Menu Hide

CLIENT

A corporate user (IT professional), managing critical business data


Problem Overview

To retrieve data from a physically crashed 500 GB HDD that was originally encrypted, before getting formatted twice.

Business Impact

Permanent loss of 300 GB critical data due to hard drive crash, unless retrieved with use of in-lab procedures.

Solution Approach

  • HDD dismantling and replacement of broken head assembly
  • Disk cloning to create a functional clone
  • Forced decryption of the clone to access the storage space below the overwritten area
  • Deep scanning with Stellar Data Recovery software to maximize recovery

RESULTS

The data was recovered with 100% integrity, as confirmed by the customer. The data recovery project was completed within the committed timeline.

DOWNLOAD PDF

Stellar helps recover data from a physically crashed hard disk drive that was encrypted and formatted prior to physical crash

This case outlines recovery of data from a WinMagic SecureDoc-encrypted hard disk drive (HDD) having Windows OS, which underwent physical crash while the user accidentally formatted the HDD.

As described by the customer, he had nearly 300 GB data stored on this 500 GB HDD. Despite trying to plug this HDD as a secondary drive in multiple Windows computers (desktops, laptops, etc.), the customer was unable to access its contents.

Problem Statement and Inherent Challenges

The customer needed to retrieve the entire 300 GB data from the physically crashed hard disk drive that was originally encrypted, before formatting.

After cloning this drive, stellar data saviors had found that the drive contained unencrypted data. It was learnt— upon checking with customer—that the user had indeed formatted the drive twice over. So as per the technical analysis, this encrypted HDD had actually undergone multiple cycles of formatting, with continual usage until the point of its physical crash.

This was a truly challenging and complex data recovery case because it spread across the physical and logical facets of the storage. And, given the usage history of this HDD — repeat formatting and overwriting on each formatting — it was obvious that a significant amount of data would’ve been already overwritten* with new information.

Solution — How Stellar Data Saviors Rescued the Situation

Stellar data saviors began the data recovery task with the following steps:

1. HDD dismantling and head assembly replacement in state-of-the-art Class 100 cleanroom

It was necessary to examine the HDD for specific physical issues, as it was reportedly making a clicking sound and couldn’t be detected on any of the Windows computers.  The following steps ensued:

  • Requested tampering permission from the customer to check physical condition of the platter and head assembly.
  • The platter was fine but the head assembly was found broken, due to which the HDD was making the clicking sound.
  • A new head assembly from a donor HDD was transplanted on this recipient patient HDD to reinstate access for further data recovery operations.

2. Disk cloning to provision a functional clone for secure data recovery

  • Upon getting access of the patient HDD, the data saviors created 2 clones of the HDD by using a proprietary cloning software.
  • After successfully cloning the drive —completed in 7 days’ time—the next challenge was to decrypt the clone and recover the original encrypted data.
  • However, the data saviors found that the drive already contained over 100 GB of non-encrypted data, meaning the user had actually formatted the drive. The customer confirmed that the drive had indeed been formatted twice before it physically crashed.

3. HDD decryption to recover the original encrypted data

  • The data saviors tried to locate the encryption details in the left out area below 100 GB of the overwritten space, but couldn’t find these details.
  • The data saviors requisitioned WinMagic SecureDoc decryption key from the customer.
  • The data saviors then began forced decryption of the cloned drive, as automated decryption was not possible due to overwriting of critical decryption information while copying the data after formatting
  • The decrypted HDD now allowed unrestrained access to the storage space below the overwritten data area, and thereby opening up the possibility of recovering data from this space that was not overwritten.  

4. Deep scanning for data recovery

  • The data saviors used stellar data recovery software with deep scanning function to recover data from below the overwritten area on this decrypted clone.
  • The deep scan capability was vital to maximize data recovery from the overwritten HDD. It enabled file signature-based search to locate fragments of the lost data and stitch them together as a whole, integral unit.
  • The team  successfully recovered  170 GB  of the lost data  from this nearly impossible case of an encrypted hard drive that was repeatedly formatted, overwritten and ultimately suffered a physical crash.

Result

Stellar data saviors successfully recovered 170 GB of data from the encrypted HDD, which was lost through its inordinate history of formatting and usage. This highly convoluted case would have led to irretrievable data loss unless the highly specialized data recovery techniques as outlined above were devised and implemented by the data saviors.

Another notable outcome of the case was that the data was recovered with 100% integrity, as confirmed by the customer. Further, this entire data recovery project was completed and delivered within the committed timeline.

*Note: Repeat formatting and continual usage of storage media after a data loss incidence overwrites the lost data. Such overwritten data is permanently lost and cannot be recovered with the help of any kind of data recovery service or product. We recommend to immediately stop using the storage media -from which data has been lost- to get the best possible data recovery results.