TechWeekEurope visits the Kroll Ontrack lab in Epsom to explore the dark arts of data recovery
If you want to get data back from a smashed hard drive, you need data recovery. We visited Kroll Ontrack, the world’s largest specialist at bringing back lost information.
Ontrack, established in Minneapolis in 1985 and bought by risk consulting giant Kroll in 2002, was one of the first companies to specialise in data recovery. Through a series of successful acquisitions, it has also become the world’s largest.
These are the guys who can retrieve your family photos from a damaged smartphone. They can also help if a burst pipe flooded your server room and destroyed several decades’ worth of tape storage. And if a criminal attempted to get rid of the evidence by throwing their laptop from a rooftop, Ontrack’s forensics and legal team will put it back together.
The company invests tens of millions in R&D and performs around 50,000 recoveries per year, with 70 percent of these going into the ‘cleanroom’ – a special environment with a controlled level of air pollutants.
Earlier this month, TechWeekEurope was invited to the Kroll Ontrack recovery lab in Epsom, to see how teh experts bring important data back to life. They say there are people there who can diagnose a hard drive by the way it sounds.
Raising the dead
According to Phil Bridge, managing director of Kroll Ontrack, each digital storage medium presents its own recovery challenges. For example, hard drives involve plenty of moving mechanical parts, so sooner or later every HDD is destined to meet its end, most probably howling like a wounded beast.
Solid state drives (SSDs) still lack standards – many manufacturers have adopted proprietary technologies, making data recovery from Flash more complicated, especially if we talk about mobile devices. But SSDs aren’t as tricky as magnetic tape. Since tape is mostly used for long term data archiving, it can last through several changes of staff, hardware and software. Sometimes, businesses have no idea what kind of information they have stored in their tape archive.
There are serious issues with recovery from the cloud too – after all, most cloud service customers share their storage in a big pool, and when data is corrupted, it could lead to serious data ownership concerns.
Over 28 years of its existence, Ontrack has formed relationships with every major storage device manufacturer, which means its engineers can get their hands on equipment before it hits the shelves in order to be prepared for new technology. The company’s partner network includes Apple, Dell, HP and Microsoft, and its customers range from Johnson & Johnson to GCHQ.
Ontrack keeps an inventory of 150,000 spare parts going back 25 years, and maintains a shared ‘donor drive’ database. In rare cases, hunting down a particular decade-old model of a hard drive with a particular firmware version is the only way to bring the data back.
The company offers three levels of service, including ‘emergency’ that sets the engineers to work in an instant, and keeps them going until the recovery is complete – once one group ends its office day, he image of the drive is handed over to their colleagues in a different time zone, who can continue where the previous team left off.
If the problem is not too serious, Ontrack engineers can attempt to fix it remotely by accessing the storage device via a secure Internet connection and loading their tools into RAM to avoid overwriting any data. But the best thing about the service is you don’t have to pay anything until the company provides an estimate of how much information it can recover, with fees for home users starting from £250.
Ontrack warns that if the data on the affected device is important, customers shouldn’t use over-the-counter recovery solutions, since every attempt to read from a damaged disk can ruin it further.
The company offers not just recovery, but data destruction too – because who knows how to permanently erase information better than the people who will move heaven and earth to get it back? It turns out nothing makes sure data is truly gone like taking a good old-fashioned hammer to your storage device.
Kroll Ontrack is by no means the only company in the business – it has around 6,000 small competitors in Europe alone, but it has secured its position by simply buying anyone who was big enough.
“There used to be a company called Vogon, who were our biggest UK competitor. They got bought by our biggest European competitor called Ibas, based out of Norway. So Ibas bought Vogon, we then bought Ibas. In one fell swoop, we took out the largest players,” explained Bridge.
Tales of glory
Every year since 2002 Ontrack publishes a list of top data disasters. For example, earlier this year the company was called to work on a five-year-old server with a failed hard drive. When the data recovery engineer opened up the case, he discovered a nest full of spiders. They also had a vacation home right next to the parking area of the heads. That didn’t prevent Ontrack from recovering all of the data.
“If you ask, every employee has their favourite. One of the higher profile ones was the space shuttle [Columbia] that blew up. The hard drive in a black box fell from space to earth, landed in a lake, sat at the bottom for a few years. Then it was found, there was some important research data on it, it came to us and I think we got 99 percent of the information back. The research paper got published,” told us Bridge.
Another interesting challenge followed a fire at Southampton university. “There were hundreds of servers and storage devices in there, and the first job that we had to do is actually find them. It was just a burned out mess, and we had to go through the rubble and identify things that could have once been computers. And then of course we had to do a massive clean-up job and recover the data.”
Ontrack has a sister company to deal with legal issues, destroyed evidence and data used in court. “Sometimes we have to go with the police under the cover of night to grab media, bring it back here or analyse it on-site. The forensics team down in London will primarily deal with those cases. If you remember, there was a laptop in the back of a Range Rover [set on fire] that drove into Glasgow airport a couple of years back – we got that data,” said Bridge.
So what’s the best way to archive important data? Is it tape, disk or Flash? According to senior R&D engineer Robin England, the actual medium doesn’t matter, as long as you regularly copy the information to a more recent device. “You can have a back-up of a back-up, but in a couple of decades, you might find yourself in a situation where you don’t have the means to access that drive. Maybe it’s working perfectly fine, but nobody has a computer with an interface to support it.”
England also warned against careless use of encryption. While it can protect data from unauthorised access, without the right key, it will be almost impossible to recover – something the victims of CryptoLocker malware are finding out the hard way.
How much do you know about storage devices? Take our quiz!