I published a post back in 2016 highlighting the problem we were seeing with Sandforce controllers on single SSD drives. We have now also come across this PCIe 3.2TB SSD that uses a Marvel controller as well as Sandforce controllers to control banks of data chips. Like the others, this device has I/O errors which we believe is caused by the Sandforce controllers. This PCIe SSD device requires proprietary drivers for it to be recognised in the bios and OS, regardless of what platform it is run on. Although we can communicate with the device via an SSD Utility provided by Toshiba, there is no access to the user data.
I have good news for our customers, our developers have been working hard and have produced a solution to the firmware failures of this model hard drive. I posted a blog alerting our customers back in March 2015 when we started to see the problems arise. A solution was tested just before the end of last year and we now have a process that fixes these issues.
We also have firmware fixes and recovery solutions for other Seagate Hard Drives.
The low prices and high speed access of the Sandforce controller made it an appealing option for SSD manufacturers such as Toshiba, Intel, Kingston & OCX. But it soon became a problem for users when the SSD devices using these controllers started to fail in their computers after just six months of use. Usually it resulted in the device not being recognised by the computer bios, and not functioning at all.
That was okay if you were happy to have it replaced under warranty by the manufacturer. The problem came when you wished to try and recover critical data that may have been stored on these SSD’s. The use of full hardware encryption on the controller and the device, meant that the data could not be recovered, even when using low level data chip removal.
Fortunately today these controllers are not so popular, and as a result most mainstream manufacturers do not use them. But be aware that they can still be found in some non branded SSD’s.
This hard drive is one of the new Hybrid drives that also uses flash memory for quicker access. It recognises frequently accessed data and stores this in the flash memory for faster read performance.
We have received these hard drives for recovery before and have had good success with rework ranging from firmware fixes to internal repair.
We received one of these hard drives just recently which had very limited access. It would show all of the hard drives details including Make, Model, Serial Number and Firmware, but it would not allow access to the user data.
Further diagnosis revealed a problem with the firmware. Even with our specialist hardware we could not overcome the problem. This drive has been designated for R&D, to try and understand this problem, and create a solution for it in the future.
If you have a failed Seagate drive, you may be interested in our Seagate Data Recovery Services.
SSDs (Solid State Drives) may one day become the standard form of storage in computers. Apple laptops are already heading that way. There are certainly many advantages when comparing SSDs to HDDs (Hard Disk Drives), however they do bring their own problems, which are often not well reported. We don’t care how good SSDs can be. We care about how they fail. It’s common to hear things like: “I’m replacing my hard drive with an SSD so I won’t have to worry about it crashing again.” While this is technically true – there are no moving parts to crash – there are plenty of other ways an SSD can fail. Whether it’s technically crashed or not doesn’t matter at all when you can’t access your files. It’s a shame but an SSD does not get you out of the boring task of running regular backups.
There are some pros and cons which specifically affect data recovery from SSDs. I haven’t listed things like battery life or read / write speed as they are not relevant when it comes to recovering data from them.
SSD Data Recovery Pros:
- Shock resistance. No moving parts to crash.
- Just as susceptible to filesystem issues, deletion, reformatting, bad sectors etc which can be recovered using existing equipment.
- False sense of security. The word reliable comes up a lot in SSD marketing with phrases like “More reliable, faster, and more durable than traditional magnetic hard drives.” Maybe research exists that shows SSDs are less prone to failure but it doesn’t seem to be the case at the moment. Anything that holds your valuable data runs the risk of getting drenched, getting stolen, getting lost, and that’s before we even take general failures into account.
- Susceptible to electronic failure, Maybe more so than a hard drive as the storage and electronics are combined in SSDs. Some of the most common hard drive failures are caused by errors in the firmware which controls the performance of the drive. SSDs have very complex firmware, which opens the possibility of firmware corruption. In most cases firmware corruption will block access to your data.
- Encryption. Most modern SSDs encrypt the data at a hardware level, which makes it impossible to remove data chips and extract data from them externally (you can do it, but the data is encrypted). The keys to the encryption are often stored within the controller chip, so if that fails, you could be locked out of your data for good. Modern encryption works well. You can’t get round it.
- Wear-levelling algorithms. Which move the data around the SSDs to improve performance, can make recovery difficult as these algorithms would need to be taken into account when accessing a failed SSD. They don’t store data in logical order like hard drives do.
When developing our iPhone data recovery process we had to make a few decisions about the devices we can support. The newer iPhones (4s +) are not accessible in the same way as older models.
With the iPhone 4 and below we can extract the data using a forensically clean process. What this means is that we can take the data off without writing anything to the NAND chips (storage) inside the iPhone. This fits in perfectly with our regular data recovery process as we never write data to a device we receive.
With the iPhone 4s, Apple changed the part of the system we use to access the iPhone’s memory. There is a chance that a new method of extraction for iPhone 4s will become available, but until it does we will not be recovering files from these devices.
iPhones store their data on NAND chips which are soldered to the main circuit board of the phone. The data can only be correctly decoded if we also have access to other parts of the circuit board, so it is crucial that the iPhone is electronically functional. If water damage has shorted the iPhone then we have no way to access the data externally. It’s not that it’s impossible, just that the work would be unreasonably expensive and time consuming.
Another potential barrier for iPhone recovery is down to the way files are stored. Since iOS4 most files including iPhone camera photos and videos are encrypted before being written to storage, using unique encryption keys. This means every file ends up with a different header. When files are deleted there is nothing to distinguish a photograph from any other random collection of bytes.
Another problem with the file based encryption is that if you restore the iPhone using iTunes, those encryption keys get erased and new ones are generated. This prevents recovery of the old data, which is good for security but bad for data recovery.
In the vast majority of cases, deleted data is actually still lurking around on your hard drive. If you put data in the Recycle Bin or Trash, and them empty it, all you are actually doing is telling the system that it can reuse those parts of the disk when it wants. Until you replace those areas with new data, the old data will still be there.
The Filing Cabinet
The tried and trusted analogy is of a filing cabinet. When you delete a file, you are removing the index card from the front of the drawer, but the actual file is still in there.
This is why it is really important to switch off your computer as soon as possible if you have accidentally deleted some files. You may not realise but even small actions like checking e-mail or browsing the internet can write cache files to the disk. That is when data could be lost.
Overwritten / Deleted Data
We often hear about the FBI being able to recover overwritten files. While this may have been possible on very old – low capacity hard drives (~100MB), it is unlikely to be possible on modern hard drives. The magnetic material is far too densely packed. Even then, it would only be tiny fragments of data recovered, and not whole files.
The Problem With SSDs
Solid state drives bring a whole new problem of their own. Due to the way the data is distributed around the device, known as wear levelling, you can never be sure of which sector you are writing or overwriting. Wear levelling is necessary to prolong the life of an SSD, but it means the drive could be moving data around behind the scenes, making deleted files much more difficult to track down.
In most cases, we can recover deleted files with the original file names and folders. With deleted Mac data, this is often not possible. In that case we have to use a special type of scan, which finds all files of a given type and saves them to numbered files. This means camera photos may be recovered into a JPG folder, with files named like photo0001.jpg, photo0002.jpg and so on.
If required we can process certain types of these files into more meaningful order. For photos we can arrange into folders by date taken, and for music files we can arrange into Artist / Album order.
The Important Bit
If you accidentally delete some files, they are likely to be recoverable. It’s the actions you take next which can make the recovery difficult – if not impossible.
Bang Goes The Theory – Series 6 Episode 3 – March 26th
I love Bang Goes The Theory. I loved the alcohol powered motorbikes last week and find it a good doorway into ideas, which are presented in a fun and interesting way. I was extra excited when I started watching episode 3, and relised they would be featuring data recovery. A perfect opportunity to dispel some common myths, and dish out a bit of advice in the process.
The data recovery guy Rob, made a good analogy when he described deleting data as ripping out a page from the table of contents. That is pretty much how it works, and really simple to understand.
Data Recovery Experts
Yes they are the world leaders. I’m not going to dispute that, but I’m also not going to name them. They don’t exactly need the extra publicity. It’s worth noting that any decent recovery firm would have reached the same results from the batch of damaged drives.
I do have a couple of problems with the way some of the drives were “destroyed.”
- Sledgehammer. This would have been a good way to destroy a drive, but only if it had been removed from the PC first. Effectively the metal PC case acted like armour, thus protecting the drive from the brunt of the impact.
- Tractor. Same as above. If the drive was bare, and on solid ground, then maybe the tractor would have done more damage. Instead, the PC case protected it sufficiently and all the data was recoverable.
- Golf Swing. This was great in the example shown, but is a bit unreliable. If you only hit the edge, or if the disk didn’t have glass platters then it may have been recoverable. Maybe take it apart first, then you can see if it’s damaged.
- Tea Damaged USB Pen. This was a good one. Solid state storage should survive liquid damage, as long as it is powered off at the time. When dried out, there is a good chance of getting the data back. The worst thing you could do is plug in a wet drive, as this would cause an electrical short, and potentially damage the electronics of the device, and even the computer you plugged it into.
- Big Magnet. This was a good one, and surprisingly effective. Only problems are the fact that most people don’t have a giant magnet, and unless you test it afterwards, you wouldn’t know if it had worked.
- Toaster. This is an interesting one for me. Of course the toaster damaged the PCB (circuit board) of this hard drive. These drives were quite old, so that was no major problem. If however these were more modern drives the story could have been quite different. A lot of newer drives encrypt the data using keys stored on the PCB. If you melt that PCB, then you have a very difficult job on your hands.
- Torched. 100% successful. If you can see the drive destroyed, then that’s perfect.
Liz later made some good points about the reliability of CD / DVD storage. I agree that although the quoted life spans of DVDs are enormous, in reality DVDs often only last for a couple of years. We have had discs in for recovery that have been stored in temperature-controlled server rooms that have still failed well short of their estimated lifespans.
Hard disks can last for ages. We have some here that are well over 15 years old and still going strong. The problem is that they can fail without any warning. It is sound advice to backup one drive with another, and then another. This is the only surefire way to avoid being stung by a failed drive. Dallas made a good point of moving one of the backups off site, which is also a good idea.
I didn’t like the scrambling advice given near the end. There are problems with the way hard drives are designed, which can prevent the software from accessing bad sectors, and hidden parts of the disk. Although only small parts of the disk, you could leave enough data there to be targeted by fraudsters or whoever.
I advise a two pronged approach. First erase / scramble the data, then physically destroy the drive. This makes it far less likely that your data could end up in the wrong hands.
It is good to see this sort of thing on mainstream TV, and the advice given was a good starting point for most people. Despite my points above, it was basically a good show: Interesting and informative, with a decent amount of good info.
Many people have little or no knowledge of the way their data is stored, so any way to bring this to their attention is good in my books.
The Register has today posted two articles about the ongoing battle to expand hard drive capacities.
First is an actual device for sale, a 2TB Western Digital portable drive. This drive has a fancy new case and USB3 connection. It contains backup software and also the option to encrypt the data with a password. I wonder if it encrypts the data by default like some of their previous portables. (A bad thing!)
Second is a futuristic announcement from Seagate about their new HAMR technology. This new tech uses a laser to heat part of the disk before magnetising it. This apparently allows for much higher densities, theoretically paving the way for 60TB hard drives. There doesn’t appear to be any products using this technology at the moment.
60TB drives will be fantastic for backups, but horrible to backup without a new, faster form of connection. These would take almost forever (exaggeration) to fill up by SATA.
This news helps prove that hard drives are far from dead. It will take a long time until SSDs can cope with such massive capacities, at a similar cost to these beasts.