Data recovery is rarely budgeted for. On top of that, it's a topic many IT pros don't know much about. When faced with the shocking reality of data loss, the crucial moments that follow will determine if the data can eventually be recovered successfully-or if it has been rendered irrecoverable through mistakes in handling the storage device.
When data is stored using RAID technology, which employs complex algorithms that stripe across multiple physical drives for availability, the right tools (or the right data recovery expert) can ensure that substantial portions of endangered data, if not the entirety of it, can be recovered in the event of a failure. Businesses can expect more partial files, however, if the underlying problem is due to a mechanical failure rather than files that are accidentally deleted.
Below are facts about recovering data from failed data storage drives in laptops and desktops, including tips for users who want to recover accidentally deleted data themselves. While the primary focus is recovering data from a hard disk drive (HDD), we also look increasingly popular Flash-based, solid-state drive (SSD) storage.
Once Data Loss Is Detected, What's Next?
The most crucial step in the event of a data loss is to stop using the affected computing device or storage drive as soon as possible. This is especially pertinent in the event of an HDD failure-continuing to use a hard disk drive with a malfunctioning read/write head or other internal mechanical damage will only make things worse.
Remember, too, that modern operating systems write data to storage devices on a near-continuous basis (in the form of virtual memory) and download system updates automatically in the background. The latter is true of user software; common applications such as email clients and Web browsers use the storage drive as a temporary cache for storing file attachments or Web pages. More data being written to disk translates to a higher chance of crucial data being overwritten. This could result in permanent data loss or lead to more irrecoverable file fragments.
It is therefore imperative that you power down storage devices upon discovering data loss, preferably by performing a safe shutdown. Avoid powering up the system containing the affected storage device until you are ready to perform data recovery or place in the hands of a data recovery expert.
Do-It-Yourself Data Recovery
A number of software tools, including UndeletePlus for Windows 8 and 7, Recuva for Windows 7, or Data Rescue 3 for Mac, let users recover deleted files from a storage volume. Depending on the capacity and speed of your storage drive and the amount data to be recovered, it may take anywhere from 10 minutes to several hours to scan and recover the deleted files. (Note that original file names may not be recoverable in many cases, and portions of a file may be corrupted or otherwise unrecoverable.)
Due to the dangers of overwriting, a recovery attempt should never be done on the boot volume or by installing the data recovery software on the affected drive. In most cases, it is probably necessary to remove the affected drive and attach it to another computer that's running the data recovery software.
In addition, it may be a good idea to clone the data from the affected disk drive and work off the cloned copy; this is a standard practice among competent data recovery vendors. If any of this sounds too daunting, you may want to do a reality check on whether you have sufficient technical expertise to perform data recovery yourself.
Finally, remember that self-recovery of data is possible only for accidentally deleted files. It doesn't work for mechanical or component damage. Even then, attempt this only for nonessential files whose loss won't impact the company's bottom-line. Never try to recover business-critical data using off-the-shelf data recovery software on the original storage drive.
Recovering Data From an Encrypted Volume
The portability offered by laptops necessitates the use of data encryption to prevent sensitive information from being leaked from misplaced or stolen devices. This may be implemented using full-disk encryption software such as Windows BitLocker, file-level encryption tools or a self-encrypting disk.
But is the use of encryption a barrier to successful data recovery?
"Encryption is not an issue as long as you have the credentials," says C.K. Lee, Singapore country manager for data recovery specialist Kroll Ontrack. Lee's referring to the user password here, though the recovery key may be needed if the encryption layer is corrupted. As such, businesses that deploy BitLocker or other encryption schemes to protect their digital assets may want to ensure that a copy of the recovery key is stowed in a secure location.
It's clear that disk encryption may entail more work on the data recovery front. The additional complexity translates into a slightly higher risk of unrecoverable data.
Chris Bross, a senior enterprise recovery engineer at DriveSavers shares an anecdote in which the company was tasked to recover data from a self-encrypting HDD further protected by BitLocker. Moreover, the laptop was equipped with a Trusted Platform Module, a secure crytoprocessor specifically designed to protect encryption keys from hackers with physical access. Before even starting the data recovery process, Bross says DriveSavers required the user's BitLocker credentials, the original self-encrypting HDD and the physical laptop with TPM module intact.
It's also worth pointing out that, in these situations, it's understood that repairs may be necessary on motherboards that are damaged-for example, when a laptop is immersed in water.
Performing Data Recovery on Solid-State Drives
Compared to the well-established magnetic data storage medium, the NAND flash memory found in an SSD is comparatively new and less well-understood. Moreover, the highly competitive storage market also means the technological implementations of various SSDs on the market are closely guarded. This makes it challenging to access the requisite proprietary tools or develop suitable data recovery tools.
"There are fewer tools in the toolbox for solid-state based devices," Bross says. This is expected to change, though, as more time is dedicated to research and development and as failure analysis experience is accumulated in data recovery labs.
So does it cost more to recover data from an SSD? According to Lee, Kroll Ontrack treats SSDs as HDDs when it comes to initial evaluation and recovery cost. The company relies on its extensive suite of customized tools to recover data from SSDs.
Recovering data from an SSD is hardly a cut-and-dry affair, as vendor-specific SSD designs and the incorporation of built-in encryption technologies bring challenges. Reading between the lines, it may make more sense for businesses to buy SSDs from larger or more established vendors than an incumbent SSD vendor utilizing a proprietary controller-the former is far more likely to have the tools and documentation that a data recovery vendor can use. On the plus side, current trends are showing the failure rate of SSD to be lower than that of HDD.
Regular Data Backup Best Data Recovery Defense
One concern businesses may have is the possibility of data being recovered from an apparently empty or damaged drive. As such, a proper data wipe is highly recommended before redeploying an existing storage drive, since formatting or repartitioning a disk drive does not destroy the vast majority of any underlying data. One wipe cycle is usually adequate, though various IT standards and best practices stipulate anything from three to seven wipe cycles. Finally, businesses looking to dispose of old HDDs may also want to consider degaussing (the process of eliminating a magnetic field) to render the HDD unworkable.
It's evident that an ounce of prevention is worth a pound of cure when it comes to ensuring the integrity of crucial business data. For experts such as DriveSavers and Kroll Ontrack to pull off data recovery miracles on RAID arrays, encrypted data volumes and SSDs, let alone for your own company to do it, a regular data backup regime should always be the first line of defense. Periodically test those backups, too. Do that, and remember to periodically test those backups to ensure that your precious data can be restored successfully should a data loss situation ever hit.
Paul Mah is a freelance writer and blogger who lives in Singapore. Paul has worked a number of years in various capacities within the IT industry. Paul also enjoys tinkering with tech gadgets, smartphones and networking devices. You can reach Paul at firstname.lastname@example.org and follow him on Twitter at @paulmah.
Read more about disaster recovery in CIO's Disaster Recovery Drilldown.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.