Top 10 Data Recovery FAILS

happygeek 2 Tallied Votes 2K Views Share

So you've lost access to your data through hardware failure or accidental erasure. What do you do? Like most cyber-warriors you naturally turn to the Internet, be that via a Google search or YouTube video, for help. That's a big mistake says Kroll Ontrack, a data recovery specialist, as self-inflicted permanent data loss is apparently on the up.

Of course, there's going to be a certain amount of MRDA in this assertion. That's Mandy Rice-Davies Applies, or 'well he would say that, wouldn't he?' in case you wondered. As Wikipedia says, referencing an article of mine in the further reading bit which is nice, "It is used to indicate skepticism of a claim due to the obvious bias of the person making the claim."

Even allowing for that, there's a lot to be said for not just charging in to try and rescue valuable data using whatever method someone on YouTube recommends. We are also biased, true enough, but like to think that running your methodology past the veteran experts at DaniWeb might not be a bad idea before applying any DIY data-rescue scheme.

"DIY data recovery techniques and videos found on the Internet are encouraging individuals to attempt to recover their own data when a loss occurs" says Robin England, Senior Research and Development Engineer at Kroll Ontrack who continues "we are seeing an influx of drives that have evidence of a DIY data recovery attempt. In many cases, these attempts cause damage, leaving the data to be unrecoverable."

So what kind of methods is Kroll talking about? Helpfully, the company has today released the Top 10 DIY Data Recovery Fails list. We present this in reverse order, and you can supply your own drum roll as we approach the number one fail.

  1. Running CHKDSK. When a drive fails people often knee jerk and run CHKDSK. This destroys data that may otherwise still have been recoverable.
  2. RAID 5 errors. When a drive fails in a RAID 5, it will continue to function in a degraded mode. If a second drive fails, the array fails, and the data is inaccessible. Pulling the drives out for a reset and reboot is a common response. But the initial degraded drive may spin up, the RAID controller will notice the data on the degraded drive is not in sync with the data in parity on the other drives and can overwrite days, weeks, months or even years of data.
  3. Encryption keys. Encrypted external drives with the encryption key on a chip inside the electronics of the enclosure are problematical. People try the drive in another enclosure when it fails, then send it to Kroll for recovery. But the encryption key is in the enclosure they have thrown away...
  4. Data recovery software. As well as being a pain to forums such as DaniWeb, courtesy of aggressive spamming, this type of software can do more harm than good. Usually as users load the software onto the damaged drive containing the lost data, leading to further damage to the drive as well as potentially overwriting the data.
  5. Rice. Ah yes, rice. Dropped your smartphone down the toilet? Stick it in rice to 'dry the circuits out' and it will fire up again just fine. Apart from the fact that Kroll sees plenty of phones covered in sticky rice and starchy residue, and the user still hasn't been able to rescue the data of they wouldn't be sending the device in.
  6. The family expert. Not the DaniWeb type of expert, but someone who just thinks they know what they are talking about. The type of person who opens a damaged hard drive in a non-cleanroom environment so contaminating the drive. They then wipe the dust away with their hand and contaminate the drive with fingerprint residue.
  7. The Google expert. Another favourite fail are the folks who get a quick bit of ill-advised help online and then rush off to pry open a hard drive instead of realising there are screws under the label. Kroll sees lots of these attempts that have caused further damage, including broken platters, and further data loss as a result.
  8. The big freeze. Put your damaged drive in the freezer overnight and the refrigerator pixies will fix it. Trouble is, people then try and run a still frozen drive, with platters stuck together by the freezing of condensation between them. The resulting crash is never pleasant.
  9. Expired knowledge. There's nothing worse than an expert whose knowledge is stuck in time; usually a good few years past. Technology moves at apace, and solutions that worked a few years back could be highly damaging now. Take swapping circuit boards on a drive to repair it. With boards now being mostly specific to the drive this simply cannot work. Kroll has even been sent drives along with a pile of boards for them to figure out which is the right one...
  10. Platter scatter. Kroll says that it has been sent platters removed from a drive and placed into a sandwich bag, with nothing else. Apparently removing platters and putting them into a different drive is a recommended data loss solution online. It won't work, it will likely damage your data even more.

So, what's been your biggest data recovery failure, and for that matter your greatest success? Please share, for entertainment purposes only, in the comments section.

rubberman commented: Mandie Rice-Davies, or "Handy Mandy" as she was known in 1960's Brittain. :-) +14
cereal 1,524 Nearly a Senior Poster Featured Poster

This brings me straight to 2000-2003 years, at that time I was working in a small lab assembling & repairing computers, the worst was when people wanted to recover EFS encrypted files from Windows XP drives. Windows XP policy was insane, they allowed to use EFS without a recovery agent, so people could backup the files, format the disk, reinstall Windows and ta-da when copying back they could not anymore access the files. You try to explain that using the same username would not lead to success and that an additional step, previous to the encryption, was needed but nothing. The only available solution that I knew was to try to recover the temporary copy created when processing the file, but at that time it was really difficult to find information and open source solutions, at least to try.

Lately, instead, I was able to recover data from a damaged CF card through PhotoRec: http://www.cgsecurity.org/wiki/PhotoRec
actually it recovered not only the shoot day but also jobs from the last year.

rproffitt 2,565 "Nothing to see here." Moderator

I find folk only learn about backups (one backup copy is not good enough today) when they lose it all or pay for recovery.

I've had some luck with Recuva and I like it since it doesn't write to the drive we are recovering files from.

But you will get a client that wants to fix the failed drive whether it be file system damage or something else. They are just new so you gently educate them that it's the last cookie (see https://www.youtube.com/watch?v=rHfEmIXkWfg ) so when it's gone, it's gone.

Moving on. I continue to be amazed at the thousands spent on recovery when my small 2TB USB drive was delivered to my mailbox for under 90USD. And yes I bought two since one is not a backup.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

I rather like Macrium Reflect (and viBoot) for backups. The free version is an easy install and an easier sell to family members, while the commercial version is fully featured (the viBoot function is a nice touch) and pretty good value IMHO.

Organisations which don't 'get' the need for business continuity solutions, including data security/backup of course, will get introduced to a real world definition of risk at some point.

Convincing consumers that they need to adopt a similar 'continuity mindset' is a much harder sell I find. The cloud has been both a help and a hindrance methinks: makes archiving photos/music/docs easy (across multiple stores) and mostly free of charge at this level - but also means the 'why should I pay for a backup solution when I already have my stuff backed up' question is thrown around without seeing the complete picture.

rproffitt commented: The mindful person continues without dramatic events. All this was planned for. +12
Reverend Jim 4,678 Hi, I'm Jim, one of DaniWeb's moderators. Moderator Featured Poster

My favourite data fail is from many years ago when hard drives were low capacity and expensive. Hard drive space was at such a premium that companies like DoubleSpace made mega-bucks selling compression software. This particular user had a 20 meg hard drive. Yes, that's what I said. 20 meg. And, yes, I'm that old. The drive, once DoubleSpace was installed, showed as having roughly 40 meg of capacity. He happily loaded his data onto the drive. After some days of use he had a thought. Looking at the drive he noticed that his 40 meg drive had a rather large file that was taking up almost 20 meg of his precious space (the file was named something like dblspace.bin). He decided that since he hadn't put the file there he could simply delete it, thereby freeing up another 20 meg of space for his own files. I think we all know how that turned out.

rproffitt commented: I had to refresh my memory. I think it was dblspace.000. +0
cereal commented: I still have an Olivetti PCS 286 with one of those "doublespaced" disks, hah :D +15
rubberman commented: I had a 286 running QNX back in the 1980's. I was director of engineering for a software company in Syracuse NY doing real-time software. +14
jwenting 1,889 duckman Team Colleague

ah, doublespace. Loved that software. It was doublespace.bin, and would create doublespace.000, 001, etc. as needed as well.

The slowdown wasn't noticeable as machines back then were so slow the disk wasn't the performance bottleneck it is today.

From personal experience: if a drive fails with hardware errors, don't put a new drive on the connector without first having the disk controller analysed for errors.
Got kinda expensive in dead drives one time before it crossed my mind that maybe the disk controller was causing the drives to fail :)

Lizzy_2 0 Newbie Poster

There are number of reasons for data loss, we can lose our important stuff from the drive due to logical failure or physical failure. When the user lost their data due to physical failure then recovering the lost data from that physically damaged drive become so difficult whereas the data is lost due to logical failure of drive then that data can be recovered with the help of a powerful data recovery tool.

dkary555 0 Newbie Poster

Davey,
As a veteran SE and Field Manager, the stark truth is simple and potentially VERY painful to those who don't run backups, and store media remotely. Why? Computers can get stolen, broken, burned, bricked, drowned, fried by electrical spikes etc etc blah blah, you get the picture. So "computer loss" seems more applicable than "data loss" out there in the big cold world. That said, I once made $750 in a 10-hour emergency service call for an idiot who had his entire CPA firm's data on a Compaq Prolinea running Windows 98..........his OS had lost its boot sector, and he had no backup of his data. A combination of OnTrack, a slave HDD and my ingenuity got him back to life. BUT, a simple tape backup would have made for a simple task, instead of an all-night nightmare. The moral of this story?
DO
YOUR
BACKUPS

Xetwnk 0 Newbie Poster

I don't know whether more recent tools have figured this out, but around 2003 this was a big problem, in my case with Norton Ghost 2003: never use a backup tool that compresses the backup data to reduce storage requirements. Any corruption on the medium containing the compressed backup may cause the decompression needed for recovery to fail.

In my case, I backed up a hard drive (I don't remember what size) on either Win98 or2003, using Norton Ghost 2003. This produced a compressed backup of roughly 14Gb. When I went to restore it, the fourth of these was corrupted, and the restoration therefore failed at about the 25% mark.

What you really want is a backup format that adds data -- duplicate blocks, checksum blocks, etc. -- that makes it possible to reconstruct or pass over a corruption (notifying the user, of course, that a particular file had a problem, but/and the tool was (or was not) able to correct for it. if you see that kind of message you know to maje a fresh backup once you've finished restoring the old one).

At risk of dating myself, my go-to example is the BACKUP utility on VAX/VMS (later rechristened OpenVMS and implemented on other processors). That tool did what I've outlined above, and in 10 years of heavy use I never failed to recover anything 100%.

Halla_1 0 Newbie Poster

This topic helped me a lot when restoring data from an RAID array to one client. I also used RAID Recovery, this software was useful to me. I set up a backup for the future so that there are no unpleasant surprises.

UnaSutherlands 0 Newbie Poster

Thanks for sharing. Very useful

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.