Why SSD’s get so hot and data recovery from an Intel SSD 660p

Heat map of an SSD – notice how the controller gets hottest!

Let’s face it, some SSD models belch out more heat than a small nuclear power station. For some SSD models, running hot is their normal mode of operation. In fact, with some S-ATA-based SSDs, their metal chassis is not only designed to protect the electronics of the disk, but to also act as a passive heat-sink. For a standard computer, a typical temperature for an SSD under load is between 30°C and 50°C (86°F and 122°F) but this can vary a little between manufacturers. It is also normal to have spikes of heat when your SSD goes from being idle to performing an intensive task, such as a large data transfer.

SSDs use NAND flash memory. This type of storage is non-volatile, which means it doesn’t require a continuous power supply to retain data. The floating-gate transistor (aka FGT, a metal-oxide semiconductor) is a popular type of NAND that is used in SSDs (such as those produced by Intel). Another semiconductor used in NAND memory is the Charge Trap Flash (CFT), but its thermal properties are similar to FGT, so for the purposes of this blog, the impact of heat on FGT-based SSDs will be discussed.

The FGT is composed basically of two types of gates, the floating gate (FG) and control gate (CG). The procedure of removing the electric charge from the FG is the Erase process (erase data), whereas the procedure of storing is the Program operation (write data). This operation requires power, and the temperature can increase significantly when the SSD is subjected to large workloads.

The “electron tunnelling” process used during Program/Erase (write/erase) cycles can damage the cell (FGT). The tunnel oxide, a layer that composes the FGT (as presented in Figure 1), wears out over time, when it is exposed to high temperatures. This wear-out results in electron leakage and bit-errors.

When an SSD is overheating, the controller can malfunction leading to all sorts of erratic disk behaviour such as:

Your SSD is not recognised by Windows.

Your computer can’t see your SSD

Your SSD appears as unformatted.

When you try to copy files off your SSD, your computer keeps on freezing.

You cannot copy files off your SSD.

Some files seem to have disappeared off your SSD for no particular reason.

The Catch22 of SDDs and Heat

Be careful here! Many internet commentators mention that read/write operations in SSDs perform better at higher temperatures. This is correct; NAND programming has always worked optimally at higher temperatures. Put simply, when your SSD is hot, the read, write and erase operations will be quicker and smoother compared to a cooler disk. Degradation of the cell oxide layers is also reduced because the heat causes less stress.

The M.2 Form Factor and Heat

User demand for lighter and thinner devices is not helping the situation. For example, the M.2 “stick of chewing gum” sized form factor has a relatively small surface area coupled with high data densities. This specification can draw power of up to 7 watts but can push temperatures up to 100C. (At least the SATA-based SSDs have a larger surface area for heat dissipation and can use their chassis, which is often metal, as a heat-sink).    

Enter Thermal Throttling to Cool Things a Bit but also Slow Them Down

Many SSD manufacturers use a function known as Thermal Throttling to prevent their devices from overheating. This monitors the temperature of the SSD via a built-in sensor. When the disk temperature reaches a pre-defined threshold, the thermal management function slows down the SSD’s performance to prevent it exceeding its maximum temperature. This results in fewer bits flipping due to heat and ultimately prevents premature failure. A simplified process of the Thermal Throttling technique is presented in Figure 2. It can be seen that the temperature of operation is above 70°C (158°F) which is “normal” for an M.2. However, to ascertain the normal operating temperature of your SSD, refer to the manufacturer’s specification sheet.

Each manufacturer will implement thermal throttling differently. For example, Samsung SSDs use Dynamic Thermal Guard (DTG). If a disk exceeds a threshold temperature, DTG will reduce the power to the NAND and MCU (controller). This disk self-preservation mechanism usually kicks in at around 75C. For a lot of their SSD models, such as the 950 Pro, 960 Pro and 970 Pro, thermal throttling can be a fairly common occurrence under sustained workloads, such as heavy video editing or when the disk is being used in a busy VM server.   





Small but beautifully formed… Copper heatsinks of just 1.5mm in thickness can be used to cool overheating M.2 NVMe SSDs and have the potential to bring disk temperature down by as much as 20C. prolonging the life of your data.



Cool your Jets… Fixing Overheating SSDs
Thermal throttling has the undesirable side-effect of slowing down your SSD. But there must be other ways to cool an overheating SSD, right? Some extraneous cooling options are available if you are dealing with an overheating M.2 NVMe SSD in a laptop. One of the most effective ways to cool an SSD of this type is to use a copper heatsink, space permitting. Pure copper has a thermal conductivity of 401 W/mk and dissipates heat well, lowering your SSD’s temperature anywhere from 5C to 20C. These heatsinks can be got in sizes of just 1.5mm in thickness and fit nicely over 2280 and 2260 form factor SSDs. For the best results, always remove the disk manufacturer’s specification sticker before adding the heatsink. (However, do keep this sticker somewhere safe for future reference).     
 
 
In terms of desktop computers, there’s a lot more leeway to implement effective cooling measures.
 
1)   Change your SSDs PCIe slot, if possible – ensure this is done away from any other heat-generating components, such as GPUs.
 
2)   Try adding a new case fan, if space permits, and strategically position its airflow towards an overheating SSD to cool it.  
 
3)   Finally, you could try using a PCIe riser card. This is a PCIe card which your SSD slots into. It uses a heatsink, fan or both to cool your SSD.


 
An overheating Intel SSD660p: cool to look at but not so cool to the touch.

Data Recovery form an Intel SSD PCIe 660p M.2 Disk

Last week, we were dealing with an Intel SSD 660p which was proving toasty even after only being connected for ten minutes. This was making sector reads very difficult. We first had to bring the core temperature of the disk down. For this, we used a custom cooling device made for failing SSDs. This uses a heat sink with a very high surface area which means it maximises the dissipation of heat. It also uses a high velocity fan which cools the disk further using convection. This enabled us to bring the disk’s temperature down from 80 to 52 degrees Celsius. Once the Intel 660’s temperature has stabilised, we were now able to connect it to our PCIe data recovery system. Normal reads were proving impossible. Therefore, we had to use a special PCIe disk reader with adjustable read timeout settings, controller power settings and disk reset functions. At a glacial speed of only 64 sectors per read, the disk took around two days to image. Even after this process, the disk’s NTFS partition table needed some repair to its MFT. However, the effort was worth it – most of the client’s files (.DOC. PDF, XLSX, PPTX were successfully recovered.

Drive Rescue Dublin, Ireland offers an advanced data recovery service for failed SSDs such as the Intel 660p,Intel 7600p, Intel H10 SSD M.2, Micron 1100, 1300, 2200, 2300, 5100, WD SN550, SN750 and SK Hynix PC601, HFM256GDJTNG, HFM512GDJTNG. Serving satisfied customers in Dublin since 2007

Data recovery from inaccessible Sandisk Cruzer USB memory stick

The SanDisk Cruzer Blade is a popular model of USB 2.0 memory stick on the Irish market. It uses a monolith NAND (usually TSOP48) TLC chip and an in-house controller designed by SanDisk. The Cruzer Blade range comes in capacities of 8GB (SDCZ50-008G),16GB (SDCZ50-016G), 32GB (sdcz50-032g) ,64GB (sdcz50-064g) and 128GB (sdcz50-128g).

However, like with any USB memory device, it is liable to corruption and events where your data is rendered inaccessible. For example, when you connect your Cruzer USB disk to your computer, you may receive an error message such as:

  • “You need to format the disk in drive E: before you can use it”.
  • “USB device not recognised”
  • The “parameter is incorrect”

Alternatively, your SanDisk Cruzer memory stick may appear to be totally dead when connected to your laptop or desktop computer.

Reasons why SanDisk Cruzer Blade USB devices fail.
There are several reasons why your memory stick may fail to be recognised in Windows or on MacOS
These include:

  • Its bootloader has failed. The bootloader is the microcode code needed for your memory stick to initialize. When this fails to load, your disk becomes unrecognisable.
  • There are two main components of a USB flash drive – the NAND chip (where your data is stored) and the controller chip. The controller chip is like the brain of your memory stick. It controls the read, write and erase processes. It also controls processes such as Error Correction Control (ECC) and wear-levelling. If your controller goes corrupt, the data on your stick may become inaccessible.
  • The NAND cells on your SanDisk Cruzer Blade may have degraded or have developed uncorrectable bit errors.
    The partition table (FAT32, NTFS, exFAT or HFS) on your Cruzer Blade USB stick may have gone corrupt.
    Your SanDisk USB device might have been subject to an over-voltage event. This can occur if a USB port such as on your computer, smart TV or NVR delivered too much voltage to your disk and caused damage to a component such as a diode or resistor.

Recovering Data from your SanDisk Cruzer USB memory stick.

Make sure your Cruzer USB memory stick is assigned a drive letter in Windows. You can check this by going into Disk Management (Control Panel > Administrative Tools > Computer Management > Disk Management)

Try using another computer. It is always possible that a glitch on your Windows or MacOS computer is preventing your Cruzer USB stick from being read.

Connect your memory stick directly to your computer. Do not use a USB hub as an interface between your computer and your USB memory stick. This is because a USB hub can sometimes create device recognition issues.

Mini SanDisk Cruzer Blade Data Recovery Case Study

We recently had a case where an employee of a Dublin-based investment company had a problem with their 8GB SanDisk USB Cruzer drive (SDCZ50C-008G). When they connected it to their Windows computer system, it would not appear in Windows Explorer. They had an extensive collection of research reports (PDF) and financial projections (Excel) stored on it which they badly needed to retrieve. The device was encrypted with McAfee Endpoint Encryption for Removable Media. They had assumed this encryption software was causing the issue. However, their IT support department examined their Cruzer USB disk and discovered that the device was not being recognised by any of their systems. They recommended Drive Rescue.  

We connected the inaccessible disk to one of our data recovery systems designed to read flash-based storage at a very low-level. We performed a test read. However, after being connected for less than five minutes, we discovered that the USB drive had already disconnected! This was not looking good. A look at our system’s log files showed that the device had disconnected (virtually) from our systems after only 3.49 minutes. We surmised that, even though the disk was being read at a very low level, our recovery system was dropping the disk because of too many read instability issues. In order to circumvent this problem, we would have to use a second tool in our armoury to maintain the connection between our recovery system and the failing Cruzer disk. This specialised USB reader is designed especially for reading data from failing USB devices. It uses an Arm processor, which acts as an intermediary between the recovery system and problem disk. When the disk, is no longer interfacing directly with the operating system, we can control read-timeouts and disk-reinitialise parameters. In this particular case, the Cruzer USB had multiple unreadable NAND cells. So, we changed the read time-out to 10000 milliseconds and then controlled the disk initialisation rate when our equipment encountered bad cells. Our data recovery systems were now able to read the data in a much more stable and predictable way.

Successful Recovery: All files recovered.

After about seven hours on our bench, the 8GB Cruzer disk finally imaged to an SSD. Connecting the SSD to a standard Windows 10 workstation system presented us with a dialogue box requesting an encryption key. A very welcome sight! The client provided us with their McAfee Encryption key. This granted us access to the drive’s data immediately. Our client could now be reunited with their data again. The prospect of having to re-do hours and hours of painstaking work was now over!


Data Recovery from Samsung T5 and T7 portable SSD drives

Samsung’s exit from the electro-mechanical hard disk market in 2011 shocked a lot of people in the data storage world. Among OEMs, professional users and prosumers, their Spinpoint line-up of disks had developed an enviable reputation for performance and reliability. And while Samsung might not have enjoyed the market share of Seagate or Western Digital – their exit showed that nothing is predictable in the land of hard drives.  

Samsung would continue to churn out disks, but only of the solid-state variety. One year preceding their exit from the mechanical disk market the Korean electronics giant launched their 830 series of SSD shortly followed by the 840 series a year later. The latter series of disks was trail blazing because it allowed Samsung to prove to the mainstream market that 3-bit MLC NAND could offer reliability, stability and high-performance in solid state disks.

The pioneering spirit of Samsung did not stop with the type of NAND they used. In 2015, they introduced their T1 credit-card sized external SSDs. They were one of the first large scale disk manufacturers to offer a miniature SSD portable storage offering. The sleek T1 (using an MGX controller) could be easily slipped in a pocket and proved that not all external disks had to be mechanical and could even be quite elegant devices.

A Samsung T5 SSD

In 2017, Samsung launched their T5 external disk (models such as MU-PA250B, MU-PA500B, MU-PA1T0B and MU-PA2T0B) in capacities of 250GB, 500GB, 1TB and 2TB. These disks used 64-layer V-NAND, a USB 3.1 type-C port and used metal casing which doubled as a heat-sink. Not only that, but unusually for an external SSD, it supported TRIM. (This was enabled by a UASP compatible bridge board). In 2020, we saw the introduction of their T7 portable disk such as MU-PC500R, Mu-PC1TOR and MU-PC2TOT. This 128-layer 3D TLC NAND disk (using a “lite” version of their Pablo controller) would be their first NVMe-based external disk and offered blistering sequential read and write speeds of over 1000 Mbps.

As innovative as the Samsung T-series external SSDs are. They are not without their issues. Their MGX and Pablo controllers can lock-up, their firmware can degrade, the bootloader can fail and their NAND cells can develop unrecoverable bit-errors. And, like with any disk, partition tables (exFAT, HFS+) can go corrupt or disappear.

Common symptoms of a failed Samsung T5 or T7 external SSD.

  • When you connect your Samsung T5 or T7 to a Windows system, you receive a message that “the parameter is incorrect”
  • You receive a message in Samsung Magician that “No Samsung portable SSD is connected”
  • Your Samsung T5 or T7 appears as “unformatted” in Windows.
  • Your Samsung T5 or T7 do not appear in Finder.
  • Your Samsung T5 or T7 do not appear in Windows Explorer.
  • The blue light of your T5 or T7 is flashing or blinking, but no data appears.
  • The light of your T5 or T7 is solid blue, but the disk is not recognised by your computer.

Why your Samsung T5 or T7 is no longer recognised by your computer…

  • The bootloader in your Samsung SSD might have gone corrupt. The bootloader is a set of instructional microcode used to load firmware when your disk initialises.  
  • Your external disk might have been subject to an over-voltage event. For example, the host computer might have experienced a power surge and your Samsung T5 or T7 got subjected to too much voltage via one of its USB ports. The voltage rating for your Samsung disk is 5V. Any voltage in excess of this can damage it.
  • That partition table of your disk might have become corrupt. ExFat is the factory default partitioning scheme of the T5 and T7. However, some users will reformat this partition type to NTFS, APFS or HFS+. These file systems can go corrupt due to firmware problems or if your disk has been filled to capacity. These events can result in your drive not being recognised by your computer.  
  • It’s possible that the Flash Translation Layer (or translator) of your T5 or T7 disk has failed. The FTL performs the crucial task of translating the logical sectors on your disk to physical addresses. It acts like the index of a book for your disk, but when it fails your data will be inaccessible.  
A Samsung T7 – James Joyce is quoted as saying “Dublin will be written in my heart”, Samsung can claim Dublin is written on their portable SSDs…

There are several possible reasons why your Samsung T5 or T7 portable disk is no longer recognised by Windows 10/11 or MacOS.

How to recover data from your Samsung T5 or T7 portable SSD.

Important note: You might see a message in Windows such as “You need to format the disk in drive E: before you can use it. Do you want to format it?”. Under no circumstances should you click on “format disk” as this can result in irreversible data loss”

Try a Different Cable

Sometimes cables or their connectors can get damaged. Try using a different USB Type-C to C, cable or a USB Type-C to A cable.

Try a Different USB Port

Try using a different USB host port on your computer. Better still, try accessing the data of your T5 or T7 using another computer. It is important to connect your disk directly to your computer. Do not connect your T5 or T7 disk using a USB hub can add another layer of abstraction and can sometimes thwart any data recovery efforts.

Make sure your T5 or T7 disk has been assigned a drive letter

If you’re a Windows user, check Disk Management (Control Panel>Computer Management>Disk Management) to verify that your disk has been assigned a drive letter. If not, assign a letter to your disk.

Mac Users – try running First aid on your T5 or T7 disk.

If your Samsung T5 or T7 SSD drive does not appear in Finder, try running First Aid on your disk. This feature can be found in the Disk Utility settings of your Mac and can sometimes repair small issues with your disk’s file system. If this does not work, you can try using a “fsck” command via Terminal.  

Advanced Samsung T5 and T7 data recovery strategies

 If you suspect your T5 or T7 disk has a locked controller, a professional data recovery firm should be able to put your disk into “technological mode” to read its data.

If your disk’s Flash Translation Layer has failed or gone corrupt, a data recovery professional will have to use a firmware emulator to read the disk’s data.

Drive Rescue, Dublin is based in Dublin, Ireland. We offer a complete data recovery service for Samsung SSDs such as the T5 and T7. We also recover from mechanical Samsung disks such as the Samsung M3, Samsung ST1000LM024 and ST2000LM003.

Garbage Collection – the silent enemy of data recovery

3 SSDs which we loaded with two data sets. The data sets were then deleted. Which disk would still have its data intact after 24hours?

Drive Rescue recently gave a guest lecture to the computer science class of a well-known Dublin third-level institution. Their lecturer wanted to give his class some real-world insights into how the world of practitioners sometimes differs to the world of academic theory. So, in the name of science and knowledge enhancement for all – we duly obliged.  

The topic we decided to talk about was garbage collection in solid-state disks (SSD). Garbage collection is a silent (disk controller) process which runs in the background of most solid-state disks and operates as a sort of clean-up mechanism for data which had been recently subject to the delete command. This makes read, write and erase operations in SSDs more efficient. However, for the forensic investigator, the security analyst, the systems administrator or indeed the data recovery technician, the garbage collection feature has the potential to complicate investigations and recovery cases.

Data Deletion from HDDs

When data is deleted from traditional electro-mechanical hard disks, the space on the volume is marked as free by the disk. But the actual data is not deleted until it’s overwritten to the same location.  

Why Garbage Collection is a problem

File deletion with SSDs works differently. Unlike HDDs, they cannot write data to a random area of the disk. SSDs must write to blank pages. Moreover, an SSD cannot erase data at page level, it must be block-level. For this reason, SSDs use TRIM and garbage collection to make sure there always pages ready available for writing.

Most academic texts discussing data deletion in SSDs invariably discuss the topic of TRIM (which is a delete command sent from the operating system). However, the less discussed and underplayed topic is garbage collection. TRIM can simply be disabled by disconnecting the disk from the host system. But with garbage collection, because the process is initiated by the disk’s controller (MCU), the disk only has to be powered up for this process to initiate. This is a massive problem because as soon as the disk is powered up, deleted data or evidence of deleted data starts getting destroyed. It means that the MD5 hash of an SSD can change within minutes, making an SSD forensically unsound.

In order for the class to understand this process a little better, Drive Rescue set up a small experiment. We got three SSDs all of which were of a similar size.

Crucial MX 500 (500GB) – SM2258H

WD Blue (500GB) – Marvell 88SS1074 (Custom WD)

Kingston A400 (480GB) – Phison S11

We put two data sets onto them of the exact same size. Then using Windows Explorer, we deleted the two data sets from each SSD. But, a little bit of background information first. All the disks were brand new. And the data sets were designed to emulate as much as possible the file contents of a standard Windows 10 computer. Data Sample 01 (11.9GB) contained Office Documents such as (.docx .pptx, .xlsx.), video files (.avi and .m4v), photos (JPEG) application and operating system files. While Data Sample 02 (30.8GB) contained .PDF, PST and application files.

So, we connected all three solid state disks to a standard Windows 10 Professional desktop system using three separate disk caddies (all Orico 2.5”). These were then connected to the USB 3.0 port of the host.  Fifteen minutes after the delete command was issued, we decided to scan each of the disks using Forensic Toolkit (Access Data). The Crucial MX 500 and WD Blue still had their data intact. The Kingston A400 SSD had lost its Data Sample 01 sample already.

It was now approaching 5pm. We would leave all disks connected to the host overnight. In a move which would have incurred the wrath of Gretta Thunberg, we disabled all power saving features of the Windows 10 host system.

At 9am the next morning, we checked the disks again. They still had their data intact. (Obviously Data Sample 01 on the Kingston was still undetectable). We checked again at 11am. The result was the same. Finally, at 12pm, we discovered that that Data Sample 02 of the Crucial MX was no longer appearing in FTK.

Discussion

It would appear that Phison S11 controller used by the Kingston A400 SSD has a very aggressive garbage collection algorithm deleting all evidence of Data Sample 01 in under 15 minutes. We were expecting that the Crucial and WD disk would lose their Data Sample 01 in line with the Kingston but this did not happen. Instead, the Crucial relinquished all evidence of Data Set 02 – some 19 hours later. And under our twenty-four test conditions, all the data of the WD Blue SSD would have been recoverable. This certainly contradicts the wisdom found on internet forums that once data is deleted from an SSD – it’s gone. Our little experiment proved otherwise. The experiment also proved that there is very little uniformity in the way SSDs from different manufacturers or SSDs using different controllers handle deleted data.

Mitigating the effects of garbage collection

Data Sample 01 on the Kingston SSD was undetectable after just 15 minutes. Had this been a real-life case, it could have posed a major problem for a forensic investigator, system administrator or data recovery technician. One participant in the class suggested that a write blocker could have been used. However, write blockers are traditionally used to block I/O requests from the operating system and not internal commands from the disk controller.

Other Possible Solutions

One possible solution would be to disconnect the NAND chip from the PCB of the SSD in order to prevent garbage collection from operating. However, this “chip off” solution is a high-risk procedure because the controller is needed to read the data. And even reading the NAND chips using an emulator, the investigator might not have the exact controller microcode for the disk model to upload. Some forensic investigators claim that activating “auto-dismount” on the host system can mitigate the effects of garbage collection. While other investigators claim using a write blocker can dampen the garbage collection process. However, none of these researchers have explained specifically how these measures interact with the disk controller to slow or stop the garbage collection process completely. There is also the option to image the SSD completely, however, with an unstable SSD, this might not be possible.

Further investigation

Further investigation of this issue will be difficult as garbage collection algorithms used by SSD / controller vendors are usually proprietary and a source of competitive advantage. The test and observe method might prove to be one of the richest sources of information on this topic. For those involved in disk forensics and recovery, it means there are going to be some interesting years ahead.

Data Recovery of Photos library from Seagate Desktop HDD 1000GB (removed from iMac).

Yesterday, we recovered photos from this ST1000DM003 hard drive. The disk had over 2500 JPEG files ensconced inside a Photos library. This APFS formatted Seagate S-ATA disk had firmware issues, but also had extensive bad sectors (over 36,000). When the disk was connected to another MacOS system via a USB 3.0 dock, it was not being recognised by Finder. The client even tried Target Disk Mode to recover the photos, but this also proved unfruitful.

Under the hood, the JPEG (Joint Photographic Experts Group) file format is a compressed format and as file structures go is actually quite complex. It comprised of multiple constituent parts such as the metadata and payload. When a disk goes bad or corrupt, it is usually the metadata which gets damaged

Connection to the disk’s serial port – enables us to access and make reparations to brain of the disk – the firmware!

Problem Solved

Firstly, connected the disk to our recovery system via its S-ATA and power connection. We then connected to disk to our recovery system using its serial port. The serial port on the ST1000DM003 is to the left of the    S-ATA data port and can be recognised as having 4 pins. Connecting the disk this way, gives us direct access to the disk’s firmware modules enabling us to repair the corrupt translator module. We then used our specialised data recovery equipment to long-read the damaged sectors of the disk.  This equipment is tuned to read data from damaged disks where a standard operating system such as MacOS, Windows or Linux would just generate multiple I/O errors.

Nothing evokes memories with such power as a photograph…

The Result

We achieved a 96% data recovery rate of the client’s MacOS Photos library which was of extreme sentimental value to them. With their memories restored – they could now treasure and enjoy them for years to come.

How to disable TRIM on an SSD using Windows Command Line or by using Apple’s Terminal

TRIM hoovers up accidentally deleted files in the same way that Pac-Mac devours the dots…

If you’re using an SSD and accidentally delete a file or folder in Windows (or in macOS), there is a substantial risk that TRIM, along with some other SSD house keeping functions, will thwart recovery efforts by deleting all data remanence. A simple way to think how TRIM works is just to think of Pac-Man – it operates inside your disk hoovering up deleted files in the same way that Pac-Mac devours the dots. Needless to say, this can be very problematic in terms of recovering data from SSDs.

So, let’s say an SSD user has accidentally deleted an important file or folder. Obviously, they should turn off their computer immediately, but before they do, they should be instructed to turn off TRIM as soon as possible. This just might help to make their deleted data more recoverable. If you are a Windows user, type “powershell” into the Windows search bar and “Powershell” should now appear on the menu. Then right-click to bring up the option “run as administrator”. At the command prompt, type “fsutil behavior set DisableDeleteNotify 1” to disable TRIM. (0 to re-enable). Mac users should go to Terminal and type in “sudo trimforce disable”. TRIM will now be disabled when you restart the computer.

Another way of disabling TRIM is to simply disconnect your SSD from your computer’s S-ATA or PCIe connection and access the disk via a USB dock or caddy. (For most disks, TRIM cannot work over USB). However, even with TRIM disabled, there are other background processes running inside your SSD which can also jeopardise the probability of a successful recovery. These will be discussed in another blog post.

Data Recovery from 1TB WD Slim Disk (WD10SPCX) which suffered an oil leak…

When most people think about hard disk components, they usually think of the disk-heads and the platters. Sometimes people will refer to latter as “the silver things that spin around and store the data”. Not very technical, but it gets the point across. Not many people however think of the less conspicuous parts inside a hard disk. Not many people know, for example, that your hard disk has a small air filter inside it to keep out contaminated air. Not many people know that most mechanical hard disks now use a sophisticated system for parking heads when they are not in use. And not many people know that most mechanical hard disks today use a sophisticated voice coil motor which can position disk-heads with nanometre precision. The modern mechanical hard disk is a derivation of different technological innovations, some of which, took decades to develop and refine.

Another of the lesser-known hard disk components is the fluid dynamic bearing (FDB). This is found in most hard disks manufactured since 2002. With the assistance of a motor, these bearings are responsible for moving the disk-heads smoothly and accurately over the disk platters. The concept of using ball bearings to assist in the operation of mechanical devices is not new. The sketchbooks of Italian engineer Vittorio Zona (1568 to 1603) depict bearings in several industrial applications such as paper mills and printing presses.  The concept of using hydrodynamic bearings was first implemented by a British railway engineer named Beauchamp Tower back in 1883.  He drilled a half inch hole to supply lubricant through a shaft and noticed how the oil would rapidly rise due to the immense fluid pressures. He also observed how the friction in the shaft was significantly reduced. Today fluid-dynamic bearings offer mechanical hard disk manufacturers the ability to make low-noise, low-vibration HDDs whilst increasing areal densities.

The traditional ball bearing, commonly used in electro-mechanical hard disks up until the early 2000s

Pre-2002, most hard disk manufacturers used traditional ball-bearings in their spindle motors. These could be extremely noisy and experienced high-levels of NRRO (non-repeatable run-out) meaning their positioning on the platters was not always precise and sometimes even erratic. Moreover, if the disk suffered shock-damage, it was very common for the ball-bearing mechanism to seize resulting in a stuck actuator arm and resultant inaccessible data.

The Fluid Dynamic Bearing – results in smoother running and quieter disks. It also allowed more accurate disk-head to platter positioning. Notice the herringbone shaft in the centre, this means the hydrodynamic pressure in the shaft is more evenly distributed (can be proven by the Reynolds equation) which results in less metal fatigue.

So, what makes fluid dynamic bearings such an improvement? Well, most FDB mechanisms do not use ball-bearings. This means less friction and less noise. Instead, they use an oil-air interface which means the spinning of the disk platters becomes a lot smoother and predictable. The dynamic tilt of the mechanism also becomes more predictable. And it’s not just the oil-air interface which enables these improvements in disk operation. The shaft of an FDB is etched with a herringbone radial pattern. This greatly enhances the stability of the bearing but also greatly helps to dissipate any shocks to the disk.

How Dropping your Disk or Laptop can cause an oil leak…

While the fluid dynamic bearing has been a boon for electro-mechanical disk technology. It’s not perfect. The oil inside the shaft can leak out. This can occur due to external atmospheric pressure, rapid temperature changes, but more commonly occurs if the disk has been dropped by the user. If, for example, your hard disk using a fluid dynamic bearing falls at over 1000G, it is probable that the air-oil interface will disintegrate, breaking the capillary seal and your disk will leak oil. And, if you’re a expecting a mini Exxon Valdez spill on your desk, this won’t happen. The amount of oil used in a bearing shaft is miniscule. In fact, with the naked eye, you probably won’t even be able to see it but you should be able to observe it weeping out with the assistance of a UV light. Once it has been drained from the bearing shaft, the platters will no longer be able to spin and your data will be rendered inaccessible.

“Hard Drive- Not Installed” Dell error message

This is exactly what happened to one of our customers last week. They accidentally dropped their Dell Latitude laptop containing a WD WD10SPCX disk. They booted up the system, but Windows 10 would not load. They ran the Dell diagnostics utility the “Hard Drive-Not Installed” error message was displayed.

How to recover data from the a WD Slim Disk such as the WD10SPCX

Our diagnostics revealed that the fluid dynamic bearing had failed. In this case, the FDB / spindle motor could not be repaired. Instead, using specialised tools, we removed the 2 platters from the problematic disk and migrated them to a chassis of an identical WD10SPCX model. This was an extremely tricky operation. After some precision inter-head alignment and torquing (using a Torx torque screwdriver) of the platter assembly, we closed up the disk. Now there was the firmware issue. If we used the same firmware as the donor disk, it is likely the disk would start clicking immediately. Modern disks are hyper-tuned. Therefore, we uploaded an exact copy of the original firmware onto our data recovery system. This finally gave us full access to the NTFS partition table where we able to recover the data.

This is just one of the problems which can affect WD Slim 2.5” disks. Other problems we’ve come with this Western Digital range of disk include:

  • Your WD Slim 2.5” disk is making a clicking, chirping or ticking noise
  • Your WD Slim 2.5” disk is not registering with your BIOS or on Windows system
  • Your WD Slim 2.5” is spinning, but is not assigned a drive letter.
  • Your WD Slim drive appears as “not formatted”
  • Your WD Slim drive appears as “not accessible” because the “parameter is incorrect”
  • When you connect your WD Slim drive to macOS, you receive the error message “The disk you inserted is not readable”
  • When connected to your Windows computer, your WD Slim disk causes your computer to freeze and display a “not responding” error message.

Drive Rescue, Dublin, Ireland offers a complete data recovery service for Western Digital hard disks including the WD Slim, WD Ultra Slim and recovery of WD My Passport Slim disks. Common models we recover from include the WD5000MPCK, WD10SPCX, WD20SPZW, WD20SPZX and WD My Passport Slim (1TB, 2TB and 4TB) . Call us on 1890 571 571. We’re here to help.

Best way to recover data from a WD Caviar Blue Hard 3.5” S-ATA Disk

The introduction of the “Caviar” range of hard disks by Western Digital in 1990 proved to be a real step change for electro-mechanical hard disks. This range of disks introduced, the then novel, concept of embedding servo (head positioning) information on the data tracks. But, even more importantly, this range of disks eschewed actuator arms powered by a stepper motor in favour of arms powered by a voice coil motor (VCM). Other disk manufacturers would soon emulate WD’s innovative lead.

Disks need servo information to correctly align the actuator arm (on which the read/write heads are mounted) to the data tracks. Up until then, most manufacturers stored most of their servo data on the disk’s ROM or NVRAM chip. However, storing it on the data tracks meant that the positioning information could be more easily modified or tuned during a production run resulting in more reliable disks less prone to non-repeatable run-out (NRRO) errors.

The Voice Coil Motor created a revolution in the hard disk industry by enabling high disk capacities almost overnight.

As already mentioned, the Caviar range introduced electro-mechanical disks which used voice coil motors instead of stepper motors to power and control the disk’s actuator arm. This motor type greatly constrained the number of tracks which the actuator arm (and hence heads) could reach. (Typically, the diameter of the motor casing determined the number of tracks which the head-disk assembly could reach). The continuous variable voltage of voice coil motors along with magnetic hysteresis-free operation resulted in more precise (disk) head-to-platter positioning capability.  This component also gave disk manufacturers the ability to almost double their drive capacities overnight.  

Every year in our Dublin-based data recovery laboratory, we recover from a substantial number of WD Caviar Blue 3.5” HDDs of varying capacities, such as 320GB (WD3200AAKX), 500GB, 750GB (WD7500AZEX), 1TB, 1.5TB (WD15EADS, WD15EARS), 2TB and 4TB(WD40EZRX). While Caviar Blue is Western Digital’s disk for standard uses such as general desktop computing. The Caviar family is also served by the WD Caviar Green line up of disks which are designed for slower speeds (5,400RPM) and quieter operation. While WD Caviar Black models are designed for performance (7,200RPM) and superior caching.

Like with any family of hard disks, there are a number of hardware, firmware and electronic failure modes which can affect Western Digital Caviar hard disks.

Corrupted firmware / damaged System Area (such as damaged translator, G-List, P-list etc.)

Seized or failed spindle motor – A hard disk has a second motor inside it to rotate the platters. Typically, this rotates at 5,200 RPM for Caviar Green, 7,200 RPM for Caviar Blue and Caviar Black.  

Printed Circuit Board Failure (e.g. failed diodes, resistors, etc.,) – This can fail due to over-voltage events. For example, a power surge or accidental liquid spillage can cause a PCB to fail.

Motor Controller Chip – A very common problem with WD Caviar disks is motor-controller failure. This occurs when the motor-controller (typically a Smooth chip) burns out. This can usually be attributed to an over-voltage event happening to the disk.

Pre-amplifier Chip failure – On the underside of a head-disk assembly there is a tiny chip (colloquially known as the “pre-amp”) which amplifies the read/write signals from the head. This component is extremely sensitive to sudden voltage changes. It can fail if the disk experiences a power surge or a liquid ingress event.  

Bad Sectors – While the level of quality of platters used in WD Caviar disks is relatively high, bad sectors can result in your disk failing to boot an operating system or your disk having inaccessible data when connected to a host.

Disk-Heads – Malfunctioning or failed disk-heads are a very common problem. Some disk-heads can malfunction due to wear-and-tear. In other instances, disk-heads on WD Blue Caviar HDDs can fail due to the disk suffering impact damage from an accidental fall. This often results in your WD disk making that dreaded clicking or knocking noise.

Platter damage – This is the often the worst and the most catastrophic type of failure. Platter damage means that even if the disk’s head-disk assembly is changed, most the of data will still be inaccessible. A lot of users ask us why this occurs. Disk-heads traverse along the platter tracks to read, write and erase data. This movement is extremely precise and even a speck of dust can knock the disk-heads off course. So, when the disk-heads meet a section of the platter which is damaged (due to a scratch or notch), they immediately get “derailed”. The means that the head-disk assembly (HDA) can no longer read the data. And even if you replace the HDA with a new one, the same fate will be suffered. In fact, it’s similar to a train trying to traverse a piece of rail track which is buckled. The train might be in perfect condition, but as soon as it reaches the buckled track, it too gets derailed. The same phenomenon happens with disk-heads reading damaged platters except on a more microscopic scale.

Western Digital (WD) Caviar Disk Problem Suggested Solution / Best Way to Recover
You receive a SMART notification in your computer’s BIOS that your Western Digital Caviar Blue disk is about to fail.Backup your data as quickly as possible.
Your disk is making a clicking, knocking, buzzing or scraping noise.Power-down your disk immediately. Re-initialisation of disk risks damaging it further.
CHKDSK (Checkdisk) keeps on trying to repair your WD Caviar Blue disk.Checkdisk is designed to fix small errors on disks.Checkdisk is not designed to fix more serious issues when a disk is failing. Refrain from using it.
Your 3.5” S-ATA Caviar disk spins, but cannot be seen or be recognised by Windows Explorer or by Finder.Try connecting your disk using a USB dock.
You’ve attempted to run the DLGDIAG (Data Lifeguard Diagnostics) test on your disk but the test cannot complete. Sometimes the WD Data Lifeguard cannot be completed by there are unreadable sectors on your disk. This if often due to bad sector or media damage. Backup your data as soon as possible.
Your Caviar disk cannot be detected in your computer’s BIOS.Possible PCB failure. Please note that just swapping the PCB with an identical one will not work. The U12 ROM containing crucial adaptive information chip needs to be transferred over also.
Your NTFS-formatted Western Digital Caviar disk appears as “unallocated” in Windows.Try running a data recovery software application. However, do not run any software on the disk if it is making strange noises as you exacerbate the problem.

Case Study: Data recovery from a WD Blue Caviar 1TB disk

Our client, a civil engineering department of a county council had a WD Caviar Blue (WD10EALX) disk which they needed to recover. Their IT support team removed the disk from a Dell workstation which was displaying the “no operating system found” error message. They slaved the disk to another system, but were unsuccessful in retrieving its data as the disk kept on freezing the host system. They had a lot of BIM files (Building Information Modeling) stored on it which were needed for one of their projects.

Our diagnosis revealed that 3 of the 4 disk-heads on the head-disk assembly (HDA) had failed. We replaced the HDA in our clean-room. We imaged the WD Caviar Blue disk and we able to access 99% of their data on the NTFS volume. The files (.DGN) were created using Bentley Microstation and were needed for a new recreational area the council were planning. The files contained survey, modelling and draft data. Recreating this data would have been extremely time-consuming, not to mention soul-destroying. All the data was delivered to them on a new 1TB external hard disk.  

Drive Rescue Data Recovery is based in Dublin, Ireland. We offer a complete disk repair and data recovery service for Western Digital (WD) disks. Common WD Caviar models we recover from include the WD2500AAKX, WD3200AAJS, WD3200AAKK, WD3200AAKS, WD3200AAKX, WD500AAKX, WD500AAKS, WD500AAKS, WD500AAKX,WD500LPLX, WD6400AAKS, WD10JPVX, WD10EALX, D10EZEX,WD1003FZE,WD20EARS and WD20EARX. Call use on 1890 571 571 or visit WD Caviar Disk Recovery Dublin Ireland

Data recovery from Freecom Tough Drive making a knocking noise

Freecom make a popular range of external hard disks which have been on the Irish market for almost 20 years.   Recently, a customer delivered to us a Freecom Tough Drive USB 2.0 which was no longer being recognised by any of their computer systems. When connected to their Windows computer, it would make a knocking noise. The disk contained thousands of .JPEG and Sony RAW images – all of which were of extreme sentimental value to our client.

There are many reasons why a Freecom external hard disk may fail to be recognised by a Windows or Apple Mac computer. These include bad sectors caused by damage to the magnetic layers of the platters (due to chips, cracks or due to the build up of debris). These can result in constant I/O errors or “disk is unformatted or disk is unallocated” error messages when the Freecom drive is connected to a host system.

Or, a Freecom drive may develop corruption in the disk’s system (or servo) area. This area contains firmware modules vital for the smooth operation of the disk (such as head-to-track positioning and velocity control information) When these instructional modules become unreadable, your disk will no longer be able to initialise.  

A lot of older model Freecom disks (such as Freecom Classic) still use the FAT32 partitioning scheme. This type of partitioning is now finally being deprecated as the de facto file system for external hard disks in favour or NTFS or exFAT. The FAT32 partition table contains information about partition size, cluster size and root directory location. This table also contains metadata pertaining to file attributes such as file names, size and file timestamps. Corruption of your Freecom’s FAT32 partition table can result in your disk becoming inaccessible.

In this particular case, our diagnosis revealed that this Freecom drive (using a Fujitsu 5,400RPM MHY2250BH-ATA disk inside) had developed two faulty disk-heads. (Heads perform the crucial function of reading and writing data to the disk’s platters). Further investigations on this disk revealed that the voice coil motor (VCM) and head disk assembly were unable to get their servo “instructions” from the system area because the damaged heads. Thus, when the disk tried to initialise, it had no instructions on where to position the head disk assembly. Therefore, the actuator arm (on which the heads are mounted), being in a state of limbo, moves frantically across the platters looking for a position whilst generating knocking noises.

We had a replacement head-disk assembly (HDA) already in stock which we replaced in our clean-room. However, even with the HDA replaced and aligning perfectly with the platters, we were still unable to fully access the volume. Our data recovery system could read the disk as far as LBA 23,242,82 and then the volume would be invisible. This will sometimes happen with Fujitsu disks because they have a very temperamental translator. Using our data recovery equipment, pre-loaded with Fujitsu FW modules we were able to regenerate the disk’s translator. We re-powered the disk and finally got access to it’s data!

Drive Rescue offer a complete data recovery service for Freecom external hard disks which are clicking, appearing as unformatted or no longer recognised by your computer. We frequently recover from models such as Freecom Tough Drive 320GB, Freecom Tough Drive 500GB, Freecom Tough Drive 1TB (56057), Freecom Tough Drive 2TB (56331), Freecom Mobile Drive Classic 2.5”, Freecom Mobile Drive MG 500GB Slim, Mobile Drive MG 1TB Slim, Freecom Hard Drive Classic,  Freecom Classic 3.0, Freecom Network Drive 1TB, Freecom Network Drive XS and Freecom 29409, 29492, 33708, 33745 and 35610. Your memories and work projects recovered with excellent success rates. Call us on 1890 571 571.

I’ve spilt water, tea, coffee, beer on my laptop, can I retrieve its data?

Accidentally spilling water, coffee, tea, beer or any other liquid on your laptop is not a nice feeling. But don’t fret your data might still be recoverable.

The liquid itself doesn’t do the damage...

Here is an interesting fact: it isn’t the liquid itself that damages the
electronics, it is the salts and minerals in the liquid (known as dissolved
electrolytes) that damage the circuit. These “impurities” in the liquid –
especially those minerals, which are very good conductors – can create
deposits on the disk’s PCB and cause a short-circuit. This can result in
an unpredictable mode of operation when the device is powered up. For example, if you spill deionized water (which has been treated to remove all ions) directly in the printed circuit board (PCB) of an electronic device, no ionic reaction will occur and you can just dry the device. In fact, during the production process of the components, many manufacturers themselves use deionised water to remove flux and other residues that have been left during the soldering process.

How can liquid damage a disk’s PCB?

Water (or liquids in general) can damage PCB components in three
ways:

Corrosion is the natural degradation of metals caused by a
chemical reaction with the environment. For example, the
interaction of water and oxygen with the metals in the PCB creates
iron oxide (in other words, rust). This reaction typically occurs after
a prolonged interaction period. These mineral deposits on the PCB
can corrode metal (pins and tracks), increasing the probability of a
short circuit. This explains why a user can spill liquid on a laptop
with no immediate effect, only for the system’s motherboard or disk
to fail two months later.

IC package: the majority of integrated circuits (ICs) used on a
solid-state disk PCB have a humidity tolerance. Most of them are
sealed to some extent, but if water infiltrates them, this can cause
an internal short circuit. Moreover, the extraction of this moisture
from an IC can be extremely difficult.

Shorting of components, vias and tracks: impurities in the water
can make it conductive, and once it starts to interact with the disk’s
PCB, current flows can become very erratic. For example, the
current might take the shortest path through the water back to the
power source. This can result in a damaged PSU (power supply
unit) and damaged components due to over-voltage.

Some components are more susceptible to liquid damage than others,
including devices that use micro-electro-mechanical systems (MEMS).
MEMS are the integration of mechanical elements, sensors, actuators
and electronics in a common circuit with micro-fabrication technology as
accelerometers, optical devices, and piezoelectrics. These are typically
found on electro-mechanical hard disks (HDDs).

What to do if you’ve spilt water, tea, coffee, beer etc. on your laptop?


Successful repair of a water or liquid damaged SSD drive depends
on several factors, including the amount of time the liquid stays in
contact with the PCB, whether the device was powered on at the time of
the spill and the remedial actions the user took after the incident
occurred.

Saving your SSD from water damage – what to do if you have spilt
water, beer, coffee, tea or any other liquid on your laptop

1) Don’t panic, keep calm, be safe: prioritise your safety.
Acting in a calm and collected manner reduces the chance of
incurring collateral damage.


2) In certain cases of accidental liquid spillage, try not to
move your laptop.
This can result in the liquid getting agitated
and penetrating deeper into the circuitry of your system.


3) Turn off the device and remove its power source. This can be
done by either disconnecting from its power source or
removing all the batteries, including the CMOS battery. This is
important because voltage flowing through the device will
greatly accelerate the level of corrosion damage incurred by a
liquid spill.

4) Try to mop up excess water around the keyboard and
laptop base.
Take some paper towels or a clean rag and try
to dry up as much of the spill as you can.

5) If your SSD bay (PCIe or S-ATA) is easily accessible and
you have the tools to open your laptop, try to dry up the
excess liquid from around the SSD with a non-static cloth.
Then remove the SSD from the computer.


6) Clean the SSD with isopropyl alcohol or deionised water
with a soft brush. Make sure that all residues are removed
from the PCB components, such as resistors and diodes, and the vias and tracks. If you have access to a spread-spectrum
ultra-sonic bath, use it.

7) Always leave plenty of time to allow your SSD to dry out
properly. Avoid the temptation to switch it on to “see if it
works”. A hot-air gun at set 100C can accelerate the drying
process. Failing that, place the disk in sachets of silica gel
desiccant.


8) If the device, such as a laptop or hard disk, does successfully
turn on, backup the data as soon as possible. Electronics
which have been in contact with liquids cannot always be
relied upon.

For advanced users only: some completely counterintuitive
advice on liquid damaged SSDs.

The following advice may seem counterintuitive, but in certain
cases, it is safer to not completely dry your liquid damaged SSD! Yes,
keep the SSD moist until you send it to a recovery specialist. As
previously stated, the water/liquid itself will not damage the device, it is
the mineral content of the liquid that causes the damage. So, if you do
not dry the SSD properly, the minerals residue can dry and corrode the
PCB tracks, vias and components (capacitors, diodes etc.). This
explains why black box flight recorders recovered from a downed aircraft are kept bathed in a container of water by the salvage team. We are not suggesting that you keep your water-damaged disk submerged in a container of water but there are a number of steps you can take to prevent mineral damage.

Cover the SSD with a damp paper towel, cloth or tissue and
put it inside an airtight plastic container or bag
. Preserving the
SSD in this manner will keep the device moist, minimise damage
and maximise your chances of a successful data recovery
operation.

Clean the SSD’s PCB with isopropyl alcohol or deionised
water to remove any excess minerals, especially if the liquid that’s
come into contact with the SSD has a large number of salts.

Drive Rescue Data Recovery Dublin offer a full data recovery service for liquid damaged hard disks and laptops. We recover data from systems such as MacBook Air, MacBook Pro, HP laptops (EliteBook), Dell (Latitude, Inspiron) and Lenovo (Thinkpad, YogaBook and Ideapad) and Asus (Zenbook and VivoBook) Call us on 1890 571 571. Click here for more on water damaged data recovery.