How do they 'recover data'?

I see and hear ads for companies that recover data from dead hard drives. How is this done? What do they have that the rest of us don’t? Are their secret/expensive programs not available to the general public? Or do they actually open the hard drive and do something to the innards with special equipment?

They could be doing both. Certainly, an intermediate step would be to process the signals from the heads in ways other than the drive and/or OS do, so that for example fragments of files that are no longer referenced in the drive’s internal system (“file allocation system” or NT’s replacement for it or whatever) are still recoverable as strings of bytes.
Opening a drive per se really ought to happen in a clean bench, and can be alot of trouble to do if you really want to avoid getting dust on the platters.

Yes, they actually open them up. No secret/expensive software in the world is going to magically make a drive spin up if it refuses to do so on it’s own. Plus even attempting to read it via traditional means would likely damage the data even further, depending on how exactly the drive failed.

On a related note: even if you delete all of your files and overwrite the space with meaningless data (several “privacy” apps can do this), it may still be possible to recover some of the data. Often times a faint magnetic ghost will remain, and it’s possible to ascertain what was there before it got stomped on. I doubt any of these $1000 recovery services go to that extreme for you, but on the other hand if you’re trying to get rid of something incriminating I’d be doing a helluva lot more than just overwriting it with random data once or twice.

Well, if you’re trying to get rid of something REALLY incriminating I would think a large rare earth magnet or a hammer might be the way to go.

This has bee discussed here multiple times, and the consensus is that if you want the information gone, you’d better go the distance. The CIA or NSA is rumored (or more) to be able to pull information off drives that have been overwritten, sometimes enough to be substantial.

One guy said that when he was in the Navy, they would break open the drive, pour acid on the platters, hit them with a hammer, and then throw them in the ocean. Let’s see a spy recover data off of that!

Oh, and one guy mentioned that there often are temp files and printer spool files that people forget have been created, so info may be on your computer that was never “saved” on your HD at all, because you thought you were only using a floppy.

The government regs for protecting secure data call for several steps including overwriting the data many times with alternating sequences of data, mechanically shredding the device to relatively small pieces and then incinerating those pieces. A magnet or a hammer alone is unlikely to deter a determined (and well financed) snoop.

Methinks the best way to destroy the data is to use a 1920’s style “Death Ray” on the disk in question.

Methinks the best way to destroy the data is to use a 1920’s style “Death Ray” on the disk in question.

You’re saying that you could get data off a platter that has a big dent in it? Really?

I dunno. I doubt much of a magnetic “ghost” would be present. If a modern HD developed too many “ghosts” I’m sure we would have had a rash of HD problems by now.

But if it’s somehow true (I don’t believe it though) then simply using a wipe program then filling the drive with porn should do it (that certainly isn’t difficult!). Although data doesn’t work like this, but 2 “layers” of info should be more than enough to obscure what was on the HD.

A strong magnet would be my second plan followed by melting the platters and grinding them down to dust.

A lot of newer drives (especially notebook drives) have glass platters (at the eensy-weensy sizes involved, glass is more stable than metal, and will attain and hold “optical” flatness better than metal) and a good stomp will pulverize your data into a pile of needle-sharp shards.

Not much chance of recovering anything from several hundred flakes of glass, especially if you don’t know which platter a shard came from or from which side.

You can get data off of THOROUGHLY mangled platters. In fact, your average home user really has no technology that would allow them to prevent data from being recovered, aside from completely destroying the data layers on the HDD platters. Melting the whole HDD into slag is the preferred method for securing the data. Magnets and burning without melting will still leave easily recoverable data. It’s practically impossible to prevent the recovery of data via software, even using multiple passes of a program that writes garbage to the disk. If you’re just out to deter a determined snoop and not someone with access to a data recovery center, then a single pass of writing 0s to the entire disk will more than suffice.

If the platter has a big dent in it, how is it read?

Move it at low speed under a head suspended over the surface. In short: Very carefully. The drive does have enough built in redundancy and error correction to be tolerant of even rather significant data damage.

BEFORE I POSTED THIS, the “Latest General Questions Topics” screen said that this thread has 14 replies (i.e., 15 posts total), the most recent of which was 3 hours ago. But when I’m inside, the most recent post is from Alereon on Nov 7 2003. What’s wrong? How can I find the most recent actual post? Maybe it was deleted?

Spammer, most likely by far. The subject would be a magnet for those types.

Thanks. I thought it was another quirk of the new board that I hadn’t learned yet.

Another interesting point. I was reading about “shingled” drives. The latest technique for high drive density is to write circular tracks so close together they sort of overlap like shingles (Because a write head will magnetize a region broader than what a read head can focus on). As a result, the technique is to create regions of over-lapping tracks, and should data need to be written to one of those tracks, then likely the rest of the shingled tracks - up to the regional gap - need to be rewritten to recreate the under-lapped tracks. Obviously, this technique is good for archival disks and data disks where the data changes rarely, but not good for storing frequently changed data. Rewriting random chunks of data can cause the computer to slow down significantly.

The technique mentioned about “ghost” tracks left over from previous writes applies a lot less in this situation. The technique relied on the blank areas between tracks, and the possibility of “wobble” in head placement. When there is no blank area, when essentially each write overwrites part of another track, there is less chance to analyze left-over data.

I had data recovery from a dead drive done once (drive from my work laptop) years ago. The company buys an identical drive to the one that crashed, (in a clean room) removes the discs from the dead drive, puts them in the new drive. This assumes no major physical damage to the discs. Read the data from the drive, burn to DVD, send to me. I think they also sent the now working drive back as sell, but no way in hell was I going to trust it.