Tag Archives: Encryption

SSD Data Recovery

Posted on by
Reply
SSD Data Recovery

SSD Data Recovery

SSDs (Solid State Drives) may one day become the standard form of storage in computers. Apple laptops are already heading that way. There are certainly many advantages when comparing SSDs to HDDs (Hard Disk Drives), however they do bring their own problems, which are often not well reported. We don’t care how good SSDs can be. We care about how they fail. It’s common to hear things like: “I’m replacing my hard drive with an SSD so I won’t have to worry about it crashing again.” While this is technically true – there are no moving parts to crash – there are plenty of other ways an SSD can fail. Whether it’s technically crashed or not doesn’t matter at all when you can’t access your files. It’s a shame but an SSD does not get you out of the boring task of running regular backups.

There are some pros and cons which specifically affect data recovery from SSDs. I haven’t listed things like battery life or read / write speed as they are not relevant when it comes to recovering data from them.

SSD Pros:

  • Shock resistance. No moving parts to crash.
  • Just as susceptible to filesystem issues, deletion, reformatting, bad sectors etc which can be recovered using existing equipment.

SSD Cons:

  • False sense of security. The word reliable comes up a lot in SSD marketing with phrases like “More reliable, faster, and more durable than traditional magnetic hard drives.” Maybe research exists that shows SSDs are less prone to failure it doesn’t seem to be the case. Anything that holds your valuable data runs the risk of getting drenched, getting stolen, getting lost, and that’s before we take general failures into account.
  • Susceptible to electronic failure, Maybe more so than a hard drive as the storage and electronics are combined in SSDs. Some of the most common hard drive failures are caused by errors in the firmware which controls the performance of the drive. SSDs have very complex firmware, which opens the possibility of firmware corruption. In many cases firmware corruption will block access to your data.
  • Encryption. Most modern SSDs encrypt the data at a hardware level, which makes it impossible to remove data chips and extract data from them externally (you can do it, but the data is encrypted). The keys to the encryption are often stored within the controller chip, so if that fails, you could be locked out of your data for good. Modern encryption works well. You can’t get round it.
  • Wear-levelling algorithms. Which move the data around the SSDs to improve performance, can make recovery difficult as these algorithms would need to be taken into account when accessing a failed SSD. They don’t store data in logical order like hard drives do.

iPhone Data Recovery – Obstacles

Posted on by
Reply

Hardware

iPhone Data Recovery

iPhone Data Recovery

When developing our iPhone data recovery process we had to make a few decisions about the devices we can support. The newer iPhones (4s +) are not accessible in the same way as older models.

With the iPhone 4 and below we can extract the data using a forensically clean process. What this means is that we can take the data off without writing anything to the NAND chips (storage) inside the iPhone. This fits in perfectly with our regular data recovery process as we never write data to a device we receive.

With the iPhone 4s, Apple changed the part of the system we use to access the iPhone’s memory. There is a chance that a new method of extraction for iPhone 4s will become available, but until it does we will not be recovering files from these devices.

Physical damage

iPhones store their data on NAND chips which are soldered to the main circuit board of the phone. The data can only be correctly decoded if we also have access to other parts of the circuit board, so it is crucial that the iPhone is electronically functional. If water damage has shorted the iPhone then we have no way to access the data externally. It’s not that it’s impossible, just that the work would be unreasonably expensive and time consuming.

Deleted Files

Another potential barrier for iPhone recovery is down to the way files are stored. Since iOS4 most files including iPhone camera photos and videos are encrypted before being written to storage, using unique encryption keys. This means every file ends up with a different header. When files are deleted there is nothing to distinguish a photograph from any other random collection of bytes.

Another problem with the file based encryption is that if you restore the iPhone using iTunes, those encryption keys get erased and new ones are generated. This prevents recovery of the old data, which is good for security but bad for data recovery.

 

Bang Goes The Theory Data Recovery

Posted on by
Reply

Bang Goes The Theory – Series 6 Episode 3 – March 26th

Bang Goes The Theory Data Recovery

I love Bang Goes The Theory. I loved the alcohol powered motorbikes last week and find it a good doorway into ideas, which are presented in a fun and interesting way. I was extra excited when I started watching episode 3, and relised they would be featuring data recovery. A perfect opportunity to dispel some common myths, and dish out a bit of advice in the process.

Deletion

The data recovery guy Rob, made a good analogy when he described deleting data as ripping out a page from the table of contents. That is pretty much how it works, and really simple to understand.

Data Recovery Experts

Yes they are the world leaders. I’m not going to dispute that, but I’m also not going to name them. They don’t exactly need the extra publicity. It’s worth noting that any decent recovery firm would have reached the same results from the batch of damaged drives.

Getting Physical

I do have a couple of problems with the way some of the drives were “destroyed.”

  1. Sledgehammer. This would have been a good way to destroy a drive, but only if it had been removed from the PC first. Effectively the metal PC case acted like armour, thus protecting the drive from the brunt of the impact.
  2. Tractor. Same as above. If the drive was bare, and on solid ground, then maybe the tractor would have done more damage. Instead, the PC case protected it sufficiently and all the data was recoverable.
  3. Golf Swing. This was great in the example shown, but is a bit unreliable. If you only hit the edge, or if the disk didn’t have glass platters then it may have been recoverable. Maybe take it apart first, then you can see if it’s damaged.
  4. Tea Damaged USB Pen. This was a good one. Solid state storage should survive liquid damage, as long as it is powered off at the time. When dried out, there is a good chance of getting the data back. The worst thing you could do is plug in a wet drive, as this would cause an electrical short, and potentially damage the electronics of the device, and even the computer you plugged it into.
  5. Big Magnet. This was a good one, and surprisingly effective. Only problems are the fact that most people don’t have a giant magnet, and unless you test it afterwards, you wouldn’t know if it had worked.
  6. Toaster. This is an interesting one for me. Of course the toaster damaged the PCB (circuit board) of this hard drive. These drives were quite old, so that was no major problem. If however these were more modern drives the story could have been quite different. A lot of newer drives encrypt the data using keys stored on the PCB. If you melt that PCB, then you have a very difficult job on your hands.
  7. Torched. 100% successful. If you can see the drive destroyed, then that’s perfect.

Optical Discs

Liz later made some good points about the reliability of CD / DVD storage. I agree that although the quoted life spans of DVDs are enormous, in reality DVDs often only last for a couple of years. We have had discs in for recovery that have been stored in temperature-controlled server rooms that have still failed well short of their estimated lifespans.

Hard Disks

Hard disks can last for ages. We have some here that are well over 15 years old and still going strong. The problem is that they can fail without any warning. It is sound advice to backup one drive with another, and then another. This is the only surefire way to avoid being stung by a failed drive. Dallas made a good point of moving one of the backups off site, which is also a good idea.

Scrambling Software

I didn’t like the scrambling advice given near the end. There are problems with the way hard drives are designed, which can prevent the software from accessing bad sectors, and hidden parts of the disk. Although only small parts of the disk, you could leave enough data there to be targeted by fraudsters or whoever.

I advise a two pronged approach. First erase / scramble the data, then physically destroy the drive. This makes it far less likely that your data could end up in the wrong hands.

Summary

It is good to see this sort of thing on mainstream TV, and the advice given was a good starting point for most people. Despite my points above, it was basically a good show: Interesting and informative, with a decent amount of good info.

Many people have little or no knowledge of the way their data is stored, so any way to bring this to their attention is good in my books.

Warning to customers with new WD hard drives

Posted on by
Reply

Western Digital Hard Drive Encryption.

New WD drives come with password protection and 256-Bit encryption as standard. Even if a password is not set the encryption is still applied to the data written to the drive. The 256-Bit encryption is controlled by ROM on the USB controller. On portable USB powered hard drives the encrypted ROM is on the actual hard drive. On external desktop drives the ROM is on the interface controller within the external case.
As we have seen come into us for data recovery it means that we need the original encrypted ROM to enable us to overcome the 256_Bit encryption.

Any customers who needs to seek help in gaining access to their data. Make sure you keep hold of the external case the hard drive was in.

What is Hard Drive Encrytion

Posted on by
Reply

Encryption is a process to protect data by using sophisticated mathematical functions. Data is converted into a form called Ciphertext when written to the drive. This data is then not readable by an unauthorised person. When Ciphertext data is read back from the drive by an authorised person it is then converted back into Plaintext with full access.

PGP vs 10.6.5 Don’t Update

Posted on by
Reply
PGP 10.6.5 Don't Update

PGP 10.6.5 Don't Update

Users of PGP Whole Disk Encryption for Mac are advised agains the recent system update to Snow Leopard 10.6.5. Reports of users getting stuck in a reboot loop after the update have been appearing on PGP forums. The official advice is to first decrypt, then install the update, then encrypt again. More details of this can be found on Threatpost, with links for people that have already performed the update and are now locked out of their systems.

FBI Decryption Failed

Posted on by
Reply

It was interesting to read this article recently which shows how strong current encryption technology is. The FBI and other organisations were apparently unable guess or crack the pre-boot passwords of criminal’s hard drives using a technique known as a dictionary attack. As it’s name suggests, a dictionary attack uses a combination of known words to attempt to guess the password. This is opposed to a brute force approach which would start from one series of characters and continue in a sequence to guess possible combinations.

It is worth remembering that if you are going to encrypt your hard drive that even the FBI can’t access your data if you forget the password. Also if the bootable part of your hard drive becomes unstable, it can be almost impossible to gain access to your data, even with the password. Make sure you test out your disaster recovery process on an encrypted drive, before you trust your crucial data to it. And also make backups somewhere that can be accessed quickly if required. Some large drives can take a day to decrypt even if they are fully functional.

Fujitsu Encrypted Hard Disks

Posted on by
Reply
Fujitsu’s new 80-320GB “MHZ2 CJ” drives come with a nice added feature. Not only do they spin at a reasonable 7200rpm, they also have the ability to totally lock you out of your data (And throw away the key). With AES-256 encryption you you can be sure that a forgotten password would wave bye-bye to your data. Currently, AES has yet to be broken in a feasible way, leaving a lengthy brute-force attack as the only option. I question the implementation, as we have seen a number of problems with hard drive passwords which are stored on the drive in the service area. Quite often the passwords become corrupt leaving the user locked out of their drive.  The only way to overcome hard drive passwords is by low-level firmware repair, effectively removing the password. This is likely not an option with disk encryption as you would expect a much more robust system. 
Whichever way you look at an encrypted drive, it could  cause major problems to people needing data recovery. Is it just a clever marketing scheme in a paranoid market or is there some really secure basis for the new technology. I can’t wait to get my hands on one and find out.

Read More On Engadget