Thursday, 12 November 2015

Drobo recovery

We now have what I think is the words-first commercial (for sale) Drobo recovery capability, included in our ReclaiMe Pro software. This comes in two parts,

1. read Drobo metadata is readable
2. partially rebuild Drobo metadata if there is not enough of it to be readable

and we have it in a for-sale software

there was recent announcement on HddGuru forum by some fellows doing the remote recovery, but they are not selling their software; we sell software.

 What it works with, well, Drobo 5D/5N/FS (NAS and DAS variants). Not tested yet with B800i iSCSI variant of the Drobo.

Wednesday, 24 June 2015

Repeating questions

There is a set of questions which customers seem to be repeating perpetually,

We have a large fancy storage system which failed. Can we fix it in place, without copying data?

No, you can not. You absolutely have to copy the data away. Yes, this means purchasing the disk set of the same size. Yes we know full well that it is 50TB, meaning 13x 4Tb drives. Yes, plus a RAID controller for it.

Can we have a RAID5 recovered when two disks failed?

No, that won't work.

OK if we can get the RAID recovered, maybe we can just get 2/3rds of files, since we'are only missing a little bit? 

No,  that won't work either, because any file lager than block size will be broken.

So we still can get some small files?

There are surprisingly few useful small files when the value of small is defined by the RAID controller.

OK maybe we can get our Word/Excel files and repair them using whatever DOC/XLS repair tool?

No, that won't work. The data is missing, and when the data is missing, no fancy repair tool can reconstruct it.

Saturday, 6 June 2015

Things to avoid in data recovery

This is a short list compiled based on the tech support experience,without much explanation

  • USB-to-SATA converters (for bad reliability);
  • Marvell chipsets (for bad handling of bad sectors);
  • Silicon Image controllers or any RAID cards based on these (after SIL_QUIRK_MOD15WRITE; even if SIL_QUIRK_MOD15WRITE does not apply to your controller, this is not an excuse to use Sil);
  • nVidia chipsets (for bad reliability of disk controllers under load)

Thursday, 28 May 2015

Timestamp and other metadata reliability

In forensics, turns out it is important to know timestamps reliably. In olden filesystems, like NTFS and FAT, you either have a timestamp (if the record is intact) or you don't (if the record is overwritten). Now, CoW filesystems like ReFS and BTRFS, produce a whole lot of different versions of metadata records - do you want a generation 3 timestamp or generation 8 timestamp? Considering that metadata generation numbers (as used for timestamps) do not necessarily match file pointer generation data, there seems to be no way to get forensically reliable timestamps on modern filesystems. This is probably something worth looking into.

Wednesday, 15 April 2015


Been answering a support query recently, and mentioned to client that USB is outright bad in all respects [for data recovery use].

Well, pretty much so,
  • if one of the drives has a bad block, quite likely the USB converter will lock up on hitting that block;
  • with USB 2.0, speed is 15 MB/sec maximum, for all drives combined,
    • even if you have what appears to be different ports, they will be routed through a same root port or hub anyway;
  • devices advertised as USB 3.0 often work at 2.0 speeds, with no warning whatsoever;
  • power supply issues and limitations are difficult to control, 
    • especially so if hubs are involved;
  • any setup with daisy-chained hubs is unstable,
    • especially so with USB 3.0;

So, think twice before starting a recovery with a laptop-based all-USB setup.