I’ve spilt water, tea, coffee, beer on my laptop, can I retrieve its data?

Accidentally spilling water, coffee, tea, beer or any other liquid on your laptop is not a nice feeling. But don’t fret your data might still be recoverable.

The liquid itself doesn’t do the damage...

Here is an interesting fact: it isn’t the liquid itself that damages the
electronics, it is the salts and minerals in the liquid (known as dissolved
electrolytes) that damage the circuit. These “impurities” in the liquid –
especially those minerals, which are very good conductors – can create
deposits on the disk’s PCB and cause a short-circuit. This can result in
an unpredictable mode of operation when the device is powered up. For example, if you spill deionized water (which has been treated to remove all ions) directly in the printed circuit board (PCB) of an electronic device, no ionic reaction will occur and you can just dry the device. In fact, during the production process of the components, many manufacturers themselves use deionised water to remove flux and other residues that have been left during the soldering process.

How can liquid damage a disk’s PCB?

Water (or liquids in general) can damage PCB components in three

Corrosion is the natural degradation of metals caused by a
chemical reaction with the environment. For example, the
interaction of water and oxygen with the metals in the PCB creates
iron oxide (in other words, rust). This reaction typically occurs after
a prolonged interaction period. These mineral deposits on the PCB
can corrode metal (pins and tracks), increasing the probability of a
short circuit. This explains why a user can spill liquid on a laptop
with no immediate effect, only for the system’s motherboard or disk
to fail two months later.

IC package: the majority of integrated circuits (ICs) used on a
solid-state disk PCB have a humidity tolerance. Most of them are
sealed to some extent, but if water infiltrates them, this can cause
an internal short circuit. Moreover, the extraction of this moisture
from an IC can be extremely difficult.

Shorting of components, vias and tracks: impurities in the water
can make it conductive, and once it starts to interact with the disk’s
PCB, current flows can become very erratic. For example, the
current might take the shortest path through the water back to the
power source. This can result in a damaged PSU (power supply
unit) and damaged components due to over-voltage.

Some components are more susceptible to liquid damage than others,
including devices that use micro-electro-mechanical systems (MEMS).
MEMS are the integration of mechanical elements, sensors, actuators
and electronics in a common circuit with micro-fabrication technology as
accelerometers, optical devices, and piezoelectrics. These are typically
found on electro-mechanical hard disks (HDDs).

What to do if you’ve spilt water, tea, coffee, beer etc. on your laptop?

Successful repair of a water or liquid damaged SSD drive depends
on several factors, including the amount of time the liquid stays in
contact with the PCB, whether the device was powered on at the time of
the spill and the remedial actions the user took after the incident

Saving your SSD from water damage – what to do if you have spilt
water, beer, coffee, tea or any other liquid on your laptop

1) Don’t panic, keep calm, be safe: prioritise your safety.
Acting in a calm and collected manner reduces the chance of
incurring collateral damage.

2) In certain cases of accidental liquid spillage, try not to
move your laptop.
This can result in the liquid getting agitated
and penetrating deeper into the circuitry of your system.

3) Turn off the device and remove its power source. This can be
done by either disconnecting from its power source or
removing all the batteries, including the CMOS battery. This is
important because voltage flowing through the device will
greatly accelerate the level of corrosion damage incurred by a
liquid spill.

4) Try to mop up excess water around the keyboard and
laptop base.
Take some paper towels or a clean rag and try
to dry up as much of the spill as you can.

5) If your SSD bay (PCIe or S-ATA) is easily accessible and
you have the tools to open your laptop, try to dry up the
excess liquid from around the SSD with a non-static cloth.
Then remove the SSD from the computer.

6) Clean the SSD with isopropyl alcohol or deionised water
with a soft brush. Make sure that all residues are removed
from the PCB components, such as resistors and diodes, and the vias and tracks. If you have access to a spread-spectrum
ultra-sonic bath, use it.

7) Always leave plenty of time to allow your SSD to dry out
properly. Avoid the temptation to switch it on to “see if it
works”. A hot-air gun at set 100C can accelerate the drying
process. Failing that, place the disk in sachets of silica gel

8) If the device, such as a laptop or hard disk, does successfully
turn on, backup the data as soon as possible. Electronics
which have been in contact with liquids cannot always be
relied upon.

For advanced users only: some completely counterintuitive
advice on liquid damaged SSDs.

The following advice may seem counterintuitive, but in certain
cases, it is safer to not completely dry your liquid damaged SSD! Yes,
keep the SSD moist until you send it to a recovery specialist. As
previously stated, the water/liquid itself will not damage the device, it is
the mineral content of the liquid that causes the damage. So, if you do
not dry the SSD properly, the minerals residue can dry and corrode the
PCB tracks, vias and components (capacitors, diodes etc.). This
explains why black box flight recorders recovered from a downed aircraft are kept bathed in a container of water by the salvage team. We are not suggesting that you keep your water-damaged disk submerged in a container of water but there are a number of steps you can take to prevent mineral damage.

Cover the SSD with a damp paper towel, cloth or tissue and
put it inside an airtight plastic container or bag
. Preserving the
SSD in this manner will keep the device moist, minimise damage
and maximise your chances of a successful data recovery

Clean the SSD’s PCB with isopropyl alcohol or deionised
water to remove any excess minerals, especially if the liquid that’s
come into contact with the SSD has a large number of salts.

Drive Rescue Data Recovery Dublin offer a full data recovery service for liquid damaged hard disks and laptops. We recover data from systems such as MacBook Air, MacBook Pro, HP laptops (EliteBook), Dell (Latitude, Inspiron) and Lenovo (Thinkpad, YogaBook and Ideapad) and Asus (Zenbook and VivoBook) Call us on 1890 571 571. Click here for more on water damaged data recovery.

The Fatal Flaw of Time Machine and Data Recovery from a Seagate Expansion Portable Drive

Let’s face it. Time Machine is great. Plug in an external hard disk. Click on a button, and when the process is done, you have a complete backup of your iMac or MacBook. (In fact, in some cases, this process will be totally automatic – without any user intervention). You’ll be hard pressed to find a backup solution that is so seamless. So, what could possibly go wrong?

Well, last week we came across an interesting case. A user decided to perform a fresh installation of MacOS on his iMac. The operating system on it was running rather slowly. So, using Time Machine (software) in conjunction with an external hard drive, he performed a complete backup of his system. He then proceeded to wipe his internal disk, safe in the knowledge that he had a complete, up-to-date backup stored on his external drive (a Seagate Expansion Portable 2TB).  

On the wiped internal disk, he re-installed MacOS Catalina. In less than 90 minutes, he had a nice and fresh operating system (Catalina 10.15.7) up and running. All he had to do now was to import his old applications and data which were safely backed up (or so he thought). He connected his Seagate Expansion Portable disk via USB and opened Migration Assistant. To his horror, though, no disk was detected. He checked the USB and power connections. They appeared to be okay. He disconnected and reconnected the disk, but no disk showed up.

When a Time Machine backup disk won’t restore…

He phoned Apple technical support. They advised him to start his iMac in Recovery Mode. From there, the option to restore from Time Machine was also presented. In Recovery Mode, he selected this option and his disk was finally recognised. But the about three quarters of an hour into the data migration process, he was greeted with an error message indicating that the migration process “could not complete”.

On his second call to Apple technical support, they suggested to him that he contact a data recovery service!

The fatal flaw with Time Machine

While Time Machine processes such as Fsevents and Spotlight are very clever in backing up files incrementally, TM does not appear to check the condition of the target disk. Coupled to this, MacOS’s Data Migration process is uber-fussy about disk condition. Any hint of a disk problem and the migration process can come to a shuddering halt. So, while MacOS will allow you to back up to a disk which is going bad, it won’t let you restore from one.

Recovery from Time Machine disk

For our customer, we made the process as stress-free and economically as possible. His Seagate Expansion disk had over 47,000 bad sectors and some translator (firmware) issues which were making some disk sectors invisible. While some of his application, files were damaged, we managed to retrieve most of his data files intact.

Solution to the Time Machine Problem

Apple badly needs to incorporate some kind of disk health-check utility into Time Machine. This could save a lot of users the stress and hassle of data loss situations.

In terms of what the user can do to prevent this sort of event, don’t just rely on one backup disk. Use two. Moreover, you can mitigate the risk again by using third-party backup software on your Mac such as Carbon Copy Cloner or Super Duper.

Having problems restoring a Time Machine backup? Drive Rescue offer a complete external hard disk data recovery service for external Seagate Expansion Portable disks. Phone us on 1890 571 571

Data recovery from Seagate Barracuda 1000 GB Hard Drive

This morning we successfully recovered from this Seagate Barracuda 3.5″ ST1000DM003 hard disk for a business client.

This disk is from Seagate’s dreaded “DM” family, which is notorious for developing problems with its media cache, problems with flaking platters and issues with weak heads. This disk had an issue with all three.

Software to recover a inaccessible Seagate disk?

The client’s IT support did try to run data recovery software on this Seagate disk. However, while the disk was recognised. The data recovery software kept on freezing during operation.

Why data recovery software is useless at recovering from ST1000DM001,ST1000DM003, ST2000DM002, ST2000DM0006 ST3000DM007 series disks.

Unfortunately, data recovery software is designed to run on healthy electro-mechanical disks. It is not designed to run on disks with firmware problems or disk-head problems. Nor, it is designed to work on disks which have flaking platters!

We backed up the ROM, P-list, non-resident G-list, translator and firmware overlays. We then resolved the media cache issue which finally took the disk out of its continual “BSY” or “busy” mode. We then modified the head-map and imaged the disk at very slow speed.

All of the client’s Word, Excel, PowerPoint along with their Herbst ERP data files were successfully recovered.  The recovered files were delivered on a new USB external disk to the delighted customer.

Drive Rescue are based in Dublin, Ireland – we offer a complete data recovery service for Seagate failed hard disks

Data recovery from an inaccessible PNY CS900 SSD.

The two main areas of an SSD are the User Area and the System Area. The former stores the actual data while the System Area contains firmware code essential for the operation of the disk. The System Area is one of the busiest areas of the disk because some of firmware code is stored here. (Additional firmware code is stored on the controller chip itself) Every time the disk is intialised, the SA needs to be read. Everytime a Bad Block Management operation is executed, the SA is read. Even when the disk is shutting down, the SA is accessed or written to again as error logs are updated.

The Achilles Heal of SSDs

It’s no surprise then that this area of the disk  wears out the quickest. Moreover, the SA area is not protected by ECC (error correction management) which means small bit errors which develop in this area are not corrected.

As a result, when the oxide-layer of the NAND cells in the SA degrades due to constant wear-and-tear, the intructional code needed for disk operation can no longer be read. This can result in an SSD which is no longer recognisable by your computer.

“Fatal Device Hardware Error”

Last week, we were helping a medical device company in Sligo with this problem. Their PNY CS900 SSD (taken from a HP EliteDesk PC) was no longer recognised. When connected to a Windows PC via a USB dock, they received the message “The request failed due to a fatal device hardware error”. The disk was using a SMI 2258H controller and appeared to have a worn out Service Area. We put the disk into technological mode and used a 2258H loader (on our recovery equipment) to access the file system. We achieved a complete recovery of all their  SLDDRW, SLDPRT and SLDASM (SolidWorks) files.  This recovery, saved their technicians hours of reconstructing some very intricate technical drawings.

Drive Rescue data recovery are based in Dublin, Ireland. We provide a complete SSD recovery service for disks which are no longer recognised in BIOS, not recognised in Disk Management or not appearing Windows or MacOS. Common models of PNY SSD we recover from include the PNY CS900 250GB, PNY CS900 480GB, PNY CS900 960GB and 1TB. We also recover from their XLR8 CS3030 PCIe SSD and the PNY Portable Elite Black USB drive.

Data recovery from Intel SSD – how Covid-19 prevention measures can lead to data loss…

Any measures taken to prevent the propagation of the SARS-CoV-2 in Ireland are laudable. However, we came across an interesting case last week where a preventative measure resulted actually resulted in a data loss situation.

How one bottle of Isopropyl Alcohol and a Frayed Laptop Cable nearly led to disaster…

Let me explain. The staff of a church parish office in the Midlands were using bottles of Isopropyl Alcohol (pure alcohol) as a disinfectant. (Alcohol of over 70% purity being a highly effective agent in deactivating the virus) However, recently one of their alcohol bottles got knocked over, spilling the liquid over a desk and onto their office floor. No big deal right? Well, this is where it gets interesting. The mains power cord connected to their Fujitsu laptop was frayed exposing some bare wiring. In accordance with Murphy’s Law, some of this high-purity alcohol, which is highly flammable, came into contact with this wire. This resulted in an immediate power surge to the laptop along with a dramatic plume of smoke emanating from its rear ventilation grill. This was shortly followed by a strong burning smell. Great – just what you want on a Monday morning! Luckily, no one was injured. The office staff quickly disconnected the power cord from the wall socket.

Parish records up in smoke?

After having composed themselves and with some trepidation, they turned the laptop back on. The system fan momentarily spun up and then spin down. The screen remained black. All the parish records stored in .MDB (Microsoft Access) were stored on the system as well as their Sage accounts file (ACCDATA file). The last backup they had was over eight months old. Updating parish records and reconstructing accounts would have incurred a significant administrative overhead on the office. It would have also been a soul-destroying task.

Their IT support guy removed the Intel 2500 Series SSD (encrypted with VeraCrypt) from the disk bay of the Fujitsu. Using an S-ATA cable he slaved it onto another PC, but alas, it was not showing in Windows Explorer nor in Disk Management. In fact, it was not even detected by the PC’s BIOS. They sent the drive to Drive Rescue to see if we could help.  

Diodes that died…

Our data recovery systems could not recognise the disk either. We removed the metal enclosure surrounding the PCB (printed circuit board). We used our electronic microscope to examine the NAND chips and board components. Nothing really stood out except for the two diodes near the S-ATA connector which looked a bit “off colour”. We zoomed in on them and their appearance looked as if they had been subject to some sort of recent over-voltage event. Using a multimeter, we tested the suspect components. Both gave a reading of “OL” (open loop) in both (current) directions. Neigbouring diodes tested fine. We micro-desoldered the two diodes off the SSD’s printed circuit board. After a lengthy identification process, we were able to identify the diode type. (Intel does datasheets for this SSD model SSD, but not to PCB component level of detail). We ordered identical replacement diodes from a specialist supplier in Germany. Upon arrival, we soldered the new diodes into position. After letting them bed in, our multi-meter tests showed them to be fully operational.

Resurrection of Data…

We connected the SSD to our recovery system again. This disk model and capacity was recognised which was promising but no logical disk volume appeared. So, we put the disk into “technological mode” which finally revealed a volume of randomised data. This is exactly what we were looking for. Unlike encryption applications such as BitLocker or Symantec Endpoint, VeraCrypt does not use encryption signatures. After resolving some disk offset issues, we imaged the volume to another SSD. We then decrypted this volume to finally get a valid NTFS partition with a very healthy looking folder structure showing. We extracted these onto an external USB drive. The parish office got all their records and accounts files successfully retrieved.

Lessons from this case:

  • Always use a power surge protector to act as an intermediary between mains power and your computing devices.
  • Similar to a lot of accidents, a series of small failures or errors in IT systems often culminate in data loss. In this case, if the frayed laptop power cord has been replaced, no power surge would have occurred. It pays to have well maintained equipment. And it pays to resolve small issues with computing devices, backup systems or storage devices quickly before they play a role in a data loss event.
  • And finally, just one up-to-date back-up would have negated the need for data recovery. Get into the habit of backing up or just use one of the many automated backup solutions on the market.   

Drive Rescue data recovery is based in Dublin, Ireland. If your Intel SSD disk is not being recognised or has just stopped working – we can help you recover data from your Intel SSD. We offer a full data recovery service for Intel SSDs such as the 520, S3500, S3510, S3610, S3700, S4500, P3520, P3700, P4500, P5450, 660p and 800p (Optane).

Data Recovery from Inaccessible Iomega External Disk

Over the years, Iomega external disks have been very popular drives in Ireland for their ease of use and wide variety of capacities. Using a 3.5” or 2.5” form factor, these disks usually come in a brushed aluminum or plastic lacquered enclosure. The 3.5” version such as (MDHDU500) comes with a 12V 2A power adaptor while the 2.5” variants (such as LPHD-UP and RPHD-TG) are USB bus powered. Given their popularity, it’s no surprise that we see a lot of them in our lab for data recovery.

Inaccessible Iomega external disks can show many symptoms including:

  • Your Iomega disk appears as “unformatted” in Windows.
  • Your Iomega external hard disk is not getting detected by your Windows, Mac or Linux computer.
  • When your Iomega disk is connected to a Mac, you receive the message “the disk you inserted was not readable by this computer”.
  • Your Iomega external disk will not turn on.
  • Your Iomega external disk shows a flashing light, but no data appears.
  • Your Iomega disk is making a clicking, buzzing or knocking sound.
  • You are presented with an error message about “the parameter is incorrect” or “cyclical redundancy check” when you connect your Iomega disk’s USB cable.
  • You can see your files and folders on your Iomega disk but cannot copy them over to another medium.

Or, a specific event may have occurred to your disk which has resulted in it failing such as:

  • Your Iomega external disk has suffered a suspected power surge
  • Your Iomega external disk got accidentally dropped.
  • You accidentally formatted your Iomaga hard disk containing priceless photos.

Recently, we had a customer whose Iomega external disk contained all their work for the last seven years but stopped working unexpectedly. Their 3.5” MDHDU500 Iomega disk failed to be recognised by any of their Windows computers. We opened the enclosure and found a Seagate Barracuda 7200.11 500GB S-ATA disk (ST3500820AS). Our recovery systems indicated that the disk appeared to be in continual “Busy” mode. This means that the disk could no longer receive ATA commands needed for  diagnostics or repair. When a disk is in this mode, it’s like trying to call a telephone number, but continually getting the engaged tone. Either the person’s phone is busy or there is a problem with their connection and/or phone.  In this case, any ATA commands we issued to the disk to initiate an exit from this very restrictive mode of operation proved fruitless. We did not suspect the disk-heads because platter and head-disk assembly rotation sounded normal. Moreover, we had come across similar problems with this family of disks before.  The problem is usually – but not always – rooted in a faulty media-cache. The media-cache in these disks buffers sequential and random writes so they write more smoothly to the disk. (It should not be confused with the media-cache used in SMR disks) However, the media-cache can sometimes go corrupt causing the disk to be unreadable.

Fixing the Iomega External Drive and Recovering its Data.

In order to get the disk to exit “Busy” mode, we had to short the read-channel of the disk. This can be performed by using an anti-ESD tweezers and applying its two tongs to two shorting points on the disk’s PCB. Once this had been completed, we patched the ROM. Patching the ROM is like adding an extension of code onto the existing module allowing our data recovery equipment recognise the drive. This procedure got us a mountable volume again. The media-cache can an be an awkward beast to handle, but having the experience of successfully resolving this problem numerous times made this procedure less daunting. We achieved a 100% data recovery rate – over 450GB of data. We were very surprised to see that the customer was still using FAT32 as their main data storage partition though. (FAT32 should not be used on USB memory sticks let alone disks containing almost half a terabyte of important data…) We extracted his recovered data onto a USB external drive. Another happy customer. Another case closed.

Drive Rescue is based in Dublin, Ireland. We offer an external hard disk data recovery service for Iomega external USB drives which are unrecognisable, which are clicking, which are appearing as “unformatted” or Iomega drives which have been dropped. Common models we recover from include the MDHDU, MDHD500-ue, MDHD320-U, GDHDU2, LDHD-UP, LPHD-UP and Iomega Go 2.5” portable disks such as the RPHD-TG, RPHD-U, RPHD-UG and RPHD-UG3.

Data Recovery from inaccessible Samsung Evo 750 SSD

Data Recovery from inaccessible Samsung Evo 750 SSD

This Samsung Evo 750 SSD (MZ-750500) taken from a 2013 Apple iMac was no longer accessible to the user. Instead, this retro-fitted disk, presented him with the dreaded “flashing folder and question mark” screen. When in Apple’s Recovery Mode, the disk also failed to appear in Disk Utility. The user, an author, stored copious amounts of PDF, Word and image files on it – all of which needed to be retrieved to meet upcoming publication deadlines.

The Samsung Evo 750 is an SSD, which was introduced by the company in 2016. It uses 16nm planar-based TLC NAND, has a 512 DRAM cache and is managed by an MGX (Samsung in-house) controller.

Our SSD data recovery equipment provided us partial access to the Evo’s firmware. The wear- level of the SSD’s blocks was high and it also became apparent that the disk was over 94% full. An almost full-capacity solid-state with high-wear levels is far from optimal. This is because when some blocks go bad, the SSD controller will allocate (good) spare blocks to replace them with. This is known as bad block management (BBM). But, here is the catch, when the controller has a sparse level of blocks to choose from and those that are available are worn out – the controller can easily lock-up. We suspect this is why the user could no longer access his data.

How could this have been prevented?

First and foremost, this problem could have been prevented if the user didn’t fill his disk up to near-full capacity. It’s generally a bad idea to use an SSD that is over 90% full, without freeing up some capacity first. SSDs need some breathing space to perform essential housekeeping operations like garbage collection and BBM.       

Secondly, the user might have been prevented the problem if they over-provisioned the disk. Over-provisioning can be achieved by creating a partition that does not use the disk’s full capacity. This “unclaimed” space will then be used by the SSD controller as a pool of “spare” blocks.

In some cases, SSD manufacturers already do this in a process known as “factory over provisioning”. But, for this disk, Samsung did not factory-over-provision it. The deployment of factory over-provisioning is usually indicated by the disk having an “uneven” capacity.  For example, a 480GB disk is normally a 500GB disk, but with 20GB reserved for over-provisioning. Likewise, you can have a 960GB SSD, which is really a 1TB disk with 40GB allocated for over-provisioning.

The paucity of free blocks was not the only factor which culminated in this disk becoming inaccessible. Consistent with many earlier generations of SSD disks, this Samsung 750 Evo SSD was only using 2D planar NAND. This suffers higher rates of cell-to-cell interference than 3D NAND commonly used in SSD’s today.

Recovering the Samsung Evo 750 with a Firmware Emulator

Even though the controller on the disk appeared to be locked. We were able to use a firmware emulator to access the partition table. The emulator mimics the disk’s MGX controller, enabling us to get access to its APFS partition. Much to his satisfaction, the author got all his files retrieved and was saved the painful process of re-doing work which he had already completed. Moreover, he would meet all of his publication deadlines.

Drive Rescue is based in Dublin, Ireland. We offer a SSD data recovery service for inaccessible SSDs such as the Samsung Evo 750 (MZ-750500, MZ750250), Samsung Evo 840, Samsung Evo 850 (MZ-75E1T0) and Samsung Evo 860 (MZ-76E500BW and MZ-76E1T0b). Contact us on 1890 571 571.

Data recovery from a dead Sony Vaio and how disk lubrication can prevent permanent data loss…

Last week, a customer from Dublin contacted us needing data retrieval from their old Sony Vaio laptop. The customer, an architect, recently removed the system from a storage cupboard in his office. Its hard disk contained drawings of a project which he had completed in 2008. Recently, he got the green light for a very similar project. If he could salvage these old drawings (stored in DWG format) along with planning permission files (Word and PDF) from the laptop, he could save himself a lot of time and expedite the planning permission and design process for his customer. Could we recover this customer’s Vaio’s hard disk?

The Vaio laptop running Windows 7 laptop was no longer starting up. The system was completely dead. We opened up the laptop and removed its Seagate Momentus 640GB disk (ST9640423AS). When attached to one of our Windows systems via S-ATA cable, it failed to mount. So, we connected it to one of our data recovery systems to peform a more detailled diagnosis. However, our tests to analyse the platter surface and disk-heads could not even run because the disk was not spinning. Though we did get a succesful identification of the disk’s firmware family and version number. In our clean-room, we opened the disk. The heads were not parked on the disk ramp, but rather precariously positioned in the middle of the platters.

This is not ideal because an adhesive bond can form between the disk-heads and the platter surface. This is known as “stiction” and used to be a big issue for electro-mechanical disks until “ramps” or “parking areas” were incorporated into disk designs. This design change resulted in the stiction problem being more or less eliminated for disks being stored in ambient temperatures. However, in this case, the disk evidently experienced a sudden shut down and the head-disk assembly (the component on which the disk-heads are mounted) never got an opportunity to “park”.

Using specialised tools, we “unstuck” the heads from the platter surface. This procedure needs to be performed extremely delicately. An exertion of force can lead to platter or disk-head damage whilst too little force can result in the disk-heads remaining stuck. Drive Rescue use a number of finely tuned processes and tools to perform this task in the safest possible way.  

Perfluoropolyether – the hard disk super-lubricant

In this case, while the HDA was not in a “parked” position, there is another feature of hard disk design which helps mitigate against stiction events. Manufacturers apply a very thin layer of perfluoropolyether (PFPE) to the platter surface. This “super-lubricant” is a colourless synthetic oil commonly applied to HDD platters because of its durability, chemical inertness and good cohesiveness with the platter’s carbon layer. If a minor scratch does occur, the composition of PFPE exhibits just the right amount of viscosity to replenish the disk areas that have been depleted of lubricant. Its cohesiveness means that the lubricant remains in-situ, even with the constant stress of air-flow that is generated by the slider as it moves over the platters. The qualities of PFPE also mean that it can also prevent the disk-heads forming a strong metallurgical bond with the platters.  

While PFPE might sound like a lubricant that Captain Kirk might use for greasing up the old Starship Enterprise, it is not faultless. At high temperatures, the efficacy of this super lubricant reduces, increasing the risk of tribological events, i.e. the read or write elements that come into direct contact with carbon or magnetic layer on the disk. In this case, however, PFPE seems to have done its job well. (The ambient temperature of the office where the customer stored the host laptop no doubt helped). While the disk-heads and platter had collided, they were joined by only a weak bond. If the bond had been stronger – disk-head or platter damage would have been inevitable. Thus, the need for a full head-disk assembly replacement was negated. The delighted customer was reunited with all his historic work, which was presented to him on an external USB drive. He now had some extra free time in the summer and would not have to backtrack on work he had previously completed.

Drive Rescue, Dublin, Ireland have been recovering data since 2007. We offer a complete recovery service for non-booting, unreadable or damaged disks from Sony Vaio (E, PCG. VGN-Z and VPC-Z) series of laptops. This includes disks such as the Seagate Momentus ST500LT012, ST9640423AS, HGST Z5K-500, HGST Z5K1000 and the Toshiba MQ01ABD050

Two Hard Disks Joined at the Hip – The Case of Data Recovery from an iMac Fusion Drive

Last week, we successfully recovered data from a 2015 iMac, which was using an Apple Fusion Drive. (Samsung PM830 and Seagate ST2000DM001)

The Apple Fusion Drive was first introduced by Apple in 2012 and offers lower latency rates for frequently accessed data. The Fusion Drive concept was introduced at a time when high-capacity SSDs were prohibitively expensive. Apple, always wanting to be one step ahead of the posse, believed that this new hybrid type of storage would give users a foretaste of the future.

AFusion Drive” is not the same as a “Hybrid Drive”

Using their Apple Core Storage software, two disks, a solid-state disk and mechanical platter-based one are “fused” together to create one volume. (Many users confuse a “Fusion Drive” with a “Hybrid Drive”. But a hybrid disk (such as the ST2000LX001) is different in that it uses flash memory (NAND) and mechanical platter-based storage all in one self-contained disk. On hybrid disks the flash is used as temporary storage cache, whereas with an Apple Fusion drive, data is copied (not cached) to the SSD component. Frequently accessed files can be stored on the SSD, while those less frequently used are stored on the HDD. For example, all the system files needed for MacOS to boot up are stored on the SSD meaning the iMac will boot up much faster. Users get to enjoy the speed of flash and the high-capacity of platter-based disks – the best of both worlds.

Auto-Tiered Storage is not New

Apple Fusion drive uses a form of “auto-tiering” which adaptively migrates data between the two disks. Even in 2012, it was not an entirely novel consumer-level technology. Intel’s Smart Response Technology – part of their Intel Rapid Storage Technology suite – introduced it for consumer-level computing in early 2011. Apple Core Storage acts as an LVM (logical volume manager) and migrates data between the SSD and HDD in 128KB blocks.

Diagnosing a Failed Apple Fusion Drive

This technology is great until it goes wrong of course. In this case, our customer, a professional video editor, was using a late 2013 iMac with a Fusion Drive (Samsung PM830 120GB blade SSD fused with a Seagate ST2000DM001 2TB S-ATA HDD). The Samsung SSD passed our tests with flying colours. The Seagate 2TB disk, however failed the “read” component of our diagnostic tests almost immediately. As an aside, the ST2000DM001 and its sister disks, the ST3000DM003 and ST4000DM004, have garnered much notoriety the data recovery industry. Due to their inherently unstable firmware and often weak heads, these disks can suffer all sorts of unusual ailments. Moreover, this family of disks are also known for generating all sorts of weird noises, including those of chirping, squeaking, fluttering and even scraping.

Data Recovery from Apple Fusion Drive

The ST2000DM001 disk we extracted from the iMac was no exception. It had multiple read issues and had several firmware “media cache” issues. It also made continual chirping noises akin to a caged budgerigar whose owner had hydrated it with a little too many Nespressos. Despite this, after resolving multiple issues with the disk, we managed to make a good image of it. Now, all we needed to do now was to “re-fuse” its image with the image of the Samsung PM830 SSD. This would enable us to recover the HFS+ volume. “Re-fusing” or repairing a Fusion Drive can be extremely tricky not helped by the limited repair options offered by Apple. For example, “diskutil” commands provide very limited options for manipulating Fusion Drive (Core Storage) data. And their Disk Utility tool provides no functionality for recovering a Fusion Drive.

Fortunately, at Drive Rescue we use forensic-level hardware tools which can be configured to merge two Core Storage image and reconstruct your Apple Fusion drive. For our video editor customer, we attained a 100% recovery rate of all his Adobe Premiere Pro files.

Here are a few tips for recovering from an Apple Fusion drive:

  1. Trying to reset your Fusion Drive configuration on a disk(s) which are failing can complicate issues. Refrain from doing this.  
  2. Do not attempt to re-format any disks which are part of a Fusion Drive.
  3. Do not attempt to re-install MacOS. This will overwrite Core Storage configuration data needed for data recovery.

We can help you recover data from a split iMac Fusion Drive due to physical disk problems, disk bad sectors, firmware problems and from accidental MacOS installation scenarios. We can recover from 21” and 27” iMac models such as iMac 2012, iMac 2015, iMac 2017 and iMac 2019. Successful recovery from your Apple Fusion drive means you can be re-united with previous work-related projects and of course your photos and videos

When backing up your Synology via USB 3.0 NAS becomes painfully slow…

Yesterday, a previous client contacted us for a bit of advice. Before the lockdown, they needed data recovered from their aging Synology NAS DS411J as some of its WD Red S-ATA disks, configured using Synology Hybrid RAID, unexpectedly went into a “degraded” status. Luckily for them, we were able to recover all their important data.

Recently, they procured a new Synology DS218. In order to avoid the need for data recovery again, they followed our advice and tried to back up the NAS to an external LaCie Rugged disk. So, they connected the external disk to the USB 3.0 port of the Synology and using HyperBackup (part of DSM Explorer), proceeded to copy their files.

Returning an hour later however, the copy process from their new NAS to external disk was running at a miserable 1.2MB/s. It would take days before it would be completed!

Fixing Slow Data Transfer Speeds of Synology

This is a common problem with Synology NAS devices. Unfortunately, DSM Explorer does not play well with NTFS formatted disks. We recommended that they format the LaCie Rugged external disk to EXT4 format first. (This can be performed easily with Ubuntu or any other Linux-based OS.) After changing the formatting from NTFS to EXT4, they retried the copy process. This time round, the data transferred at nearly 90 MB/s. A much better improvement. For disk-to-disk data transfer operations, having both disks use a homogeneous file system can drastically help with file transfer speeds. It’s always the little things, isn’t it…