So you've lost access to your data through hardware failure or accidental erasure. What do you do? Like most cyber-warriors you naturally turn to the Internet, be that via a Google search or YouTube video, for help. That's a big mistake says Kroll Ontrack, a data recovery specialist, as self-inflicted permanent data loss is apparently on the up.
Of course, there's going to be a certain amount of MRDA in this assertion. That's Mandy Rice-Davies Applies, or 'well he would say that, wouldn't he?' in case you wondered. As Wikipedia says, referencing an article of mine in the further reading bit which is nice, "It is used to indicate skepticism of a claim due to the obvious bias of the person making the claim."
Even allowing for that, there's a lot to be said for not just charging in to try and rescue valuable data using whatever method someone on YouTube recommends. We are also biased, true enough, but like to think that running your methodology past the veteran experts at DaniWeb might not be a bad idea before applying any DIY data-rescue scheme.
"DIY data recovery techniques and videos found on the Internet are encouraging individuals to attempt to recover their own data when a loss occurs" says Robin England, Senior Research and Development Engineer at Kroll Ontrack who continues "we are seeing an influx of drives that have evidence of a DIY data recovery attempt. In many cases, these attempts cause damage, leaving the data to be unrecoverable."
So what kind of methods is Kroll talking about? Helpfully, the company has today released the Top 10 DIY Data Recovery Fails list. We present this in reverse order, and you can supply your own drum roll as we approach the number one fail.
- Running CHKDSK. When a drive fails people often knee jerk and run CHKDSK. This destroys data that may otherwise still have been recoverable.
- RAID 5 errors. When a drive fails in a RAID 5, it will continue to function in a degraded mode. If a second drive fails, the array fails, and the data is inaccessible. Pulling the drives out for a reset and reboot is a common response. But the initial degraded drive may spin up, the RAID controller will notice the data on the degraded drive is not in sync with the data in parity on the other drives and can overwrite days, weeks, months or even years of data.
- Encryption keys. Encrypted external drives with the encryption key on a chip inside the electronics of the enclosure are problematical. People try the drive in another enclosure when it fails, then send it to Kroll for recovery. But the encryption key is in the enclosure they have thrown away...
- Data recovery software. As well as being a pain to forums such as DaniWeb, courtesy of aggressive spamming, this type of software can do more harm than good. Usually as users load the software onto the damaged drive containing the lost data, leading to further damage to the drive as well as potentially overwriting the data.
- Rice. Ah yes, rice. Dropped your smartphone down the toilet? Stick it in rice to 'dry the circuits out' and it will fire up again just fine. Apart from the fact that Kroll sees plenty of phones covered in sticky rice and starchy residue, and the user still hasn't been able to rescue the data of they wouldn't be sending the device in.
- The family expert. Not the DaniWeb type of expert, but someone who just thinks they know what they are talking about. The type of person who opens a damaged hard drive in a non-cleanroom environment so contaminating the drive. They then wipe the dust away with their hand and contaminate the drive with fingerprint residue.
- The Google expert. Another favourite fail are the folks who get a quick bit of ill-advised help online and then rush off to pry open a hard drive instead of realising there are screws under the label. Kroll sees lots of these attempts that have caused further damage, including broken platters, and further data loss as a result.
- The big freeze. Put your damaged drive in the freezer overnight and the refrigerator pixies will fix it. Trouble is, people then try and run a still frozen drive, with platters stuck together by the freezing of condensation between them. The resulting crash is never pleasant.
- Expired knowledge. There's nothing worse than an expert whose knowledge is stuck in time; usually a good few years past. Technology moves at apace, and solutions that worked a few years back could be highly damaging now. Take swapping circuit boards on a drive to repair it. With boards now being mostly specific to the drive this simply cannot work. Kroll has even been sent drives along with a pile of boards for them to figure out which is the right one...
- Platter scatter. Kroll says that it has been sent platters removed from a drive and placed into a sandwich bag, with nothing else. Apparently removing platters and putting them into a different drive is a recommended data loss solution online. It won't work, it will likely damage your data even more.
So, what's been your biggest data recovery failure, and for that matter your greatest success? Please share, for entertainment purposes only, in the comments section.