A wide variety of failures can cause physical damage to storage media. CD-ROMs can have their metallic substrate or dye layer scratched off; hard disks can suffer any of several mechanical failures, such as head crashes and failed motors; tapes can simply break. Physical damage always causes at least some data loss, and in many cases the logical structures of the file system are damaged as well. This causes logical damage that must be dealt with before any files can be salvaged from the failed media.
Most physical damage cannot be repaired by end users. For example, opening a hard disk in a normal environment can allow dust to settle on the surface, causing further damage to the platters and complicating the recovery process. Furthermore, end users generally do not have the hardware or technical expertise required to make these repairs; therefore, costly data recovery companies are consulted to salvage the data. These firms often use Class 100 cleanroom facilities to protect the media while repairs are being made.
Despite this, there are many accounts of users getting a bad disk going long enough to pull their data off, often via slightly bizarre tricks. These include making the drive cold (in the freezer) or spinning it manually on the ground, both actions being used to unstick a jammed platter. Most data recovery professionals recommend against the use of tricks such as these, as they can cause additional physical damage to the drive if done improperly (and in many cases, even when done properly).
Recovery techniques
Recovering data from physically damaged hardware can involve multiple techniques. Some damage can be repaired by replacing parts in the hard disk. This alone may make the disk usable, but there may still be logical damage. A specialized disk imaging procedure is used to recover every readable bit from the surface. Once this image is acquired, the image can be analyzed for logical damage and will possibly allow for much of the original filesystem to be reconstructed.
Hardware repair
Examples of physical recovery procedures are: removing a damaged PCB (printed circuit board) and replacing it with a matching PCB from a healthy drive (this often entails the movement of a microchip from the original board to the replacement), changing the original damaged read/write head assembly with matching parts from a healthy drive, removing the hard disk platters from the original damaged drive and installing them into a healthy drive, and often a combination of all of these procedures. All of the above described procedures are highly technical in nature and should never be attempted by an untrained individual. All of these procedures will almost certainly void the manufacturer's warranty.
Disk imaging
The extracted raw image can be used to reconstruct usable data after any logical damage has been repaired. Once that is complete, the files may be in usable form although recovery is often incomplete. According to research by the Defense Cyber Crime Institute there are also tools available to law enforcement and government agencies only such as ILook IXimager.
Open source tools such as DCFLdd v1.3.4-1 can usually recover all data, with exception of the physically damaged sectors. (It is important that DCFLdd v1.3.4-1 be installed on a FreeBSD operating system. Studies have shown that the same program installed on a Linux system produces extra "bad sectors", resulting in the loss of information that is actually available.)
Typically, Hard Disk Drive data recovery imaging have the following abilities. Communicating with the hard drive bypassing the BIOS and operating system that are very limited in their abilities to deal with drives that have "bad sectors" or take a long time to read. Reading data from “bad sectors” rather than skipping them (using various read commands and ECC to recreate damaged data). Handling issues of unstable drives, such as resetting/repowering the drive when it stops responding or skipping sectors that take too long time to read (read instability can be caused by minute mechanical wear and other issues). Pre-configuring drives by disabling certain features, such a SMART and G-List re-mapping, to minimize imaging time and the possibility of further drive degradation.
taken from http://en.wikipedia.org
No comments:
Post a Comment