by Scott Moulton @MyHardDriveDied.com Recover your P0RN from your RAID Array!

Similar documents
RAID by Sight and Sound

RAID Rebuilding. Objectives CSC 486/586. Imaging RAIDs. Imaging RAIDs. Imaging RAIDs. Multi-RAID levels??? Video Time

User s Manual. Home CR-H BAY RAID Storage Enclosure

Dr Michael Cohen. This talk does not represent my Employer. April 2005

RAID Made Easy By Jon L. Jacobi, PCWorld

RAID HARDWARE. On board SATA RAID controller. RAID drive caddy (hot swappable) SATA RAID controller card. Anne Watson 1

RAID Utility User s Guide Instructions for setting up RAID volumes on a computer with a MacPro RAID Card or Xserve RAID Card.

MANAGING DISK STORAGE

How to recover a failed Storage Spaces

RAID Technology Overview

Practical issues in DIY RAID Recovery

RAID Utility User Guide. Instructions for setting up RAID volumes on a computer with a Mac Pro RAID Card or Xserve RAID Card

Taurus - RAID. Dual-Bay Storage Enclosure for 3.5 Serial ATA Hard Drives. User Manual

Introduction. What is RAID? The Array and RAID Controller Concept. Click here to print this article. Re-Printed From SLCentral

File System & Device Drive. Overview of Mass Storage Structure. Moving head Disk Mechanism. HDD Pictures 11/13/2014. CS341: Operating System

is605 Dual-Bay Storage Enclosure for 3.5 Serial ATA Hard Drives FW400 + FW800 + USB2.0 Combo External RAID 0, 1 Subsystem User Manual

CSE-E5430 Scalable Cloud Computing P Lecture 5

RAID Basics Training Guide

Block1. Block2. Block3. Block3 Striping

4 II. Installation. 6 III. Interface specification Partition selection view Partition selection panel

Storage and File Structure

SATARAID5 Serial ATA RAID5 Management Software

PIONEER RESEARCH & DEVELOPMENT GROUP

Lecture 18: Reliable Storage

NVIDIA RAID Installation Guide

Chapter 10: Mass-Storage Systems

Deploying a File Server Lesson 2

Storing Data: Disks and Files

RAID. Contents. Definition and Use of the Different RAID Levels. The different RAID levels: Definition Cost / Efficiency Reliability Performance

Getting Started With RAID

An Introduction to RAID. Giovanni Stracquadanio

RAID OPTION ROM USER MANUAL. Version 1.6

Data recovery Data management Electronic Evidence

Guide to SATA Hard Disks Installation and RAID Configuration

technology brief RAID Levels March 1997 Introduction Characteristics of RAID Levels

NSS Volume Data Recovery

RAID installation guide for ITE8212F

Taurus Super-S3 LCM. Dual-Bay RAID Storage Enclosure for two 3.5-inch Serial ATA Hard Drives. User Manual March 31, 2014 v1.2

Chapter 12: Mass-Storage Systems

Cisco Small Business NAS Storage

DAS (Direct Attached Storage)

User Manual. For more information visit

2-Bay Raid Sub-System Smart Removable 3.5" SATA Multiple Bay Data Storage Device User's Manual

Hard Drive Diagnostics With Scott Moulton. Hard Drive Data Recovery Forensics SANS

Manual IB-3620 Series

SATA+Ultra ATA RAID CONTROLLER RC212. User Manual

COMPUTER FORENSICS. DAVORY: : DATA RECOVERY

GENERAL INFORMATION COPYRIGHT... 3 NOTICES... 3 XD5 PRECAUTIONS... 3 INTRODUCTION... 4 FEATURES... 4 SYSTEM REQUIREMENT... 4

Areas Covered. Chapter 1 Features (Overview/Note) Chapter 2 How to Use WebBIOS. Chapter 3 Installing Global Array Manager (GAM)

Welcome to new students seminar!! Security is a people problem. forensic proof.com JK Kim

QUICK RECOVERY FOR RAID

System Administration. Backups

Why disk arrays? CPUs improving faster than disks

DELL RAID PRIMER DELL PERC RAID CONTROLLERS. Joe H. Trickey III. Dell Storage RAID Product Marketing. John Seward. Dell Storage RAID Engineering

Open Source and License Source Information

SiS 180 S-ATA User s Manual. Quick User s Guide. Version 0.1

Digital File Management

SATA RAID Function (Only for chipset Sil3132 used) User s Manual

XL-RAID-SATA2-USB. User Manual. v.1.2 (January, 2010)

SiS S-ATA User s Manual. Quick User s Guide. Version 0.1

ZOTAC RAIDbox User s Manual

Overview of I/O Performance and RAID in an RDBMS Environment. By: Edward Whalen Performance Tuning Corporation

Offline Array Recovery Procedures SuperTrak SX6000 and UltraTrak

6. Storage and File Structures

Disk Array Data Organizations and RAID

Intel Rapid Storage Technology

USER S MANUAL.

File System Design and Implementation

MaxAttach NAS 4000 Series OS 2.2 Hard Disk Drive Replacement

Best Practices RAID Implementations for Snap Servers and JBOD Expansion

Filing Systems. Filing Systems

Guide to SATA Hard Disks Installation and RAID Configuration

SATA II 4 Port PCI RAID Card RC217 User Manual

White Paper A New RAID Configuration for Rimage Professional 5410N and Producer IV Systems November 2012

M5281/M5283. Serial ATA and Parallel ATA Host Controller. RAID BIOS/Driver/Utility Manual

Intel RAID Volume Recovery Procedures

ESATA PCI CARD. User s Manual

Dual/Quad 3.5 SATA to USB 3.0 & esata External Hard Drive RAID/Non-RAID Enclosure w/fan. User s Manual

SATARAID5 Serial ATA RAID5 Management Software. Users Manual

2 Bay USB 3.0 RAID 3.5in HDD Enclosure

5-Bay Raid Sub-System Smart Removable 3.5" SATA Multiple Bay Data Storage Device User's Manual

Guide to SATA Hard Disks Installation and RAID Configuration

SiS964 RAID. User s Manual. Edition. Trademarks V1.0 P/N: U49-M2-0E

Hydra Super-S Combo. 4-Bay RAID Storage Enclosure (3.5 SATA HDD) User Manual July 29, v1.3

Linux Filesystem Comparisons

DF to-2 SATA II RAID Box

AMD RAID Installation Guide

Configuring a SSD RAID-0 Array on an AMD System

FANTEC MR-35DU3-6G USER MANUAL

RAID Overview: Identifying What RAID Levels Best Meet Customer Needs. Diamond Series RAID Storage Array

Mobile memory dumps, MSAB and MPE+ Data collection Information recovery Analysis and interpretation of results

How To Limit Volume In Bacula

Sonexion GridRAID Characteristics

Common RAID Disk Data Format Specification

Firebird and RAID. Choosing the right RAID configuration for Firebird. Paul Reeves IBPhoenix. mail:

4 Bay External Hard Drive Array RAID Tower esata USB 3.0 Enclosure. StarTech ID: SAT3540U3ER

Transcription:

by Scott Moulton @MyHardDriveDied.com Recover your P0RN from your RAID Array!

WHAT IS THIS ABOUT? BRIEF Coverage ;) Unusual Arrays Intro to RAID About RAID 0 Sight Samples Sound Samples About RAID 5 Demo with Sights!

Mission Briefing (1) WHY RAID RECOVERY? RAID recovery is EXPENSIVE! Its more difficult than a single drive. Its very time consuming. Has more than one point of failure. Many people have problems with them and send me questions!

Mission Briefing (2) Assumptions for this Talk We are assuming you have already done what I previously described in videos to repair the damaged drive. We are also assuming you know nothing about how the data is stored; not the slice size or order. You have PORN, or at least pictures!

Mission Briefing (3) Goals for this Talk! DIY:* Teach you how to rebuild RAID yourself from my experiences. Do it as cheap as possible! i.e. free or under a $100! Do as much in software as quickly as possible by sight and sound using the PORN on the drive!

Mission Briefing (4) Whats it going to take? A bit of time... Lots of free disk space... You have to find the Pictures... Persistence and Experimentation... In some cases, Research Some Slides are for Reference & can be downloaded from www.myharddrivedied.com

What is a RAID Array? Redundant Array of (Inexpensive or Independent) Disks. Regardless of marketing on the box some arrays are not Redundant. Different types of arrays need different quantities of drives & you need to know how many that is! i.e. The Mystery Box

Covering Unusual Arrays JBOD s such as in LaCie or generic external enclosures. XFS/ZFS Arrays such as NAS drives from Western Digital or Buffalo. Combinations with offsets & RAID 0 such as some LaCie NAS drives, etc.

JBOD Data Recovery MyHardDriveDied.com 2009

JBOD Data Recovery MyHardDriveDied.com 2009

1 JBOD Drives (1) Means Just a Bunch of Disks and they are just linked logically together end to end. These drives usually have no fan, get very hot and contain several drives. Sometimes the cables are melted together. Sometimes they are custom and employ different variations for different drives. Generally they can be recovered individually by scanning for file headers. One drive will have a File System Table of some sort, other will be just raw files and no file system structure without the first disk.

JBOD Drives (2) Data Recovery MyHardDriveDied.com 2009 1

Host Protected Area (HPA) ATA-4 Standard Host Protected Area aka HPA, used to limit the capacity of a drive for storage of additional info usually stored Data the Recovery end of the MyHardDriveDied.com drive. Free tools like MHDD 2009 to set. 1

NAS Boxes Fixed with HPA Data Recovery MyHardDriveDied.com 2009 1

1 Windows Dynamic Disks Dynamic disks do not use partition tables, they use LDM which is at the end of the disk and needs to be done backwards. It uses one single partition occupying the entire disk minus one cylinder. When volumes are added or deleted the partition table is not updated. This will be noticed right away by some data recovery software like R-Studio.

1 Processing XFS/ZFS Arrays XFS / ZFS is very hard to recover from due to the lack of commercial software available. Some software that can help are tools like: TESTDISK (free) supports repairing XFS partitions and write it back out. UFS Explorer (ufsexplorer.com) has versions that support XFS and ZFS.

1 UFS Explorer for XFS

Let s talk about RAID ZERO! Data Recovery MyHardDriveDied.com 2009 1

1 RAID 0 Arrays Overview From Wikipedia.org

1 RAID 0: How it works RAID 0 has NO redundancy and does NOTHING to protect data! Losing one drive loses all your data. RAID 0 should be called AIDS: Array of Inexpensive Drives that Suck

2 RAID 0 with more than TWO You can have a RAID 0 array with more than two drives. There is generally no sequencing numbers for the order. If there are four drives in the array, there can be as many as 72 different combinations to test. More than two drives? No backup? Thats just CRAZY! Yes, Photographers I mean you! Your Mac is made of the same crap as a PC :O>

2 WHICH IS THE FIRST DRIVE? In most cases you can determine the first drive in the array, depending on the slice size. How? In the first sector you will find an MBR and at sector 63 you will see the active boot partition, in most cases

2 Partition Example From http://www.ranish.com/part/primer.htm

NTFS Boot Sectors From Microsoft.com Data Recovery MyHardDriveDied.com 2009 2

2 RAID 0 Put the first drive in the first slot of whatever software you are using. Put the other drives in their slots. Set your size of your slice to your guess. Usually 64 is the defaults (unless some tech messed with it) Scan for Pictures (JPG,JPEG,GIF) or MP3s. Stop, extract, view, listen, try again

2 Slice Sizes (2k to 2048k) Extract samples between the boundaries possible i.e.:»16k»32k»64k»128k»256k»512k»1024k

2 How do you know when you are wrong?? REVIEWING SAMPLES EXTRACTED

Large File Sample Data Recovery MyHardDriveDied.com 2009 2

Stick Porn under 32k Intact Data Recovery MyHardDriveDied.com 2009 2

Recognizable Sample File 140k Data Recovery MyHardDriveDied.com 2009 2

Small Files under 64k Intact Data Recovery MyHardDriveDied.com 2009 3

File over 128k Data Recovery MyHardDriveDied.com 2009 3

Files Just Over 64k Data Recovery MyHardDriveDied.com 2009 3

Files Over 2 Megs Data Recovery MyHardDriveDied.com 2009 3

Large RAW Files Data Recovery MyHardDriveDied.com 2009 3

Once you get it right you get me!

3 SOUND SAMPLE Extracted MP3 Sound File

3 SOUND SAMPLE Extracted MP3 Sound File

3 SOUND SAMPLE Extracted MP3 Sound File

How Large is your RAID 5 Array??

3 RAID 5: Controllers There are two kinds of controllers for RAID, Host Based and Discrete controllers. You are going to try to do this in software!

3 RAID 5: How it works RAID 5 Array protects the server from down time. RAID 5 does this by storing parity data on all the hard drives. Parity is a formula that calculates error correction data. By distributing parity across all drives it creates a safety net for the data when a drive fails.

RAID 5 Array Overview From Wikipedia.org Data Recovery MyHardDriveDied.com 2009 4

RAID 5: How it works Data Recovery MyHardDriveDied.com 2009 4

4 RAID5 XOR Parity is calculated by using the math function XOR with the data with the number of slices in the row to store the parity slice. For 3 drives it looks like this: SliceA xor SliceB = Parity

4 Why is it in for Recovery? There have also been times where RAID 5 arrays have failed a single drive, but no one noticed before a second one failed. If two drives fail and the array goes down, which drive do you need to repair???

4 RAID 5: How it works Usually reassembly of RAID is hard because there are at least two or more unknowns so it is hard to guess correctly: Disk Order is Unknown Slice Sizes can Vary Variations on Slice Arrangements Fragmentation and Boundaries Looking at the Pictures as Jigsaws has helped me figure out the arrangements.

4 Slice Sizes (2k to 2048k) You still have the slice boundaries:»16k»32k»64k»128k»256k»512k»1024k»2048k

(EXTRA) JPG Start and End Wikipedia Reference for JPG Data Recovery MyHardDriveDied.com 2009 4

4 (EXTRA) EXIF: Manual Carving

4 (EXTRA) EXIF: Info Thumbnail

4 (EXTRA) EXIF: Calculation Size

5 Contiguous Slice Sizes 64k 128k 256k 512k 1 Meg 2 Megs

5 Jigsaw: Do they Belong? Do Slices Belong to Same Picture?

Arrangements: Left Async Data Recovery MyHardDriveDied.com 2009 5

Arrangements: Left Sync Data Recovery MyHardDriveDied.com 2009 5

Arrangements: Right Async Data Recovery MyHardDriveDied.com 2009 5

Arrangements: Right Sync Data Recovery MyHardDriveDied.com 2009 5

5 Are they in the wrong order? Do Slices Belong to Same Picture?

Arrangements: Left Async Data Recovery MyHardDriveDied.com 2009 5

Arrangements: Left Sync Data Recovery MyHardDriveDied.com 2009 5

5 Arranged Correctly

6 Steps to rebuild RAID 5 array 1. Repair all necessary BAD drives. 2.Image the damaged drive(s) and recover as many sectors as possible. 3.Image all the good drives. 4.Use software to analyze and re-weave the images back together virtually. Test data! 5.Write the newly weaved image back to a hard drive to start the logical recovery (follow the logical recovery section for the type of format).

6 Free Code to Assemble Array #!/usr/bin/perl w # # raid5 perl utility # Copyright (C) 2005 # Mike Hardy <mike [at] mikehardy.net> # # This script understands the default linux raid5 disk layout, # and can be used to check parity in an array stripe, or to calculate # the data that should be present in a chunk with a read error. my [at] array_components. = my $chunk_size = 64 * 1024; # chunk size is 64K my $sectors_per_chunk = $chunk_size / 512; http://www.freesoftwaremagazine.com/articles/recovery_raid

6 Software to Rebuild RAID 5 Remember our goal is to cost less than $100 and be able to rebuild AIDS and RAID5. Give the most options and produce an image file. My Choices: Raid Reconstructor from Runtime.org R-Studio from r-tools technology.

6 Model in Photos: Randi Lamey RAID Live Demo Using R-Studio

The End Data Recovery MyHardDriveDied.com 2009 6

Model in Photos: Randi Lamey Bonus Pictures Data Recovery MyHardDriveDied.com 2009

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information