. Subscriptions ain't cutting it, so paid advertizements are disguised as editorial content to evade your filters.
I thought this was going to inform me on a few ways I could do it myself. I don't really care to hear what someone else can do for me.
No video for me.
The story did get me to go double check that all my backups are running as expected. I am the backups of the backups kind of paranoid person.
We can flag comments as spam, but not "stories" such as this. Hmm.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
I worked for awhile in a companies laptop repair depot. We received a laptop back from a user requesting data recovery. The laptop had been run over by a truck, and when you shook the hard drive it sounded like sand inside.
No, it's true. Check out this post for evidence.
The Wayback Machine still hosts a site that details a lot of APK's illness and insanity. It makes for some good reading:
http://web.archive.org/web/20060627084830/http://www.jaylittle.com/jaylittle/default.aspx?cmd=article&sub=display&id=30
It's ah... shall we say... inaccurate.
Perhaps Slashdot should follow Fark's lead and put a "sponsored" flag on stories like these and disable commenting? That way it would be clear that the story was an advertisement and they could avoid alienating their user base. Slashvertisements are usually fairly obvious and when they do appear the comments tend to all be very negative against whatever was being advertised. This way Slashdot could get their ad money for the promotion without pissing of the readers and filling the comments with vitriol.
I've been seeing Roblimo's stories for ages. I was never all that impressed, but some were of interest and even value for at least entry level folks. AT the least, I did not have a negative view of his writing. But, these videos seem to suggest that he is absolutely clueless and technically inept.
This video is being presented as actual content, with the inference that he will be covering actual data recovery. Instead we get a Slashvertisement where no technical detail is provided, questions regarding cost are ignored and danced around while a doddering old fool whines about not having Google Fiber. With all the "content" in that video, AOL dialup is all that Roblimo deserves!
Alternate tools: .308 .223 .44 Magnum .40 S&W .45 ACP
12ga slug
I doubt after your hard drive goes through a chipper/shredder that they could recover the data.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
Overwrite the entire drive with Rick Rolls.
You mean wasted space on copies of stuff?
I live in Austin and had an SD card die between a photographer's camera and my computer. Sadly, it had my wedding reception photos on it. I sent the card to one data recovery place in CA. They gave up and sent it back. I heard about Flashback and took the card there.
1. They didn't solve the problem. The card is likely forever unrecoverable due to being unable to read both data chips. Without being able to physically repair the chip, it's dead and no data is recoverable due to interleaving.
2. They were very helpful in explaining what they tried, and it seemed like they tried quite a lot. They conferenced in a collegue in MA to help figure out any way that might be possible to recover the photos.
3. They had the cheapest estimate of anywhere I looked. They didn't charge me since they couldn't recover anything.
I'd go there again without looking elsewhere if I needed them again. I felt like they made a great attempt and had the lowest pricing to boot. Sucks that I'll forever only have a few mostly crappy photos of my wedding reception
There is a light side and a dark side.
Use the tape wisely.
No brain, no pain.
NSA frequently trolls sites like Slashdot (with the co-operation of the owners), pushing FUD about the real world difficulty of destroying data. Their intent is simple. to reduce the number of people using 'best practice' when it comes to destroying data.
A hammer to your HDD or SSD chips will destroy their content for certain. Nobody recovers data from smashed HDD platters, or properly trashed flash chips. However, such extremes are completely unnecessary (and are only used by government agencies when computer equipment is in imminent threat of capture by the enemy).
To destroy data on a HDD, use a low-level program to over-write the file with random data. Do NOT ever over-write with all zeroes, or indeed all of any single byte value. Such an act may cause the HDD firmware to simply flag the sector as empty, while leaving the actual magnetic data untouched. If an entire HDD needs to be cleared then firstly delete all existing files, then simply fill with enough files of random data to meet its actual capacity, and then erase these files. Only real files containing random data are ensured to bypass semantic mechanisms that may be found in the OS or firmware.
A SSD drive may be wiped using a similar process, but beware the much more complicated firmware that many of these devices use. An SSD drive may set aside a lot of extra storage beyond its rated capacity, and this storage may not be accessible all the time, due to 'wear levelling' and 'redundancy against block failure' functions. Some of your important data may have copies currently residing in areas not currently available to the OS, but recoverable by specialist software. A 'full erase' is likely only possibly using a vendor supplied program that will only flag blocks as empty, and not actually clear them.
Some hard-drives have similar mechanisms, where bad blocks are identified by the firmware, and removed from visibility to the OS. These 'bad blocks' may contain data that can be recovered to some degree using specialised software tools. Imagine you have a plain-text file containing information you wish to keep private. At some point, some of the physical blocks holding this data go 'bad' and the HDD firmware removes them (usually by re-mapping) from OS visibility. Now, most usual ways of wiping the HDD won't touch these flagged bad-blocks, but the vendor can most certainly unflag them, so some attempt could be made to recover the data held in the bad-block.
Indeed, if you think about it, there is no reason why a HDD wouldn't flag a bad-block as "read only" at best, given there would be no normal reason to ever try to write to the block again. This mechanism is very bad for the concept of absolute HDD security, but is a clear consequence of the limits of the technology. A security conscious team would have protocols in place that note when a critical file suffers a 'bad block', and would then mark that HDD for physical destruction at an appropriate point in the future.
Identifying when copies of parts of your crucial files lie in 'bad blocks' on a SSD is much more difficult. A HDD expects low rates of storage surface failure. A SSD expects extremely high rates of block failure, and is designed to cope with this issue. The problems of your private data ending up on normally inaccessible blocks flagged as 'bad' is not one vendors care to worry about. Again, as with the HDD, the bad block may be permanently flagged as "read only", so specialist tools may only attempt to read the data, never attempt to erase it.
ONCE AGAIN- when a storage device experiences failures, it is natural to activate "read only" modes. If your key data has the misfortune to end up in 'bad blocks', only the physical destruction of the storage device may ensure no-one has access to the contents of these 'bad blocks'.
I have found that removing the platters and melting them down for scrap is fairly effective :-)
Web advertising is not traditional advertising. Traditional advertising didn't track you.
The Tao of math: The numbers you can count are not the real numbers.
If the government is so determined to know what was on a wiped drive -- and it will be a government agency -- they will simply concoct national security allegations and ship you off to Guantanamo Bay, where you'll be waterboarded until you've told them everything you can. Even if the data itself isn't recovered, they've punished you severely for daring to deprive them of something, and that is at least as good as getting what they wanted, because, ya know, "Who wants to be next?"
The best way to destroy a drive is to unask the question, and remove the need to destroy the drive. Destroyed drives can't be RMAed, so you pay full price for their replacement when they fail. That's throwing away money, and while throwing away money can sometimes be acceptable, it's almost never best.
Destroy the data? (Good grief, look at all the people talking about the feasibility of recovering from this or talking about how many passes to use.) That's no good as a policy either, because sometimes a severe failure takes away your ability to do that. If you're sending it back simply because because SMART's "Offline_Uncorrectable" is getting too high to cope with, ok, you can probably wipe it. If you're sending it back because it makes horrible clicking noises whenever you turn it on, it's too late to wipe. And then you have to think about wiping and how much you believe which conspiracy theory.
So what's a person to do?
Key is totally unprotected on the boot SSD / root filesystem. I'm not trying to protect the whole box vs physical seizure or loss; I'm trying to protect platters from whereever it is that they go to, when I UPS them back to WD for $10 (paid to UPS) replacements.
mdadm whole disk pairs (don't even bother partitioning) (with a hot spare for every 3 or 4 pairs: always activate spare prior to pulling a drive; RAIDs should never be run in degraded mode for even a few hours, if you can help it), cryptsetup that, pvcreate that, and there's your safe storage. No wiping, no hammering, no data loss.
I know some people are not natural public speakers, and some days are worse than others to be caught in an interview, but I found this fellow's halting, uncertain speech pattern exhausting to focus on and had to quit a few minutes in.
Otherwise, this wasn't such a bad interview; about what could be expected from the subject matter. I don't see why people are griping so much.
While DIY data recovery has its risks, most "damaged" disks really just have minor filesystem corruption.
The wonderful (free) photorec tool from the photorec package can be used to do an amazing amount of recovery. I've never had it fail on SD cards with FAT32 damage. It can also recover all sorts of other document formats, despite the name, and works fine on hard drives - though you should *ALWAYS* disk image the drive and then attempt recovery on the image.
For imaging, look into ddrescue, it's a vital first-stage recovery tool.
Just prepare a 512-byte buffer with all "U" (uppercase letter U) and write a serial number on TOP of it starting with 1. Then dump that buffer, incrementing the serial number as you go, until the disk is full. 1) Flash disk compression will fail because of the serial number, so all "spare areas" will be filled. 2) The "U" is a series of alternating 0s and 1s - very high hysteresis for magnetic drives. 3) Anybody assuming that "deletion" is only removing directory entries will be unpleasantly surprised. Very easy with Linux and C.
And suppose I use dban, and chose not the default, but DoD 5220.22-M, the DoD long. If anyone from the company's reading this, how's about trying to recover anything from that?
mark
If I was that company I would make people write "I WANT YOU TO DESTROY THIS HARD DRIVE" before I would destroy it.
http://goo.gl/uttcs
...is it possible to recover the data if all you have of the hard disk drive is the platter?
It is a great techniques to recover valuable data from damaged hdd. We often failure to retrieve data and experiencing with big lost.
Aaaaand, fail. The comment was humorous. Rather obviously so.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.