SandForce SSD Data Recovery Problems

Mac Pro SSD

The low prices and high speed access of the Sandforce controller made it an appealing option for SSD manufacturers such as Toshiba, Intel, Kingston & OCX. But it soon became a problem for users when the SSD devices using these controllers started to fail in their computers after just six months of use. Usually it resulted in the device not being recognised by the computer bios, and not functioning at all.

That was okay if you were happy to have it replaced under warranty by the manufacturer. The problem came when you wished to try and recover critical data that may have been stored on these SSD’s. The use of full hardware encryption on the controller and the device, meant that the data could not be recovered, even when using low level data chip removal.

Fortunately today these controllers are not so popular, and as a result most mainstream manufacturers do not use them. But be aware that they can still be found in some non branded SSD’s.

Hard Drive Encryption Data Recovery

What is Hard Drive Encrytion

Encrypted hard drives come in many forms. They can be created by the hard drive manufacturer as part of the hard drives firmware or as a third party software add on such as Symantec PGP or Microsofts Bitlocker.

Hard drive Encryption is becoming much more common especially in many large enterprise companies. Some hard drive encryption is more sophisticated than others, but in many data recovery cases we receive, a common flaw is the inability of the encryption software to overcome bad sectors on a hard drive. In most cases it results in partial or no access to the decrypted data on the hard drive by the user or even their I.T dept.

We have created an image and decryption process that allows us to recover the users data with the original file and folder structure intact. The time it takes to carry out this process will depending on the level of hard drive encryption used.

Bitlocker Data Recovery

For the last few years, newer editions of Windows have the ability to encrypt the whole disk with bitlocker. This means far more users are experimenting with encryption. We have seen an increase in recoveries from drives secured with bitlocker.

When Backups Go Bad

Is Data Recoverable From Bitlocker Drives?

In many cases the data is recoverable. It is important that we get the recovery key or password, as bitlocker security has not been compromised.

Common Issues

The most common problems we see with bitlocker encrypted drives are when the disk starts to fail, or when Windows becomes corrupt. This can prevent the built-in decryption process from working correctly and leave users locked out of their data. These drives can fail like any other, but the encryption adds an extra layer of complexity to the recovery process.


If using bitlocker on your drive, it is important to keep a copy of the decryption keys in a safe secure place away from the computer. It is also extra important to keep a constant and regular backup process. Although recovery is usually possible from a failed bitlocker drive, it could take a number of days. You probably wouldn’t want to live without your files for that time.

If you have a failed bitlocker drive that needs recovery, (and if you have the recovery key) get in touch.

iOS vs Android Secure Erasure

I’ve previously written about the difficulties recovering data from modern iOS devices. This new post by Avast(!?) shows it from another angle.  What happens when you sell an old device?


Because iOS uses hardware encryption on the main storage, recovery is almost impossible without the passcode. In contrast, Android phones (usually, by default) don’t encrypt the main storage. Also they allow external SD cards which may not be encrypted either. This means if an iPhone and an Android phone are sold or lost without being carefully erased, the iPhone will not easily give up the data but an android phone will. It also means if you forget your iPhone passcode you are unlikely to ever get the data back.


PGP Whole Disk Encryption

What is Hard Drive Encrytion

PGP WDE is an encryption tool that uses a boot loader installed on an internal hard drive. This utility launches before Windows and prompts the user to input their password. Without the password you cannot gain access to the data.

This utility is widely used by IBM personnel and is now part of IBM’s  process that has to be adhered to by end users. Prior to this utility IBM hard drives were restricted access by a low level ATA hard drive password setup  by the internal IBM IT department.  As computer systems advanced and maybe as a result of a reduced IBM IT department,  IBM adopted the user friendly PGP encryption process.

We regulary receive these hard drives from IBM, and we find that the major problem is related to the PGP boot sequence. PGP does not like a hard drive that is suffering from bad sectors, especially within the partition table. It results in the user being unable to load their access code on startup, or in some cases the code is accepted but does not boot correctly due to bad sectors further along.

We have a lot of experience recovering data from PGP whole disk encrypted hard drives and as a result our data recovery process has a very high success rate.

What To Do When You Run Out Of Space

It’s a common problem that as we generate more data each year we start running out of space to put it. This is now even more of an issue in the smartphone market, where built-in cameras are generating increasingly large photos and videos, without providing much in the way of additional storage. The most common iPhones are still 16 & 32GB but the photos they now produce can be megabytes in size, with videos easily reaching 1GB.

What To Do When You Run Out Of Space
What To Do When You Run Out Of Space

It’s tempting to take that data and put it somewhere else, so either a laptop or external hard drive. Then once you’ve copied it all you delete it from the phone and gain back all that space. Problem solved.

Not So Fast…
If that copy on your laptop is now the only copy, then you could be one spilt coffee from disaster. If the laptop goes up in smoke, gets stolen, dropped or any of the myriad other ways of failing then it’s bye bye data.

The Fix

The key to making backups is redundancy. The key to making backups is redundancy. The key to making backups is redundancy.

You need to make extra copies of your data to different types of storage. This could be an external hard drive, NAS, USB Pen, SD card, anything. But don’t just pick one of those. Make a few backups. Put one in a locked safe somewhere. Send photos off to the cloud. Store a copy of your music at your nan’s house. If any of those copies gets lost or broken you can just replace it with another copy.

So let’s run through an example. All those photos on your iPhone have filled it up. Here’s what I would do:

  1. Copy the photos to my computer. Check them.
  2. Backup the computer as usual. (You’re already doing that, right?)
  3. Make another backup, or copy the photos to an online storage service like Dropbox.
  4. Now it is safe to delete the photos from the iPhone and revel in all that fresh space.

Note: Deleted photo recovery is virtually impossible for all modern iPhone versions due to encryption. 

Here’s another example for when your computer runs out of space instead:

  1. Is it possible to upgrade the internal storage? If it is then you should do that.
  2. If this is not possible, or too expensive then you will have to get creative. It will be more fiddly but copy all data to two external hard drives.
  3. You always want to avoid just leaving your data in one place. All electronic devices can (and will) fail, and they have a terrible habit of doing so at the worst possible moment.

So, just remember that no single copy of your files are safe. Making extra copies is cheaper and easier than waiting until something fails.

Thanks to Alexander Armstrong for inspiring this post.

SSD Data Recovery

SSD Data Recovery
SSD Data Recovery

SSDs (Solid State Drives) may one day become the standard form of storage in computers. Apple laptops are already heading that way. There are certainly many advantages when comparing SSDs to HDDs (Hard Disk Drives), however they do bring their own problems, which are often not well reported. We don’t care how good SSDs can be. We care about how they fail. It’s common to hear things like: “I’m replacing my hard drive with an SSD so I won’t have to worry about it crashing again.” While this is technically true – there are no moving parts to crash – there are plenty of other ways an SSD can fail. Whether it’s technically crashed or not doesn’t matter at all when you can’t access your files. It’s a shame but an SSD does not get you out of the boring task of running regular backups.

There are some pros and cons which specifically affect data recovery from SSDs. I haven’t listed things like battery life or read / write speed as they are not relevant when it comes to recovering data from them.

SSD Data Recovery Pros:

  • Shock resistance. No moving parts to crash.
  • Just as susceptible to filesystem issues, deletion, reformatting, bad sectors etc which can be recovered using existing equipment.

SSD Cons:

  • False sense of security. The word reliable comes up a lot in SSD marketing with phrases like “More reliable, faster, and more durable than traditional magnetic hard drives.” Maybe research exists that shows SSDs are less prone to failure but it doesn’t seem to be the case at the moment. Anything that holds your valuable data runs the risk of getting drenched, getting stolen, getting lost, and that’s before we even take general failures into account.
  • Susceptible to electronic failure, Maybe more so than a hard drive as the storage and electronics are combined in SSDs. Some of the most common hard drive failures are caused by errors in the firmware which controls the performance of the drive. SSDs have very complex firmware, which opens the possibility of firmware corruption. In most cases firmware corruption will block access to your data.
  • Encryption. Most modern SSDs encrypt the data at a hardware level, which makes it impossible to remove data chips and extract data from them externally (you can do it, but the data is encrypted). The keys to the encryption are often stored within the controller chip, so if that fails, you could be locked out of your data for good. Modern encryption works well. You can’t get round it.
  • Wear-levelling algorithms. Which move the data around the SSDs to improve performance, can make recovery difficult as these algorithms would need to be taken into account when accessing a failed SSD. They don’t store data in logical order like hard drives do.

iPhone Data Recovery – Obstacles


iPhone Data Recovery
iPhone Data Recovery

When developing our iPhone data recovery process we had to make a few decisions about the devices we can support. The newer iPhones (4s +) are not accessible in the same way as older models.

With the iPhone 4 and below we can extract the data using a forensically clean process. What this means is that we can take the data off without writing anything to the NAND chips (storage) inside the iPhone. This fits in perfectly with our regular data recovery process as we never write data to a device we receive.

With the iPhone 4s, Apple changed the part of the system we use to access the iPhone’s memory. There is a chance that a new method of extraction for iPhone 4s will become available, but until it does we will not be recovering files from these devices.

Physical damage

iPhones store their data on NAND chips which are soldered to the main circuit board of the phone. The data can only be correctly decoded if we also have access to other parts of the circuit board, so it is crucial that the iPhone is electronically functional. If water damage has shorted the iPhone then we have no way to access the data externally. It’s not that it’s impossible, just that the work would be unreasonably expensive and time consuming.

Deleted Files

Another potential barrier for iPhone recovery is down to the way files are stored. Since iOS4 most files including iPhone camera photos and videos are encrypted before being written to storage, using unique encryption keys. This means every file ends up with a different header. When files are deleted there is nothing to distinguish a photograph from any other random collection of bytes.

Another problem with the file based encryption is that if you restore the iPhone using iTunes, those encryption keys get erased and new ones are generated. This prevents recovery of the old data, which is good for security but bad for data recovery.


Bang Goes The Theory Data Recovery

Bang Goes The Theory – Series 6 Episode 3 – March 26th

Bang Goes The Theory Data Recovery

I love Bang Goes The Theory. I loved the alcohol powered motorbikes last week and find it a good doorway into ideas, which are presented in a fun and interesting way. I was extra excited when I started watching episode 3, and relised they would be featuring data recovery. A perfect opportunity to dispel some common myths, and dish out a bit of advice in the process.


The data recovery guy Rob, made a good analogy when he described deleting data as ripping out a page from the table of contents. That is pretty much how it works, and really simple to understand.

Data Recovery Experts

Yes they are the world leaders. I’m not going to dispute that, but I’m also not going to name them. They don’t exactly need the extra publicity. It’s worth noting that any decent recovery firm would have reached the same results from the batch of damaged drives.

Getting Physical

I do have a couple of problems with the way some of the drives were “destroyed.”

  1. Sledgehammer. This would have been a good way to destroy a drive, but only if it had been removed from the PC first. Effectively the metal PC case acted like armour, thus protecting the drive from the brunt of the impact.
  2. Tractor. Same as above. If the drive was bare, and on solid ground, then maybe the tractor would have done more damage. Instead, the PC case protected it sufficiently and all the data was recoverable.
  3. Golf Swing. This was great in the example shown, but is a bit unreliable. If you only hit the edge, or if the disk didn’t have glass platters then it may have been recoverable. Maybe take it apart first, then you can see if it’s damaged.
  4. Tea Damaged USB Pen. This was a good one. Solid state storage should survive liquid damage, as long as it is powered off at the time. When dried out, there is a good chance of getting the data back. The worst thing you could do is plug in a wet drive, as this would cause an electrical short, and potentially damage the electronics of the device, and even the computer you plugged it into.
  5. Big Magnet. This was a good one, and surprisingly effective. Only problems are the fact that most people don’t have a giant magnet, and unless you test it afterwards, you wouldn’t know if it had worked.
  6. Toaster. This is an interesting one for me. Of course the toaster damaged the PCB (circuit board) of this hard drive. These drives were quite old, so that was no major problem. If however these were more modern drives the story could have been quite different. A lot of newer drives encrypt the data using keys stored on the PCB. If you melt that PCB, then you have a very difficult job on your hands.
  7. Torched. 100% successful. If you can see the drive destroyed, then that’s perfect.

Optical Discs

Liz later made some good points about the reliability of CD / DVD storage. I agree that although the quoted life spans of DVDs are enormous, in reality DVDs often only last for a couple of years. We have had discs in for recovery that have been stored in temperature-controlled server rooms that have still failed well short of their estimated lifespans.

Hard Disks

Hard disks can last for ages. We have some here that are well over 15 years old and still going strong. The problem is that they can fail without any warning. It is sound advice to backup one drive with another, and then another. This is the only surefire way to avoid being stung by a failed drive. Dallas made a good point of moving one of the backups off site, which is also a good idea.

Scrambling Software

I didn’t like the scrambling advice given near the end. There are problems with the way hard drives are designed, which can prevent the software from accessing bad sectors, and hidden parts of the disk. Although only small parts of the disk, you could leave enough data there to be targeted by fraudsters or whoever.

I advise a two pronged approach. First erase / scramble the data, then physically destroy the drive. This makes it far less likely that your data could end up in the wrong hands.


It is good to see this sort of thing on mainstream TV, and the advice given was a good starting point for most people. Despite my points above, it was basically a good show: Interesting and informative, with a decent amount of good info.

Many people have little or no knowledge of the way their data is stored, so any way to bring this to their attention is good in my books.

Warning to customers with new WD hard drives

We Recovered a Western Digital Hard Drive That Others Couldn't

Newer WD External drives come with password protection and 256-Bit encryption as standard. Even if a password is not set the encryption is still applied to the data written to the drive. The 256-Bit encryption is controlled by ROM on the USB controller. On portable USB powered hard drives the encrypted ROM is on the actual hard drive. On external desktop drives the ROM is on the interface controller within the external case.

Make sure you keep hold of the external case the hard drive was in. Although not always needed, it could be  important later on. If you’ve lost data, have a look at our Western Digital Data Recovery service.