Main menu:

Site search


January 2018
« Dec    



Data recovery from 128gb Lite-On IT mSata SSD from Dell Laptop

data recovery liteon ssd drive dublin irelandDrive Rescue is peforming data recovery from an increasingly large number of SSD drives. One driver for the popularity of SSD drives is the reducing cost of NAND memory. Another being the proliferation of light mobile devices – users now have an expectation that endpoint computing devices should be light and small. The success of NAND memory is self-evident. It has already killed off the floppy disk, 35mm photographic film and the one-inch hard drive. If you buy an ultra-portable laptop today, more likely than not it will have an SSD drive as its primary storage device. All MacBook Air laptops now have an SSD drive as standard.
SSD drives are not without their problems however. Take for example this Lite-On IT (pictured above) drive from a Dell laptop. The user of the said system discovered that it would no longer boot to the operating system. Using an mSATA adaptor, he tried reading the drive on another system but the drive was not showing up.
They delivered the drive to us – a Lite-On IT LMT-128L9M. The drive did register on our systems, but it’s ID appeared as scrambled hieroglyphics. Our diagnosis revealed that the drive had a corrupted microcode. So after some extensive searching we found an exact match microcode for this SSD which we then uploaded to our data recovery system. The drive now ID’ed but there was sill no data showing. Before we started any logical recovery, we imaged the drive to another one of the same capacity. Then using a hex editor we looked at every record in the file system for valid NTFS entries. We eventually found one promising looking NTFS partition which we rebuilt and then rebooted the drive . This time data appeared. We invited the client to login remotely to our secure systems to view his files. Word, Excel, Outook (.PST), Onenote (.ONE), .PDF and .RAF (Fuji Raw Image) were all successfully recovered for a very relieved and satisfied client.

Repair of burnt smooth motor-controller chip on Western Digital drive

fix western digital burnt smooth chip dublin ireland

We were recently sent a 1TB Western Digital (S-ATA) drive from Waterford. The user could no longer access their data and when they connected the drive to their Apple Mac they got a faint smell of burning.


The user’s findings were correct. A burning smell could be detected withing 30 seconds of power-up. We proceeded to remove the PCB and it was immediately apparent that the problem was a burnt smooth motor controller chip. We used then used a multi-meter to test other components of the PCB. Luckily, these appeared to by okay.

What function does a motor controller chip on a hard drive perform?

A smooth chip or motor controller chip controls rotational speed of the platters, but also acts as a DC to DC converter.

Why do motor controller (smooth) chips fail?
Motor controller chips tend to be subjected to the more unregulated voltages from the PSU than other chips on a hard drive’s PCB. A short-circuit of any kind can cause the transistors to heat-up and subsequently burn out.

What is the fix?
Burnt motor-controller chips are a very common occurrence which we see on Western Digital and Seagate drives. The fix usually involves replacing the motor controller chip itself or replacing the whole PCB. If you go for the latter option, you will also have to tranfer over the drive’s unique adaptives information stored on the drive’s BIOS chip or NVRAM chip (Hitachi).

What is the success rate like?
Success rates for this type of data recovery is excellent. However in a rare number of cases, if the drive’s pre-amplifier has been damaged by the short-circuit, this might need replacing also. The 1TB Western Digital drive whose PCB is in the photo above was recovered completely and the customer had all his data back in 3 days!

Recovery of Solidworks files from Dell RAID 5 Server


solidworks data recovery from dell raid 5 server dublin cork limerick

We recently helped a Dublin engineering company recover data from their Dell PowerEdge T310 RAID 5 server. Last week they reported to their IT support admin that their server would no longer boot-up. He performed diagnostics on the drive and discovered that one of the disks (a 1TB Seagate Barracuda) had failed. Thinking it was not that serious, he removed the failed disk and replaced it with a 1TB hot-spare. Under normal circumstances, the RAID controller (in this case a Dell Perc) should make a block-for-block copy to the hot spare which would then become an active drive after the RAID rebuild process. However, after he initiated the RAID rebuild process and after a 6 hour wait he was getting nowhere. The RAID array would not rebuild. Knowing the limits of his expertise and having used Drive Rescue successfully before – he called us for assistance.

We labeled all the drives and noted the disk order. We then removed the drives from the server and then imaged each drive. Working with the drive images we used our specialised tools and experience we determined the block size, parity strip size and RAID offset.

After several hours work, we now had a volume which we could extract data from. In this particular case, their most important data to the client were Solidworks files, namely assembly files  (.sldasm), drawing files (. slddrw) and image files (. sldprt). These were all extracted and checked for integrity. The client was then able to remotely login to our secure systems to view these files for themselves. Having got confirmation that all of their files were there, we proceeded to extract them to a 2TB USB portable drive which we delivered to a more-than-happy customer.

Data recovery from Dell PowerEdge R805 rack server with integrated RAID controller

raid data recovery dublin cork galway ireland  limerick  ireland


It was the afternoon before a major match when a well known Dublin stadium discovered that their Dell PowerEdge R805 server running Windows Server 2003 was no longer booting. Upon boot-up they were greeted with a “disk error occurred” error message. They tried to perform a RAID rebuild but the rebuild process would not even initialise for them. Their server was running MySQL which was tied to their retail POS software. Without this server, most of their tills for their restaurants, shops and bars would be non-operational. Without some of their receipts to customers would have to be hand-written. They needed a solution and needed one fast.

With such a limited time frame, Drive Rescue pulled out all the stops to help them. We went onsite to perform the initial diagnosis. The drives were configured in RAID 0 (known colloquially as “scary RAID” for it’s total lack of redundancy when it does fail).

dell hp fujitsu raid data recovery ireland

We removed the 2 x Dell Constellation 500GB entreprise-class S-ATA drives and brought them back to our lab. Drive 0 was in rude health. Drive 1 had over 29,000 bad blocks which had to be reallocated. Using a hex-editor, we manually rebuilt the MBR. Then we went performed the RAID rebuild process including finding parameters such as block order, block size, stripe size and RAID offset.
With the volume now rebuilt and extracted onto two new 500GB drives. We then configured it so that it would be bootable again. Understandably, with a major match looming in the stadium later that day the client would not have enough time to re-install and the operating system and all ancillary software.

Using a hex-editor, we manually rebuilt the MBR. Then we went to perform the RAID rebuild process, including finding parameters such as block order, block size, stripe size and RAID offset.

With the volume now rebuilt and extracted onto two new 500GB drives. We then configured it so that it would be bootable again. Understandably, with a major match looming in the stadium later that day the client would not have enough time to re-install and the operating system and all ancillary software.

dell poweredge server rebuild dublin ireland

After burning some midnight oil, the following morning we delivered the two disks containing the recovered volume and connected them to their server. The power button was pressed and some reassuring beeps were heard and finally the Window Server 2003 logo appeared followed shortly by the desktop screen. Sigh of relief all round! Now their retail operations would not be interrupted and they could safely scupper their plan B of writing out receipts with paper and pen!

Data recovery from LaCie Big Disk 1TB RAID 0

lacie big disk data recovery

We recently helped a management consultant from Co. Cork recover data from his failed Lacie Big Disk configured in RAID 0. He bought the drive 4 years ago for personal and business use, and it worked great for him. However, last week when he went to turn it on, it was not recognised by his iMac or MacBook Pro computer. He look it to his local computer repair shop. They removed the disks from their enclosure, and they discovered that Drive “0” was not operational. They referred him to Drive Rescue data recovery

lacie raid disk recovery ireland

We opened the case and found 2 x Samsung HD501LJ 500GB disks inside. Disk 0 was clicking when initialised whilst Disk 1 seemed to be healthy. The problem with a RAID 0 configuration is that the data is spread across two disks. Thus, having one disk operational does not mean that you still have half your data because it is spread across the two disks evenly. For example, if you have a .JPEG file, 50 percent of its constituent bits will be stored on Disk 0 and the other half on Disk 1. We examined Disk 0 further. Heads “2” and “3” had failed. This would require a head-disk assembly swap. Because Disk 1 was identical, it means we could transplant the HDA from Disk 1 to Disk 0. But first, we would have to image Disk 1.


Once the imaging for Disk 1 completed and we had verified it’s integrity, we brought the two disks into our cleanroom from their “operation”. Firstly, this involved removing the “good” HDA from Disk 1. This is an intricate procedure which requires skill, experience and a steady hand. Once this HDA was removed from Disk 1, it was now time to remove the defective HDA from Disk 0. Now both HDA’s had been successfully removed.

Now it was time to start the “transplant”. There are a number of criteria here which must be met for a successful head disk assembly swap. The transplanted HDA must be aligned perfectly with the disk platters. If wrongly aligned the “flying height” of the heads will be too low or too high. In both cases, this can result in the non-reading of some or all of the disk tracks. Another important factor to mention is to torque the restraining screws correctly. If there is not enough pressure, the platters can warp. Too little pressure and the syncing between heads and platters will be off-kilter.
With the replacement HDA from Drive 1 now successfully transplanted to Drive 0, it was not time to image it. This took approximately 3.5 hours.

The second stage of this data recovery would involve rebuilding the RAID array of the two disks so that original volume could be recreated. This involved finding the block size, the RAID offset and the block order. These parameters were found using a hex editor.

After some hours of calculations the RAID parameters were found and the original volume name now reappeared. Word, Excel, PDFs, .JPEGs, and Sage Accounts files were all extracted onto a USB external drive and dispatched to our more-than-happy client in Co. Cork.

Giving Back @ Drive Rescue

drive rescue data recovery dublin ireland giving back

Homelessness in Ireland is a problem which has been in the media spotlight recently. But homelessness has always been a problem. We realise that the causes are deep-rooted and multi-faceted but some help is better than no help.

The charity we decided to donate to this year was the Capuchin Day Centre in Dublin 7. It serves breakfast to around 250 people each day and dinner to around 450 and 520 people. The operating costs of the centre are around €2.3 million but the State only provides €450,000. The rest comes from fundraising. It was enlightening to see the quality service offered by the centre and to sit down with Brother Kevin (head of the centre) to discuss the homelessness problem. His centre does an admiral job in providing food, warmth, showers, clothing, companionship and heathcare to those less fortunate. So it was a real honour for Drive Rescue to be able to make a contribution to this very worthwhile cause.

The Drive Rescue team would like to wish everyone an enjoyable Christmas and a happy 2015.

Data recovery from an Intel 1.8” SSD drive

data recovery from SSD dublin ireland

Recently, a user from Athlone was using his HP Elitebook laptop connected to his mains power. (His battery was no longer able to hold a charge). Unfortunately, when rushing to his answer his phone, he accidently tripped over his laptop’s power lead and almost instaneously his system powered off. No worries, he thought. This happened to him before and did not pose much of a concern for him. After a sudden shutdown before, his laptop booted up successfully.
He finished his phone call and went to switch his laptop back on. But this time he got the “operating system not found” error message. He turned it off and back on again. But still, the same error message re-appeared. He brought the laptop to his local computer repair shop. They removed the Intel SSD hard drive from his system. It appeared on their system alright, but it was only detected as having a capacity of just 8Mb! They tried running some data recovery programs on the drive, but any data was proving to be elusive. They referred him to Drive Rescue data recovery.

Using our eqiupment, specialised to recover data from SSD devices, we discovered that the logical-to-phyical table of the drive had gone corrupt. The role of this table is to translate LBAs (logical block addresses) to physical addresses (chip number and page number of chip). When there is the sudden loss of power, this layer often goes corrupt.


We first put the drive into safe-mode and then used our equipment to find the corrupt L2P module. After we found the corrupt module (containing the corrupt table), we then had to upload a “good” module to match the model number (SA1M160G2HP) and firmware version (02HA). After some extensive searching of our firmware database, an exact-match module was found and uploaded onto the RAM of our recovery system. After installation, a new volume appeared, but it was now only showing 48GB. This was certainly not the size of the original volume. Something else was awry. We decided to change the recovery mode of our system from “tech-command” to “translator-table” mode. With this parameter changed, the whole 160Gb volume appeared. The downside of TT mode is that it automatically changes the read mode from UDMA to PIO which gives a data transfer speed of only 4Mbps. But slow-and-thorough is always better than fast-but-incomplete.
All of the client’s data was recovered, namely his .PST file, his .ACCDATA file (Sage) and his Microsoft Office data files onto a brand new USB external hard drive. The client has informed us that he is now going to decommission his old HP Elitebook which gave him such a nasty surprise in favour of a new MacBook. An early Christmas present to himself.

Recovering data from a Seagate 7200.11 disk with bad sectors

recover data from disk with bad sectors dublin ireland recovery service2

One of the most insidious types of disk failure on conventional hard drives is due to bad sectors. A bad sector is a sector on a hard disk that cannot be read, written or corrected by the drive’s ECC (Error Correction Code) mechanism. Typically bad sectors develop slowly over time and the average computer user often gets no indication that there is a problem with their disk.

Bad Sector Symptoms

A disk with bad sectors will sometimes show these error messages.

You need to format the disk in drive F before you can use it ” (Windows operating system)

The disk in drive E is not formatted. Do you want to format it now?” (Windows operating system)

The disk you inserted was not readable by this computer” (Mac operating system)

recover from bad sectors on apple mac disk drive

Modern drives more likely to develop bad sectors

Modern multi-terabyte drives using perpendicular recording are more likely to develop bad sectors compared to their smaller capacity brethren. This is because they use higher areal densities (more bits are squeezed into the same space), the track widths are narrower and their disk heads fly lower. These attributes make the drive’s signal-to-noise ratio decrease. As the SNR ratio decreases, the likelihood of bit-errors developing increases. However, this is somewhat compensated for by manufacturer’s use of more sophisticated ECC algorithms.

Other factors which increase the probability of bad sectors:

Age – As disks age, the probability of bit-flip and other magnetic distortions occurring increases. Hard disks are not the only magnetic storage medium to deteriorate with age. For example tape storage is notorious for age-related degeneration.

Thermal Asperities – Tiny particulates of contaminants inside the drive can cause a phenomenon known as thermal asperity. Typically, it occurs when a giant magneto-resistive drive head collides with a contaminant on the disk platter. As a result, heating will occur on the disk head and platter surface. This causes some sectors in the affected area to become unreadable.

Dirty Power – If the host system of your hard disk is delivering intermittent over and under voltages to your HDD, then the probability of bad sectors increases. Read/write heads need a stable power supply to perform read, write and erase functions properly.

Recovering data from a drive with bad sectors

In a small number of cases where the disk has relatively few bad sectors, commercially available data recovery programs can be successful in recovering your data. I emphasize a small number of cases because, as soon as these programs hit contiguous bad sectors, they will often get stuck or freeze the host computer. These programs are really only designed for disks with relatively few bad sectors. If the disk has any underlying read/write head issues, repeated retries can precipitate failure of one or all of the disk heads. Users who torture their drives by using these DIY programs on damaged drives risk permanently losing their data.

The right equipment and skills

If your data is in any way important, the best way to recover data from a disk which has extensive bad sectors is to take it to a professional data recovery company. They will have the equipment to deal with bad sectors. But, having the right equipment is not always enough. In the same way that a kitchen fitted out the with latest cookers, mixers and knives does not make a Michelin starred chef – the data recovery technician must have experience, skill and insight. Some bad sectors recoveries are straightforward procedures. Other cases will be more complex.

Data recovery from a Seagate Barracuda 7200.11

Take for example a client we were helping last week. A vetinary surgeon in Waterford was using a HP desktop PC with a Seagate Barracuda S-ATA 7200.11 as a server for his x-ray machine. Recently, the drive became inaccessible and his local IT support company were unable to retrieve his files. They were of vital importance to him. Without them, he would have to schedule appointments with dozens of his customers again in order to x-ray the animals for a second time. This would have imposed a huge time burden on his staff and would have been damaging to his reputation.

Our preliminary scans revealed that his disk had extensive bad sectors. To complicate matters, most of these bad sectors were in the inner tracks. This can be the worst place for a drive to develop bad sectors as the Master File Table file is usually stored here. This file is important because it acts as an index for the whole drive.

The data recovery from this drive involved a number of steps. Using our equipment, we disabled SMART on the drive. (In this case SMART only gave the user a warning after the drive failed to boot up). During the recovery process, SMART will actually hinder the recover process. Next, we put the drive into PIO mode instead of UDMA mode. Recovery from disks with bad sectors is made easier in this mode as it enables much better quality reads. Then we set the read time-out and read block size. Optimal read time-out will vary depending on the extent of the damage. Sometimes a time-out of 1200 millie-seconds is needed for reading from badly damaged sectors. In this particular case, our setting of 550 millieseconds proved optimal. We set the read block size to 60 sectors. The means our equipment would read 60 sectors at a time. This setting proved most suitable. Two hours into the process, the MFT file was successfully copied. The rest of the data took nearly 16 hours to copy.

xray dicom

Our process was successful. All of the x-ray files in .dicom format were recovered. We are able to use the excellent MicroDicom reader (created by Simeon Antonov Stoykov) to verify the integrity of the images. Our client was able to securely login to our systems to view his recovered files. A lot of labradors, poodles and cats had been saved a second trip to have their innards photographed!

Protection against bad sectors

For standalone disks, there are some inbuilt protections against bad sectors: Error Correction Code and SMART. ECC is designed to detect errors and try to remedy them. These are merely safeguards and nothing else. Hard disk manufacturers are sometimes a bit reluctant to over-burden their disks with ECC mechanisms for fear it creates too much of an operational overhead on the disk’s performance. Then there is the problem with SMART. Theoretically, this mechanism is designed to detect bad sectors and then report them to the user. But because a SMART alert entitles the user to an RMA (Return merchandise authorisation), manufacturers have set the SMART threshold extremely high. Often, the user only gets notified by a SMART alert when the drive is at an advanced stage of failure or has already failed.

Myths about bad sectors

A pervasive myth among general computer users is that only disks in Windows systems develop bad sectors. The reality is bad sectors are operating system agnostic. Whether a disk is running the latest version of Mac OS X, Linux or the latest version of Windows; it is still possible for the disk to develop bad sectors.

Hard Disk Sentinel to the rescue

There is an wealth of “disk health” programs available that promise to monitor the health of your disks. Some of these are adequate, others just do what SMART monitor does already. However, one disk health application which stands out for its accuracy is Hard Disk Sentinel. It provides some predictive indication if bad sectors are developing on your disk.

In the context of RAID arrays, bad sector management becomes much more sophisticated and would merit another another blog post to detail its intricacies.

Last word

Ulimately, the best prevention against bad sectors is backing up your data on a regular basis. Our vet client now uses an external hard drive to backup his x-rays. We recommended to him that he use a quality online backup service as an extra layer of protection.

IP Expo Europe – October 2014 – Latest hard drives and other storage devices…

Some of the Drive Rescue team were at IP Expo in London earlier in the month investigating some of the newer drive technologies. (Drives which we might be recovering from in a couple of months time…) Below are some snippets from the exhibition.

wd sentinel nas recovery

Western Digital Sentinel DX4200 4-bay NAS device which runs Windows Storage Server 2012 R2 Workgroup OS. Powered by an Intel Atom dual core processor. 4 X 3.5 storage bays and 1 x 2.5 bay for a boot drive. It uses the relatively new Windows Storage Spaces (software RAID) to create a storage pool and uses 4GB ECC memory which is upgradeable to 16GB. WD’s proprietary StorCentral dashboard is used which looks very slick. The layout of the GUI is extremely well executed, making most important functions intuitive to use. WD claims their Smartware Pro is “a single solution for backup and storage”. Their generous supply 4 x USB 3.0 ports adds a lot of credence to this claim. The only bugbear I have about this device is that the RAID “Software Spaces” is still in its infancy as a RAID software. Some users might be a bit apprehensive of using such a new RAID application to manage their important data.

WD30ERFX WD NAS red 3.5

A 3 TB NASware drive from Western Digital. Commonly known as WD Red drives, they are proving very popular for their good compatibility with NAS devices and good reliability. (WD smiley mascot not included…)
toshiba THNSNJXXX  240gb ssd

A Toshiba 240GB enterprise-class SSD. When idle, it has a meagre power consumption of 1 Watt. If this was mechanical HDD of the same capacity it would probably consume around 5-6 Watts when idle. It is little wonder SSD’s are proving so popular in data centres where operational cost is a key determinant of hard drive choice.

DSC00879 (Medium) (2)

Many users wonder where and how their data is actually stored when they put it in the “Cloud”. Here is a 2TB S-ATA drive which Toshiba market as an Enterprise “Cloud” HDD. You will see the spec sheet that it claims to be able to handle 180TB a year with a Read Error Rate of only 1 per 1014. So if you ever wanted to know what kind of hard drive is used to store your data “in the Cloud” look no further…

toshiba AL13SXB300N SAS 2.5

A 2.5” enterprise-class 15000rpm SAS drive. The 2.5” form factor is now becoming the de facto standard for enterprise-class drives. A key driver of this trend is their lower power consumption compared to their 3.5” brethern.

encrypted hard drive datashure  (Medium)

While this device might look like a new type of door entry system – it is actually a portable encrypted hard drive from iStorage. It uses military grade XTS-AES 256 hardware encryption. No drivers required. It is the armored Humvee of the hard drive world. It even has a brute force “hack defense mechanism” and a “self destruct” feature. Available in capacities of between 250 GB and 2 TB. As all of the encryption is on-board the device – it might prove a very useful conduit for super-confidential information without hassle of setting up encryption software on different systems.

lacie thunderbolt drive recover

LaCie has now been taken over by Seagate. However, the LaCie brand will be retained and Seagate intends to push their LaCie Thunderbolt range of drives for Mac users and the creative professional market. This new range of drives come with Thunderbolt 2 ports as standard. While Thunderbolt 1 had bi-directional transfer speeds of 10 Gbps, Thunderbolt 2 has a whopping speed of 20 Gbps. (This is four times faster than USB 3.0). These mammoth throughput speeds might seem a bit superfluous for the average user, but are really in demand by those working with large file formats such as the ultra high-definition 4K video format.

lacie little big disk thunderbolt retrieve data

This is the baby of the LaCie Thunderbolt 2 family affectionately named “Little Big Disk”. A data transfer rate of 1375 MB/s and daisy-chaining capability. But, perhaps the biggest surprise about this little storage device is that inside its sleek black casing, it uses a PCIe SSD. Combined with a Thunderbolt port, this type of drive is perhaps the future of portable storage devices. The best things in life really do come in small packages.

How to mount and retrieve data from an Apple Filevault encrypted disk

In our last post, we discussed about Bitlocker encryption, which is native to some Windows operating systems. However, if you’re an Apple owner and have encryption enabled on your system – you’re probably using Filevault version 1 or 2. (There are other Mac encryption applications out there like Sophos SafeGuard, but these tend to have a very small user base)

Filevault was first introduced by Apple in their Panther operating system. This legacy version of Filevault used AES with cipher-block chaining. But, only after only a couple of months on the market – the rumor mill in IT security circles started spinning suggesting that Filevault’s 1 AES-CBC encryption could easily be hacked. Moreover, Filevault 1 was causing Apple users major filesharing headaches and misfiring Time Machine backups.

With the introduction of their Lion operating system (10.7), Apple decided to call time on Filevault 1 and launched Filevault 2. With this version, instead of AES-CBC – they decided to use AES-XTC with an elephant diffuser. This offers users a much more secure encryption system. Apple also ironed out the filesharing and Time Machine glitches.

Even though Filevault 2 offers a much needed improvement. Sometimes, due to a corrupt operating system or corruption in Filevault itself – the disk will have to be slaved and manually mounted via a third party system. This can be performed by a couple of simple Terminal commands using a Mac system.

Last week, we dealt with a very simple recovery. The user, a small charity organisation, had an Filevault encrypted disk. Their operating system crashed. Their IT admin had removed the disk and slaved it to his Mac, the volume was proving invisible to his operating system (Mavericks).

The fix for this problem is simple. While the OS will not be able to see the disk, it usually has to be manually mounted using Terminal commands.

We first used the “disktuil list” command in Terminal. This should list all disks attached to your host system.

mac terminal window 1
In this case, the partition which stored the data was “disk1”. You can use the “diskutil mount disk disk1” to mount the disk. But, occasionally, this will not work and you need to try the “diskutil mountDisk” command (mountdisk being one word this time). This worked. We now got the message “mounted successfully”. The volume now appeared under disk management. When you click on the volume, a Filevault dialog box appears and requests for your passphrase and you should be able to gain access to your data again.

mac terminal window 2

As this quick job was for a small charity, run by a hardworking and passionate organiser – we decided the cost of this job would be gratis.