The rise in electronics meant for consumers has caused a rise in the growth and proliferation of digital data, with storage devices being created to hold data in both on and off states. These data repositories are susceptible to damage, digital infections intended to corrupt and compromise data integrity, and accidental or malicious deletion of files.

In this article, we are going to learn about these media, the nature and type of compromise, strategies on how to protect the data and, in the eventuality of loss, the principles of recovery.

MCSE Training – Resources (Intense)

When an individual buys a tech gadget(s), be it personal or for mission-critical use, it is important to have a contingency plan, along with your usage intentions, in the event stored data is inevitably lost. These would include the identification of critical files, threats, and data recovery methods that you can use either directly or with the help of a professional. Being vigilant with regards to data loss prevention, data backup, and data recovery is the best guarantee. The choice of location of storage is as important as the created data itself.

Types of Storage Devices

There are three primary types of storage devices. They are optical, magnetic and solid-state memory devices.

1. Optical Storage Devices:

An optical drive uses reflected light to store and read data. The disk’s metal surface is covered with tiny dents (pits) and flat spots that cause light to be reflected differently. They include compact disk read-only memory (CD-ROM), digital video disk read-only memory (DVD-ROM) CD-recordable (CD-R), and CD-rewritable (CD-RW).

2. Magnetic Storage Devices:

A magnetic disk’s medium contains iron particles, which can be polarized. A disk drive uses read/write heads containing electromagnets to create magnetic charges on the medium. When a disk is formatted, the OS creates four areas on its surface. They are:

a. Boot Sector: This stores the master boot record program that runs when a computer is started.

b. File Allocation Table (FAT): This is a log that records the location of each file and each sector’s status. The OS checks the FAT for vacant areas, stores the data and notes the file and its location in the FAT. Fragmentation occurs when the OS splits the disk to allocate new space for additional files. Over time, the disk can become fragmented, making it slower so it takes longer time to load.

c. File & Folder System: Folders make it easy for users to store files easily and neatly. This includes the root folder and sub folders. The top folder on any disk is called the root folder or root directory. The file system is used to organize data meant to be retained after a program is closed by providing procedures to store, retrieve and update data and also manage the available space on the device. When the user views the contents of a file, the OS updates specific information about each item in the folder such as name, size and date of creation or last modification.

d. Data Area: This is the portioned area of the disk that actually holds data

3. Solid State Drives:

This uses an assembly of integrated circuits to store data on flash memory for a long period of time, over 50 years, without power or moving parts and can be connected to any device using standard IDE or SATA connectors. The major disadvantage of Solid State Memory as applicable to flash memory and Memory sticks is that it can only be written/erased one block at a time for a certain number of times before the block totals, usually about 1 million erase-write cycles because reading and writing to the chips wears out the blocks. To prevent this from happening too quickly, a leveling chip is embedded in the drive to control the write/erase of data on the memory. Solid state drives will most likely overtake hard disk drives in a few years’ time as their prices become lower.

Causes and Scope of Data Loss

Generally, there are three main reasons for data problem: software reasons, hardware reasons and human error.

Hardware Reasons

| Mechanical failure of the device |Fall, breakage, physical damage to storage disk | Power surge during operation | Bad section in the disk | Connection head damage | Circuit panel problem | Heat damage.

When the hardware is the cause, the device operation becomes slow, with an inability to execute tasks and inability to read data. Data recovery for hardware causes can be solved by fixing the underlying hardware issue; hence it is called hard recovery.

Software Reasons

| Virus/malware infection | Improper partition | File system corruption | Improper operation (read error) | Power-cut during operation | OS incompatibility |Lost password | Mis-encryption.

Software tools can be used to recover data lost through software causes because it is not related to hardware failure. In these situations, data is easier to recover as long as it has not been overwritten by continuous usage.

Human Error

| Unintended Format | Failure to back up.

Data Protection Methods

1. Backup:

Backup means to keep a spare copy of a file, folder, or other replicable data for use in the event of loss of the original copy. Backup copies should be kept at a different location or in a safe environment. A full backup captures all the files selected for backup. Depending on the volume of data and frequency, full backups often require large storage capacity and a significant amount of time to record the information. Progressive backup, on the other hand, backs up only files created or modified since the last backup.

2. Shake Protecting System:

This can prevent damage to the storage device’s head from shakes and falls, thus avoiding damage from such impacts.

3. RAID System:

The basic idea of RAID (redundant array of independent disks) is to couple multiple disk drives into an array of disk drives to improve performance, capacity and reliability as opposed to when using a single disk drive.

4. SMART Technology:

Abbreviation for Self-Monitoring Analysis and Report Technology, this mainly protects hard disks from losing data when it notices problems in the hard disk by triggering alarms and back up reminder pop ups.

5. Storage Area Network:

SAN is a system in which servers and storage devices are connected to a high-speed network. A SAN allows connection between multiple devices and eliminates the need for dedicated connection between a server and storage so that the storage becomes independent from the server. SAN enables the server(s) to share one or many storage devices. The storage facility may be located onsite or offsite.

Data Recovery

The tangible device holding data is called a storage device or medium, e.g., the surface of a CD, while the hardware that writes or reads data from a storage medium is called a read/write head, e.g., a spindle.

Data recovery is the process where inaccessible data is retrieved from a damaged or corrupted storage medium when it cannot be normally accessed via plug and play. Complete data recovery is not just able to restore lost files but it can also recover corrupted data. It is frequently used when the data needs to be recovered from such devices as compact discs (CDs), hard disk drives, memory cards, DVDs, and many other storage media. Data recovery is necessary when storage devices fail or where there is no backup.

– File Damage:

If some files cannot be opened, used or the contents are full of ‘gibberish, nonsensical mumbo jumbo’ characters in which the contents are changed so they cannot be read meaningfully, scanning the disk for virus/malware, file repair and some special files restoring tools can be used to restore the files.

– File Loss:

If files are lost because of deletion, format or clone error, data recovering tools can be used to recover data.

– Bad Track of Hard Disk:

There are software (logical) and hardware (physical) bad tracks. Logical bad track is mainly caused by inappropriate operating environments. Data lost this way can be restored by the use of software tools. Hardware bad track is mainly caused by physical or heat damage. Data can be restored by modifying the affected partition or sector.

– Partition Problem:

If there is no partition on the disk or the partition is identified as unformatted, partition recovery tools can be used to recover data.

– System Problem:

This is when the system in which the storage media is housed is not accessible or cannot come on or the operating system (OS) crashed. Reasons for this symptom may be that the system’s motherboard is damaged, a power unit problem, or a key file of system has become corrupted or lost. In this case, the system should be repaired and, if repair is not possible, the disk may be removed and plugged into another system.

– Password Loss:

If the disk password or system account is lost, some special password decryption tools that correspond to certain data form such as can be used.

The Principle of Data Recovery

Data recovery is a process of locating and recovering lost data. It entails taking data loss precautions that may happen unexpectedly. The following hints are useful to prevent loss of data happening.

– Backup all the data in the hard disk.

– Prevent the storage media from being damaged through falls, dust/dirt, and extreme heat during operation.

– It is not advisable to make use of or write new data to the device that one intends to recover data from.

– When a physical bad track is noticed, it is advisable to back up the disk, otherwise further damage to the storage device can result in data being lost.

Encrypted Data Recovery

Encryption is used to protect sensitive information stored and transmitted between IT systems. Key recovery is the general term used for the protection of encryption keys to prevent their loss. This is important because, if keys used to encrypt data are lost, then the data is lost or lost keys may affect the operation of the program. To ensure the security of encrypted data, the encryption key must be carefully protected.

These keys may need to be copied (i.e., backed up or archived) in order to allow recovery of the keys, when required.

In some circumstances, it is acceptable to keep the key to be recovered in two different places, so that the cooperation of two or more people is required to recover a key. Or the copy of all the keying material needed to recover data or resume encrypted applications should be securely kept with a reliable key recovery facility. It should, however, be noted that any keying material maintained for key recovery is an additional attack magnet. Therefore, the security of the backup key is paramount.

Contingencies for Data Availability

Formal Policy and Drills on Backup:

Companies should document and enforce policies on backup of IT resources. The frequency of backup will depend on the amount of data generated, the infrastructure available and redundancy. It is also important that backup drills should be conducted at least annually to ensure that recovery is achievable under the specific criteria. The policy may then be modified based on the drill results if desired.

Disk Replication:

With disk replication, data is written to two different disks (a server and a replicating server) so that two solid copies of the data are always available.

Compatibility:

To ensure smooth recovery, backup devices must be compatible with operating systems and applications being used by the company.

Offsite Storage:

Important data should be backed up and stored at an offsite location. Backup media should be housed in a secure, environmentally controlled facility. Details of the data content and decryption procedure should be stored with the data as well. To prevent loss of data from adverse events such as fire and flood, it is imperative that backups be maintained in a separate, offsite location, so that the probability of a single event destroying both the operational data files and their backup is minimal. Decisions on which offsite backup service such as cloud service or location can be made based on recommendations of a formal risk assessment.

References

*ITL Bulletin of the National Institute of Standards and Technology (http://all.net/books/standards/NIST-CSRC/csrc.nist.gov/publications/nistbul/itl02-april.txt)

*Small Scale Digital Device Forensics Journal, Volume 1, No. 1, June 2007.

*Scott Moulton’s Speech on Research Materials and Notes on Data Recovery (www.forensicstrategy.com, www.myharddrivedied.com) .

*White Paper- Data Recovery: Choosing the Right Technologies.

*Computer Forensics Data Recovery Techniques and Solution Workshop.

Image Credits

www.u.picardie.fr | www.vernalee.com | www.igcseict.info | www.en.wikipedia.org | www.ibmsystemsmag.com | www.1and1.com | www.freeitsoftware.com | www.datarecovery.ie | www.allsan.com | www.hardwaresecrets.com | www.ip-watch.org