Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

After a hack: The process of restoring once-lost data

Brandon Butler | Aug. 23, 2012
Mat Honan, a reporter with Wired magazine, thought almost his entire digital life had been lost, but a team of recovery engineers were able to restore most of it by diving deep into his compromised laptop. Here's how they did it.

Using proprietary software, DriveSavers workers were able to remake the media files in their presentable format, such as a JPEG, video or document using the extracted hex data. Additional meta data, or data about the data, revealed to the engineers information about when the file had been created and the source of it. Using this information, DriveSavers engineers were able to chronologically organize the data. They ran a system check to ensure the integrity of each file and manually spot checked files to ensure they were whole.

Honan had specifically asked for the data, once extracted from the device, to be encrypted, which DriveSavers did, and the engineers installed it on another external hard drive. After a full day and night of DriveSavers engineers poring through the data, they got everything they could from the drive and invited Honan in to take a look.

In his own recap of the data recovery process, Honan describes the feeling of seeing the files he once thought might be lost: "DriveSavers called me to come look at what they had found, and my wife and I drove up there on Wednesday morning. My data came back to me on an external hard drive, organized by file types. The thing I cared most about, above all else, was my photo library. And there, in a folder full of JPGs, was photo after photo after photo that I had feared were gone forever. Subfolders were organized by the year, month and day files were created. I went immediately to the folder that bore the date my daughter was born. They were there. Everything was there. We were floored. I nearly cried."

Bross says Honan, ironically, was lucky for a victim of a hacking incident. The wipe was interrupted before it completed, which allowed the hex data and metadata to be used by engineers to recover the photos, videos and documents.

Other circumstances could have doomed the recovery too. OS X Lion and Mountain Lion have a feature named File Vault 2 as an optional service, which automatically encrypts any files stored on the SSD. Honan hadn't enabled the feature on his MacBook, but if he had, DriveSavers would have found the hex data and metadata, but it would have been encrypted, without access to the keys to decrypt it, and the files would have been lost.

Honan says the lessons learned from his situation are multifold. First of all, he says he's a "backup believer now," storing his data both locally and redundantly, backing it up with a third party. Second are the policies that companies like Amazon, Apple and Google use to verify customers that call into their service departments to reset passwords and login credentials.

 

Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.