Business Challenge

This case outlines recovery of data from a WinMagic SecureDoc-encrypted hard disk drive (HDD) having Windows OS, which underwent physical crash while the user accidentally formatted the HDD.

As described by the customer, he had nearly 300 GB data stored on this 500 GB HDD. Despite trying to plug this HDD as a secondary drive in multiple Windows computers (desktops, laptops, etc.), the customer was unable to access its contents.


Problem Statement and Inherent Challenges

The customer needed to retrieve the entire 300 GB data from the physically crashed hard disk drive that was originally encrypted, before formatting.

After cloning this drive, stellar data saviors had found that the drive contained unencrypted data. It was learnt— upon checking with customer—that the user had indeed formatted the drive twice over. So as per the technical analysis, this encrypted HDD had actually undergone multiple cycles of formatting, with continual usage until the point of its physical crash.

This was a truly challenging and complex data recovery case because it spread across the physical and logical facets of the storage. And, given the usage history of this HDD — repeat formatting and overwriting on each formatting — it was obvious that a significant amount of data would’ve been already overwritten* with new information.

Solution — How Stellar® Data Saviors Rescued the Situation

Stellar data saviors began the data recovery task with the following steps:

1. HDD dismantling and head assembly replacement in state-of-the-art Class 100 cleanroom

It was necessary to examine the HDD for specific physical issues, as it was reportedly making a clicking sound and couldn’t be detected on any of the Windows computers.  The following steps ensued:

  • Requested tampering permission from the customer to check physical condition of the platter and head assembly.
  • The platter was fine but the head assembly was found broken, due to which the HDD was making the clicking sound.
  • A new head assembly from a donor HDD was transplanted on this recipient patient HDD to reinstate access for further data recovery operations.

2. Disk cloning to provision a functional clone for secure data recovery

  • Upon getting access of the patient HDD, the data saviors created 2 clones of the HDD by using a proprietary cloning software.
  • After successfully cloning the drive —completed in 7 days’ time—the next challenge was to decrypt the clone and recover the original encrypted data.
  • However, the data saviors found that the drive already contained over 100 GB of non-encrypted data, meaning the user had actually formatted the drive. The customer confirmed that the drive had indeed been formatted twice before it physically crashed.

3. HDD decryption to recover the original encrypted data

  • The data saviors tried to locate the encryption details in the left out area below 100 GB of the overwritten space, but couldn’t find these details.
  • The data saviors requisitioned WinMagic SecureDoc decryption key from the customer.
  • The data saviors then began forced decryption of the cloned drive, as automated decryption was not possible due to overwriting of critical decryption information while copying the data after formatting
  • The decrypted HDD now allowed unrestrained access to the storage space below the overwritten data area, and thereby opening up the possibility of recovering data from this space that was not overwritten.  

4. Deep scanning for data recovery

  • The data saviors used stellar data recovery software with deep scanning function to recover data from below the overwritten area on this decrypted clone.
  • The deep scan capability was vital to maximize data recovery from the overwritten HDD. It enabled file signature-based search to locate fragments of the lost data and stitch them together as a whole, integral unit.
  • The team  successfully recovered  the lost data  from this nearly impossible case of an encrypted hard drive that was repeatedly formatted, overwritten and ultimately suffered a physical crash.


Result

Stellar® data saviors successfully recovered the data from the encrypted HDD, which was lost through its inordinate history of formatting and usage. This highly convoluted case would have led to irretrievable data loss unless the highly specialized data recovery techniques as outlined above were devised and implemented by the data saviors.

Another notable outcome of the case was that the data was recovered with 100% integrity, as confirmed by the customer. Further, this entire data recovery project was completed and delivered within the committed timeline.

Note: Repeat formatting and continual usage of storage media after a data loss incidence overwrites the lost data. Such overwritten data is permanently lost and cannot be recovered with the help of any kind of data recovery service or product. We recommend to immediately stop using the storage media -from which data has been lost- to get the best possible data recovery results.


Read More Case Studies

Stellar Client

Corporate User

Recovered 512GB from a Physically Damaged MacBook Pro with APFS Encryption

Stellar Client

Individual User

Data Recovery from a TRIM-Enabled LITE-ON 120GB SSD

Stellar Client

Leading Mining & Natural Resource Company

RAID 5 Recovery - 25 TB Data Recovered for a Prominent Mining & Natural Resource Company

Stellar Client

Leading Matrimonial Services

Dell EMC Server Recovery - For leading Matrimonial Service Company