A Northern California man being pursued by police smashes his own smartphone and throws it into the ocean. The evidence is gone, right? But wait: The police retrieve the phone. Where it goes next, and what happens to it there, is like the geekiest possible CSI episode you've ever seen--and a window into the everyday tedium and triumph at the biggest name in data recovery.
Behind this mild-mannered facade
In a plain beige building in a Novato, California, office park hides a government-grade clean room, multiple layers of security, and a signed photograph from George Lucas. It overlooks a small pond alongside a quiet stretch of road, and most people drive right past without a second glance.
That's how the folks who work there prefer it. A typical day at DriveSavers Data Recovery can involve resurrecting busted hard drives from Skywalker Ranch or salvaging data from smartphones that went through the wash, but sometimes a special order comes in to recover data from a device that might be used in a criminal investigation. It's part of a process known as data forensics, and it requires many of the same skills that data recovery engineers employ to salvage pictures of your cats from a broken camera.
How engineers become forensic analysts
DriveSavers' forensic analysis work isn't widely publicized. You're more likely to know the company as a service that can salvage your family photos when you accidentally wipe the wrong hard drive or drop your laptop down a storm drain.
And that's what the folks at DriveSavers want you to think. Data recovery is a profitable business, after all, and the company was established in 1985 to help external hard drive owners safely recover data from storage mishaps. But that business gradually expanded to include banks, hospitals, and government offices, to the point that DriveSavers now recovers a wide variety of sensitive-- and often encrypted--information. Usually it's hospital patient records or corporate finance reports, but sometimes it's a hacker's hard drive.
To that end, DriveSavers engineers run through training programs for Symantec's PGP and GuardianEdge, Sophos' Ultimaco, and other encryption systems to understand how data encryption works. They take that training a step further by messing around with encrypted drives to identify exactly which sectors of the drive hold encrypted info. DriveSavers engineers encrypt a test drive with a given encryption protocol--say, PGP--and take a look at the drive before and after to see exactly which sectors are storing the data.
Even with this level of training, no secret keys or back doors actually allow data recovery engineers to split an encrypted drive open like an overripe melon. The best they can do is verify whether or not an encrypted drive is damaged enough to render the data unrecoverable; if it's not, the engineers simply recover the encrypted data using special techniques (more on those later) and deliver that encrypted data to the customer on a new drive--or hand it off to law enforcement and let them try to crack the encryption.
Sign up for CIO Asia eNewsletters.