FAQ

Mobile FAQ Slide

Topics

Data Recovery

- +Why do hard drives fail?

Hard drives are considered temporary data storage areas can fail for a number of reasons.  Often the simplest of reasons causes a drive to fail.  This can include failure due to:

  • Firmware damage
  • Overheating
  • Component failure
  • Vibration
  • Impact damage.
  • Electrical shock

Disklabs classify hard drive failures into two categories: Logical Failure & Physical Failure.

- +What is logical failure?

Logical failure: This is where the hard drive is physically functional but the data cannot be accessed.  Logical failure includes corrupt engineering chip, firmware failure, lost partition, deleted data, re-install and formatting.

- +What is physical failure?

Physical Failure: Is where a mechanical component has failed or been physically damaged – Common physical hard drive failures include head crash, head failure, bearing seizure, motor failure and blown chips on the PCB.

- +Is data recovery guaranteed?

NO! Data Recovery rates are dependent on the nature of the failure.

- +What are disklabs levels of data recovery service?

Standard Service– Average 10 – 14 working days turnaround.

Priority Service– 5 – 7 working days.  When you Job arrives into the building it is put in a queue at the front of the standard service hard drives and is worked on next.

Emergency Service – Immediate diagnosis and recovery- in the fastest possible time scale dependent upon the problems and the volume of the data.

 

- +What RAID have I got?

RAID O

RAID 0 also known as a striped RAID consists of 2 or more drives. RAID 0 splits the data evenly across the available disks. RAID 0 is not a true RAID as it offers no redundancy and is primarily used for increased performance of the system. It is also often used to increase storage capacity for users with 2 smaller capacity drives to in turn create a much large volume.

Some common faults that we recover data from Raid 0 system are:

* One hard drive physically failing causing the array to fail.
* The File structure becoming corrupt on the array and losing the all the data.
* User error incorrect setup of the RAID. Confusing RAID 0 (Strip) and RAID 1(Mirror). So removing one drive thinking that all the data will still be on the other drive.

RAID 1

RAID 1 often referred as a Mirror RAID. The RAID works by writing the same information to two or more drives simultaneously. In effect, the data is written to a drive and the write process is simultaneously mirrored onto the second drive. This offers you a level of reliability not found with RAID 0. If one drive fails then a duplicate of all the data is on the other hard drive.

Some common faults that we recover data from this type of RAID are:

* Users not checking that the mirror is correctly setup and when the primary drive fails realizing that the data has not been written(mirrored) to the second drive.
* Unprotected power supply surging and blowing both hard drives.
* Following a catastrophic data loss the incorrect drive gets removed and the is then rebuilt over.

RAID 5

RAID 5 is the most common RAID configuration for Business and Corporate systems. The high level of redundancy provided, coupled with the possibility of high capacity makes this configuration more appealing than RAID 0 or RAID 0+1. The system works by spreading the parity (data) across the hard drives, if one drive was to fail then the array would continue without any loss of performance. If a second drive was to fail then the array would collapse.

Common Failures to Raid 5 arrays that we recover data from:

* Poor management of the array leaving 1 drive failed and not replacing the unit before a second drive fails.
* RAID controller losing the configuration/rebuild of array
* Incorrect removal of failed hard drive from the array then attempts to force the array to rebuild.

- +What should you do if you have experienced a critical data loss?

For customers with single drives, back up devices or Laptops.
1. Switch the computer off.
If the power is off, it can’t do any more damage!
2. Leave it off!
Don’t restart the computer; it can often compound the data loss.
3. Do not open the Hard Disk.
Do not attempt to open the hard disk and fix it yourself, it is a complicated electronic device, with sensitive parts that will be damaged by minute dust particles.
4.  Call Disklabs on 01827 55999 and get free advice.  Disklabs have three levels of service to suit your requirements.

For RAID Array customers
1. Switch the computer off. If the power is off, it can’t do any more damage!
2. Do not try and rebuild your system.  If you have, not all is lost but you must power down you array immediately.
3. Do not try a swap the drives around.
4. Call Disklabs on 01827 55999 and ask for our customer service RAID experts (we have three) and get free advice.  Disklabs have three levels of service to suit your requirements. Remember we will collect your array, work round the clock and return you data causing the least disruption to your business.

- +How is the data returned back to me?

We can copy the data to any device you want, (hard drive, memory stick etc). If you don’t send one in, we can sell you one.   Unfortunately we are not able to return data back on the original hard drive or device.

Digital Forensics

- +Cell Site Analysis – To undertake Cell Site Analysis what information is required?

To undertake Cell Site Analysis we require the following:

  • Locations of interest
  • Prosecutions report including mapping, call tables and raw survey results
  • Historic Call data / records from the network provider
  • OS map location of the Mast sites from the network provider
  • Brief from Council outlining the circumstances
- +How long is historic call data retained by the network provider?
  • The historic call data with Cell Site information is retained by the different networks for differing periods of time. These are:

 

  • Vodafone = 5 months
  • Hutchison 3 = no time limit (more expensive as time progresses to get the records)
  • O2 = no time limit (more expensive as time progresses to get the records)
  • EE = 6 months
  • T -Mobile = 12 months
- +Why do I need digital forensics?
  •  If there is a situation where data that could be included in a legal case then it is good practice to undertake a forensic examination.
  •  If you are in a HR dispute and will need to present the activity undertaken on a works computer or email system in any tribunal.
  •  If you have a situation where you need to understand the activity of a particular user of mobile phone, computer, web based site or email in relation to a crime or dispute
- +What does digital forensics entail?

Digital forensics is where an expert would undertake an investigation on digital devices such as phones and computers.  Using approved and  established equipment, software and techniques to image, analyse and present their findings based on the data that resides on the digital device in question.

Certified Data Erasure

- +Who uses certified data erasure services?

Corporate clients and Government agencies who need the reassurance that unwanted yet sensitive data has been certifiably and securely erased within their facilities, adhering to both corporate governance and legal compliance.

- +How do you erase the data?

Disklabs uses Blancco software to destroy all the data on the hard disk by overwriting every track, sector and cylinder of the hard disk with a chosen data erasure algorithm dependant on the level of erasure/standard required.

- +What standards does Disklabs service meet?

Disklabs erases data to meet the enhanced erasure requirements set by the British CESG Infosec in HMG Infosec Standard No 5.

- +What standards are met?

Blancco is also compliant and meets the following security standards:

  • Air Force System Security Instructions 5020
  • Bruce Schneier’s algorithm
  • Germany Standard VSITR
  • HMG Infosec Standard No 5 (baseline/enhanced – Version 3.7r1)
  • Navy Staff Office Publication (NASVO P-5239-26) for RLL
  • OPNAVINST 5239.1A
  • Peter Gutmann’s algorithm
  • Polish Internal Security Agency (PB LOF-05)
  • Russian Standard GOST P50739-95
  • The National Computer Security Centre (NCSC-TG-025)
  • US Army AR380-19
  • US Department of Defence Sanitizing (DoD 5220.22-M)
  • DIPCOG: The British Defence Infosec Product Co Operation Group
  • has approved and highly recommended the use of Blancco within its individual MOD divisions. (Version 3.7 v4.5 HMG)
  • NSTL: NSTL (National Software Test Laboratories) has approved and certified
  • Blancco Data Cleaner.

Training and Consultancy

Faraday Products



Need more help?

Do you have a question that is not answered by any of the topics covered in this FAQ?
Contact us directly and we'd be happy to help.

Tel   +44(0) 1827 55999