Data recovery has been needed since man started to write things down. Why? Because what ever medium they tried to store the data on, it has always been susceptible to destruction. From earthquakes versus wall paintings to fire versus the library of Alexandria to head crashes versus your corporate file server. There has always been a weakness in how we have stored our information. While the risk mitigation to that sounds easy (back it up), the reality of the matter is that data loss happens all the time. When it does, there are 2 methods of data recovery.
- Physical recovery — Make sure the physical medium is functional
- Logical Recovery — Once the physical works, get the data
The data recovery process has 4 basic steps.
- Physical repair
- Image the device
- Recover the data
- Fix the data
Now to put this in perspective, the first method and the first step of data recovery go together hand in hand. The second method is more of a software data recovery that takes steps 2-4. Most people can do logical recovery with relatively inexpensive tools such as getdataback, rstudios, or even most of the forensic suites out there today. Physical recovery is an entirely different issue. It takes time, patience, a steady hand, practice, a clean room, the proper equipment, and an almost identical donor to use as a parts replacement cadaver. It is just like surgery and the donor needs to be compatible with the recipient if there needs to be an organ transplant. Just like the human body, the internals or organs of a hard drive are very fragile when not in the most ideal of environments. Platter based hard drives have more moving parts than a Solid State Drive (SSD), but the difficulty is still there. Just as in a normal transplant example, you need to understand that there is never a 100% guarantee that the recipient will come out of the surgery and recover. You can just hope and pray that the hard drive comes out and lives long enough to transfer the data to a secondary host so you can perform logical data recovery.
What causes the Click-o-Death? It is because the SA cannot be read. You can have 4 main reasons (and a possible combination of them) for this to happen:
- Heads are dead
- Preamp is dead
- SA corrupted or scratched
- Firmware on the PCB
This is a video of a head stack replacement. There is a donor drive and a recipient drive. As luck would have it, there is only half a head, so the replacement was very fast with minimal risk to the donor head stack. Enjoy the video!
Data Recovery Training from InfoSec Institute