Recovery techniques
Recovering data from physically damaged hardware can involve multiple techniques. Some damage can be repaired by replacing parts in the hard disk. This alone may make the disk usable, but there may still be logical damage. A specialized disk imaging procedure is used to recover every readable bit from the surface. Once this image is acquired, the image can be analyzed for logical damage and will possibly allow for much of the original filesystem to be reconstructed.
Hardware repair
Examples of physical recovery procedures are: removing a damaged PCB (printed circuit board) and replacing it with a matching PCB from a healthy drive (this often entails the movement of a microchip from the original board to the replacement), changing the original damaged read/write head assembly with matching parts from a healthy drive, removing the hard disk platters from the original damaged drive and installing them into a healthy drive, and often a combination of all of these procedures. All of the above described procedures are highly technical in nature and should never be attempted by an untrained individual. All of these procedures will almost certainly void the manufacturer's warranty.
Disk imaging
The extracted raw image can be used to reconstruct usable data after any logical damage has been repaired. Once that is complete, the files may be in usable form although recovery is often incomplete. According to research by the Defense Cyber Crime Institute there are also tools available to law enforcement and government agencies only such as ILook IXimager.
Open source tools such as DCFLdd v1.3.4-1 can usually recover all data, with exception of the physically damaged sectors. (It is important that DCFLdd v1.3.4-1 be installed on a FreeBSD operating system. Studies have shown that the same program installed on a Linux system produces extra "bad sectors", resulting in the loss of information that is actually available.)
Recovering data from physically damaged hardware can involve multiple techniques. Some damage can be repaired by replacing parts in the hard disk. This alone may make the disk usable, but there may still be logical damage. A specialized disk imaging procedure is used to recover every readable bit from the surface. Once this image is acquired, the image can be analyzed for logical damage and will possibly allow for much of the original filesystem to be reconstructed.
Hardware repair
Examples of physical recovery procedures are: removing a damaged PCB (printed circuit board) and replacing it with a matching PCB from a healthy drive (this often entails the movement of a microchip from the original board to the replacement), changing the original damaged read/write head assembly with matching parts from a healthy drive, removing the hard disk platters from the original damaged drive and installing them into a healthy drive, and often a combination of all of these procedures. All of the above described procedures are highly technical in nature and should never be attempted by an untrained individual. All of these procedures will almost certainly void the manufacturer's warranty.
Disk imaging
The extracted raw image can be used to reconstruct usable data after any logical damage has been repaired. Once that is complete, the files may be in usable form although recovery is often incomplete. According to research by the Defense Cyber Crime Institute there are also tools available to law enforcement and government agencies only such as ILook IXimager.
Open source tools such as DCFLdd v1.3.4-1 can usually recover all data, with exception of the physically damaged sectors. (It is important that DCFLdd v1.3.4-1 be installed on a FreeBSD operating system. Studies have shown that the same program installed on a Linux system produces extra "bad sectors", resulting in the loss of information that is actually available.)
No comments:
Post a Comment