Data recovery from Intel SSD – how Covid-19 prevention measures can lead to data loss…

Any measures taken to prevent the propagation of the SARS-CoV-2 in Ireland are laudable. However, we came across an interesting case last week where a preventative measure resulted actually resulted in a data loss situation.

How one bottle of Isopropyl Alcohol and a Frayed Laptop Cable nearly led to disaster…

Let me explain. The staff of a church parish office in the Midlands were using bottles of Isopropyl Alcohol (pure alcohol) as a disinfectant. (Alcohol of over 70% purity being a highly effective agent in deactivating the virus) However, recently one of their alcohol bottles got knocked over, spilling the liquid over a desk and onto their office floor. No big deal right? Well, this is where it gets interesting. The mains power cord connected to their Fujitsu laptop was frayed exposing some bare wiring. In accordance with Murphy’s Law, some of this high-purity alcohol, which is highly flammable, came into contact with this wire. This resulted in an immediate power surge to the laptop along with a dramatic plume of smoke emanating from its rear ventilation grill. This was shortly followed by a strong burning smell. Great – just what you want on a Monday morning! Luckily, no one was injured. The office staff quickly disconnected the power cord from the wall socket.

Parish records up in smoke?

After having composed themselves and with some trepidation, they turned the laptop back on. The system fan momentarily spun up and then spin down. The screen remained black. All the parish records stored in .MDB (Microsoft Access) were stored on the system as well as their Sage accounts file (ACCDATA file). The last backup they had was over eight months old. Updating parish records and reconstructing accounts would have incurred a significant administrative overhead on the office. It would have also been a soul-destroying task.

Their IT support guy removed the Intel 2500 Series SSD (encrypted with VeraCrypt) from the disk bay of the Fujitsu. Using an S-ATA cable he slaved it onto another PC, but alas, it was not showing in Windows Explorer nor in Disk Management. In fact, it was not even detected by the PC’s BIOS. They sent the drive to Drive Rescue to see if we could help.  

Diodes that died…

Our data recovery systems could not recognise the disk either. We removed the metal enclosure surrounding the PCB (printed circuit board). We used our electronic microscope to examine the NAND chips and board components. Nothing really stood out except for the two diodes near the S-ATA connector which looked a bit “off colour”. We zoomed in on them and their appearance looked as if they had been subject to some sort of recent over-voltage event. Using a multimeter, we tested the suspect components. Both gave a reading of “OL” (open loop) in both (current) directions. Neigbouring diodes tested fine. We micro-desoldered the two diodes off the SSD’s printed circuit board. After a lengthy identification process, we were able to identify the diode type. (Intel does datasheets for this SSD model SSD, but not to PCB component level of detail). We ordered identical replacement diodes from a specialist supplier in Germany. Upon arrival, we soldered the new diodes into position. After letting them bed in, our multi-meter tests showed them to be fully operational.

Resurrection of Data…

We connected the SSD to our recovery system again. This disk model and capacity was recognised which was promising but no logical disk volume appeared. So, we put the disk into “technological mode” which finally revealed a volume of randomised data. This is exactly what we were looking for. Unlike encryption applications such as BitLocker or Symantec Endpoint, VeraCrypt does not use encryption signatures. After resolving some disk offset issues, we imaged the volume to another SSD. We then decrypted this volume to finally get a valid NTFS partition with a very healthy looking folder structure showing. We extracted these onto an external USB drive. The parish office got all their records and accounts files successfully retrieved.

Lessons from this case:

  • Always use a power surge protector to act as an intermediary between mains power and your computing devices.
  • Similar to a lot of accidents, a series of small failures or errors in IT systems often culminate in data loss. In this case, if the frayed laptop power cord has been replaced, no power surge would have occurred. It pays to have well maintained equipment. And it pays to resolve small issues with computing devices, backup systems or storage devices quickly before they play a role in a data loss event.
  • And finally, just one up-to-date back-up would have negated the need for data recovery. Get into the habit of backing up or just use one of the many automated backup solutions on the market.   

Drive Rescue data recovery is based in Dublin, Ireland. If your Intel SSD disk is not being recognised or has just stopped working – we can help you recover data from your Intel SSD. We offer a full data recovery service for Intel SSDs such as the 520, S3500, S3510, S3610, S3700, S4500, P3520, P3700, P4500, P5450, 660p and 800p (Optane).