Retrieving Data from a Dead Hard Drive

From personal experience, there seems to be a lot more faulty hard drives in the last 10 years as compared to the decade before that. In my hometown, to retrieve data forensically from a dead hard drive costs $600 if they don't have to modify the hard drive physically; double that, $1200, if they have to touch one screw on the drive. If forensics is required, the sky is the limit.

In the last 8 years alone, I must've purchased 15 hard drives and about a 3rd of them have kicked the bucket. Brand doesn't seem to make a difference, from what I can tell. No single brand is immune from this trend of increasing hard disk failures. So I tried to figure out, what is it that goes wrong with hard disks these days?

Well, the first type of problem is that files are lost although, perceivably, the drive still works. This usually occurs due to some form of data corruption (could be an OS problem, a disk controller issue, etc.). If this describes your situation, your data is actually quite easily recoverable. However, do not write anything to the disk, do not reformat your disk and do not repartition your disk. Once you write anything to the disk, be it new files, or formatting/partitioning information, that's when you stand to lose your data. There's various data recovery software you can buy that will retrieve this type of data loss. The one I use costs about $100 (diskinternals.com). Works pretty well. I've seen some freeware ones too but haven't tried them.

Then there's the proverbial hard disk "crash". Technically, this means the disk head touches the disk platter. If your disk does indeed crash, you will lose a significant amount of data, if not all of it permanently. But if you look at the specs of a typical hard drive today, most of them can take shocks of up to 3G. That's a lot of force. Dropping your laptop from your desk isn't going to generate 3Gs of force. So what gives?

Typically, we don't actually get a "crash" situation. What's more common is that, the circuit board on the hard drive is damaged (typically from power surges or fluctuations) or one of the motors in the hard drive is dead. I think the former is more common than the latter. You can easily tell if the motor is dead: you don't hear the usual drive spinning up or you don't hear the rattling and buzzing of the disk head's movement.

So how do those forensic data recovery guys fix it? Well, if you don't think you have a motor problem, then buy the exact same hard drive brand new and try to swap the circuit boards with your faulty drive. You'll likely need a torx screwdriver set to do this. Be careful not to damage any connectors to the motors and the drive heads. I have found that you not only need to get the same model hard drive but the same version of the firmware and the board. Hopefully, they are still in the market. If not, then the forensic guys are probably the only way to go.

If you have a motor problem... then you have a problem. You still need to buy an identical unit brand new. This time however, you have to swap the disk platters. This is apparently very risky as disk platters do not like dust, so I'm told. I've never personally done this but every thing I've read stresses that it has to be done in a dust free room. Although, after watching this guy's video, I'm not so sure about the whole dust-free thing.


Opened hard disk in operation

I'm not sure there even is such a room. So in this case, I would probably fork up the $1,200 and get those pros who have access to such a room (that is, if the data is worth that much to me). Here's a video on how the pros do it. Looks like some specialized plastic extraction kit is required.


How the pros remove the platters from the drive

So back to the "crash". When you have a real "crash", your drive typically makes a continuous grinding sound as the head scrapes the surface of the platter.


A Hard Drive "Crash"

The scraped platter is toast but the other platters may still be readable with forensics ($$$).

All this puts an exclamation point on why it's so important to back up your data in multiple places. A UPS (uninterruptable power supply) unit may be a worthwhile investment as they come with voltage regulation and surge protection (external drives are particularly vulnerable to power fluxes). Lastly, buy your hard drives in identical pairs or quads. The data you store is worth way more than storage device. So spend a little more up front and use the disk mirroring feature (RAID).

No comments: