Data recovery from a partially rebuilt RAID
July 12th, 2010 | Author: Mark
I’ve often heard it said, “the RAID has been rebuilt – the data cannot be recovered” and often this is the case. With RAID5, if the configuration is changed, and new parity is calculated, then there will be a significant loss of any data that was previously stored on the RAID.
As Hamlet so eloquently put it “There are more things in heaven and earth, Horatio, than are dreamt of in your philosophy.”, just because something is outside of our normal experience does not mean that it is not possible.
Read the rest of this entry »
Posted in Data Recovery | 
Tags: EDB recovery, Exchange recovery, RAID data recovery, Raid recovery | 
No Comments »
How do you restore Tivoli TSM data for forensic examination purposes
June 28th, 2010 | Author: Mark
Tivoli Storage Manager (“TSM”) provides a sophisticated heterogeneous data storage environment within which large volumes of data can be held. These might include email backups, user documents and SQL database, in fact all of the information that might be just a little bit useful in a computer forensic investigation or a tape data discovery exercise.
So, you are an investigator who has been handed a case containing 25 LTO4 cartridges from a TSM archive, now what?
Read the rest of this entry »
Posted in Data Recovery |
Tags: Data migration, Forensic tape examination, Tape recovery |
1 Comment »
Tape – “The reports of my death are greatly exaggerated”
March 15th, 2010 | Author: Mark
(With apologies to Mark Twain)
The release of LTO5 by Quantum Corporation brings 1.5TB native/3TB compressed tape to the market, and it is a sure fire bet that IBM and HP will shortly follow with their own offerings, which means that for the past 20 years or so, a technology many said was going the way of the Dodo, has managed to more than keep pace with competing technologies, and seen quite a few off (remember how optical disk was the future of storage back in the late 1980’s?).
Recover a bit but lose a block
October 1st, 2009 | Author: Steven
When attempting a data recovery from a Microsoft Exchange email server after a catastrophic failure, and when I say catastrophic I mean, no backup to restore from and file system corruption or file deletion that has rendered the Exchange information store files inaccessible, one of the tools in Altirium’s data recovery arsenal was to trawl the entire disk or RAID volume and identify pages of Exchange data and rebuild the information store from the ashes. However when Microsoft engineers decided to change their page error correction method so that they could correct a single bit error in a page this seemingly minor ‘upgrade’ had dramatic effect in the ability to identify Exchange page data.
Is a NAS RAID reconfiguration the end of your data?
September 3rd, 2009 | Author: Mark
The popularity of Network Attached Storage (NAS) RAID units has never been higher. For a small outlay a low powered, easy maintenance, storage device of 1TB or higher can be plugged in and used where once an expensive server with disk storage would have been the only option. Whilst RAID5 gives a high degree of reliance against the failure of any one disk in the NAS unit, other problems can result in an apparent total loss of data and a requirement for a NAS Data Recovery.
A NAS storage device in need of recovery was delivered to us last week. The customer had been using the device and on Friday evening all data was present and correct, but when the customer went to access the device on the Monday morning it was operational but there was no data present. So where had it gone and could a data recovery be achieved?
Posted in Data Recovery |
Tags: Data loss, Raid recovery, Unix data recovery, xfs recovery |
1 Comment »
TK50 data recovery, look out for media degradation
August 24th, 2009 | Author: Mark
TK50 was a major player in tape backup on VAX/VMS systems several years ago. Being fundamentally ½” (half inch) tape of the type used in open reel drives, but housed as DLT style cartridge, it suffers from the same long term storage problems as some brands of 1/2″ media. TK50 drives could store 70MB of data, and took quite a long time to fill, so have long since ceased to be a viable backup option even if you can find drives and media. But, there are a surprising number of tapes out there with data on them and recent weeks seem to have brought forth a flurry of requests to get data from them, and in one case to copy some. In a high proportion of these cases the data transfer operation has ended up being a data recovery exercise involving considerable work in the lab.
eDiscovery and the monster in the vault
August 4th, 2009 | Author: Mark
Past failure cannot be taken as a signpost for the way things will be in the future, so the inability of the US and UK financial regulatory authorities to spot the credit bubble from 20 paces, or the world’s largest Ponzi scheme even when pointed out to them in neon lighting, should not be taken as a sign that regulation can be ignored.
What is almost certain is that these regulatory paper tigers are about to be forced to become real, and with it will come new zeal for enforcing regulatory compliance leading to an increase in eDiscovery and eDisclosure requests.
Data Recovery – Don’t take no-fix for an answer
July 24th, 2009 | Author: Steven
When I first started in the data recovery industry back in 1995 data recovery was very much a specialist area of expertise. There were no ‘off the shelf’ data recovery software tools. We had to develop our own methods and techniques to get the job done. These days however the data recovery market place is flooded with companies offering such services, so how do you know who to choose?
Computer Forensics – don’t ignore the tapes
July 23rd, 2009 | Author: Mark
Much Computer Forensic work is associated with data recovery from hard disk drives, USB pens and other common data storage media. Even the television drama departments appear to believe that data is stored only on this limited range of media, I don’t have a back catalogue to check against but I am pretty certain that on Spooks there has never been an analysis of a DLT or LTO tape cartridge. So what about tape? Probably the largest volume of data stored in the world is on tape, so is it of any value in forensic investigations and litigation work?
The hard disk drive in a computer system contains the most up-to date information along with other forensically valuable information such as internet history and local temporary files, so why should you bother looking at the backup tapes?
Data migration and the curse of multiplexed NetBackup
July 15th, 2009 | Author: Mark
A bit unfair to single out NetBackup, any format that supports multiplexing can leave similar problems for anyone attempting an archive-wide data migration project. The problem is this, multiplexing involves the interspersing of data from several sources within a backup set. This gives improvements in backup performance but the payback is in potentially degraded restore performance, especially if attempting a complete restoration of data. Why?
- David Sandlin on How do you restore Tivoli TSM data for forensic examination purposes
- BBG on RAID5 backup, why bother?
- Christopher Rydell on Data migration and the curse of multiplexed NetBackup
- Tashia Bocek on Time someone guarded the guards?
- Steven on Data migration and the curse of multiplexed NetBackup