Bitlocker Data Recovery

For the last few years, newer editions of Windows have the ability to encrypt the whole disk with bitlocker. This means far more users are experimenting with encryption. We have seen an increase in recoveries from drives secured with bitlocker.

When Backups Go Bad

Is Data Recoverable From Bitlocker Drives?

In many cases the data is recoverable. It is important that we get the recovery key or password, as bitlocker security has not been compromised.

Common Issues

The most common problems we see with bitlocker encrypted drives are when the disk starts to fail, or when Windows becomes corrupt. This can prevent the built-in decryption process from working correctly and leave users locked out of their data. These drives can fail like any other, but the encryption adds an extra layer of complexity to the recovery process.

Solutions

If using bitlocker on your drive, it is important to keep a copy of the decryption keys in a safe secure place away from the computer. It is also extra important to keep a constant and regular backup process. Although recovery is usually possible from a failed bitlocker drive, it could take a number of days. You probably wouldn’t want to live without your files for that time.

If you have a failed bitlocker drive that needs recovery, (and if you have the recovery key) get in touch.

PGP Whole Disk Encryption

What is Hard Drive Encrytion

PGP WDE is an encryption tool that uses a boot loader installed on an internal hard drive. This utility launches before Windows and prompts the user to input their password. Without the password you cannot gain access to the data.

This utility is widely used by IBM personnel and is now part of IBM’s  process that has to be adhered to by end users. Prior to this utility IBM hard drives were restricted access by a low level ATA hard drive password setup  by the internal IBM IT department.  As computer systems advanced and maybe as a result of a reduced IBM IT department,  IBM adopted the user friendly PGP encryption process.

We regulary receive these hard drives from IBM, and we find that the major problem is related to the PGP boot sequence. PGP does not like a hard drive that is suffering from bad sectors, especially within the partition table. It results in the user being unable to load their access code on startup, or in some cases the code is accepted but does not boot correctly due to bad sectors further along.

We have a lot of experience recovering data from PGP whole disk encrypted hard drives and as a result our data recovery process has a very high success rate.

Why RAID Can Be Bad For Business

RAID is often touted as the silver bullet in data storage. Increased storage capacity, resistance from hardware failures and improved performance. While these are all valid upsides to a RAID setup, there are also a few downsides which need to be addressed.

1. Extra Storage.

RAID can allow for a huge pool of storage, but with that storage comes great responsibility. You should factor in at least enough capacity to backup the RAID data somewhere else. If you can only afford 8TB of storage then you should only use 4TB for data and the other 4TB to back it up; Preferably on another machine / standalone system.

2. Redundancy.

The first letter in RAID stands for redundancy. This means you can afford to lose a certain number of disks without losing access to your data.  This also means that if you have a disk failure you need to get it replaced immediately, otherwise you’re running without redundancy.

3. Downtime.

Nobody likes downtime. If your 16TB RAID array goes offline without a backup then you have a couple of options. One option is to attempt to get the RAID back online by replacing disks, rebuilding the array etc, but this is risky. If this is your only copy of the data then rebuilding / reformatting the RAID could corrupt the data beyond recovery. Don’t do this if you don’t have a backup to fall back on.

The second and preferable option is to get the RAID professionally recovered. When we receive a RAID, the first thing we do is make images of all disks. This allows us to work on the RAID without risk. Then we use a read-only process to extract the data onto another form of storage. This is where downtime comes in. Unless you go for an emergency process, you could have to make do without the data for a number of days.

So What’s The Way Forward?

It’s one word. Redundancy.

Whatever you do, make sure your data is replicated across as many types of storage as possible. In an ideal world you would have a duplicate system running alongside the live system, which can take over if anything goes wrong. Then have the data on another type of storage, which you can access from somewhere else. Imagine if the RAID controller failed, and you could only access the data from that one machine.

It doesn’t matter how many backups you have if they all require the same system to access them.

I’ve only just scratched the surface here, but you should always look to make extra copies of your data. It may seem redundant now, but when your server fails containing all your data, all your accounts, all your client details and your website, you’ll be glad you kept that extra copy.

What is Hard Drive Encrytion

What is Hard Drive Encrytion

Encryption is a process to protect data by using sophisticated mathematical functions. Data is scrambled when written to the drive. This data is then not readable by an unauthorised person. When data is read back from the drive by an authorised person it is then converted back into readable data. Usually authorisation is provided by a password of some sort.

When using encryption, there are few things to watch out for

  • If you forget your password, you will be locked out of your own data. Be careful.
  • If your hard drive starts failing you could lose access to all your data.
  • You need regular backups if using encryption, as it is usually uncrackable.
  • Data is encrypted when the computer is off, but if someone accesses the disk while powered on they can access the data the same way you can.

Ideally, if you plan to use encryption try to speak to somebody knowledgeable about the system you have. The way a Mac handles things is very different to the way Windows does, which is different again to the third party options.

Stop Password Expiration In Windows 7

My brother has just brought me his laptop to look at after forgetting the login password. It was frequently asking him to change the password, and one day he changed it and then forgot it. I found a simple command to stop the password from expiring:

First run Cmd (Command Line) as Administrator (click Start -> and type cmd. Right click on Cmd and choose “Run As Administrator”). If you followed correctly this should give you a black command line window with white text.

Then type:

net accounts /maxpwage:unlimited

And press return or enter.

It should congratulate you, or say successful (can’t remember the exact wording).

The password should then last forever, or until it is changed manually.

Note: It is good practice to change passwords regularly, however outside of corporate IT land can be a huge hassle. Just ask my brother 🙂 

Data Destruction Discussion On Slashdot

Slashdot had an interesting article today about how to destroy hard drives. It’s a commonly asked question, but deserves a bit of time every once in a while. Of course there are the usual physical destruction options, from the humble hammer and screwdriver, to more exotic (and dangerous) techniques like a propane furnace.

For most purposes we still advise that a simple zeroing of the whole disk is a pretty safe bet. *

Failing that, then as long as you totally destroy the platters, you are good to go. That means taking the disk apart and grinding, bending and scraping the disks to bits.

* During normal use, a hard drive will get occasional bad sectors, which are then mapped out and prevented from being used. When that same sector is requested again, a new spare sector is used from another part of the disk. With the right knowledge, it is possible to access this list of remapped / bad sectors and see if there is any useful data within them. The chances of finding anything useful in these sectors is slim, but you never know.

Read the article on Slashdot

SSDs Not Secure

Some tests carried out by the “Non-Volatile Systems Laboratory” have revealed some serious flaws with SSDs ability to be securely erased. When using standard tools designed for spinning disks, the results were understandably bad. They also tried the built-in “Security Erase Unit” command and the results of this were generally not good. After being securely erased, most of the SSDs still contained some large fragments of the test files.

Some secure erasure software would be similarly inefficient for hard disks anyway, as things like remapped or bad sectors can still contain readable data which may not be erased during the process.

The simplest solution for securely erasing any data is to completely destroy the storage media. For hard drives this means making a real mess of the platters, for SSDs it means wrecking the whole PCB, data chips and controller chips.

Read More On Slashdot

PGP vs 10.6.5 Don’t Update

PGP 10.6.5 Don't Update
PGP 10.6.5 Don't Update

Users of PGP Whole Disk Encryption for Mac are advised agains the recent system update to Snow Leopard 10.6.5. Reports of users getting stuck in a reboot loop after the update have been appearing on PGP forums. The official advice is to first decrypt, then install the update, then encrypt again. More details of this can be found on Threatpost, with links for people that have already performed the update and are now locked out of their systems.

Safari Mac Bug

Safari Mac Users need to disable Autofill within preferences. Apples browser defaults autofill to allow malicious websites access to your details from your address book without consent. This can potentially be used for identification fraud.

Read more