Data recovery from WD MyCloud NAS

 

western digital nas data recovery

Western Digital MyCloud NAS devices are popular in Ireland for their ease of setup, user-friendly OS. And unlike most NAS ranges from other manufacturers, the disks come pre-installed. This is probably not surprising given that WD (unlike Synology, Buffalo, Netgear et al.) manufacture hard disks.

The entry-level models in the WD MyCloud NAS range does not offer any redundancy – they are single-bay only. However, they do come with a USB 3.0 port for external backup which is better than nothing. Models further upstream in the range such as the MyCloud Mirror, MyCloud Gen 2, MyCloud EX2 and MyCloud EX4 offer mirroring with the more advanced models offering RAID 5 and RAID 10 redundancy.

Recently, we helped a customer with an entry-level WD MyCloud which was no longer showing up on his network. He could hear it spinning. But no data appeared when he logged into MyCloud OS. So, he updated the device’s OS to version 3. He removed the 4TB disk from its casing and attached it via USB dock to his Apple Mac. But no volume showed up. He ran some DIY data recovery software on it – but that too proved unfruitful.

He brought the disk (a WD40EFRX NASware 3.0 disk) to us. These “WD Red” (as they are commonly known) are generally reliable disks. A unique feature of them is their disk-to-parking zone timings.  Because they are designed for NAS usage their heads will not retreat to the disk’s parking zone until 300 seconds of inactivity compared to 8 seconds for a model from the “WD Green” range.

Our diagnostics revealed several of the firmware adaptive modules were corrupt. These modules are essential in “tuning” the disk heads to the disk platters and are used for the management of disk errors. Secondly, the disk had well over 12000 bad sectors.

The data recovery process went smoothly without any surprises. Over 3.2TB of ORF (Olympus Raw), PSD (Adobe PhotoShop) and .MOV files were all successfully recovered. Everything requested by the client. Every MyCloud does have a silver lining…

 

Drive Rescue Data Recovery is based in Dublin, Ireland. We recover data from all of the WD MyCloud range including MyCloud Gen 2, MyCloud Pro, MyCloud EX2, MyCloud EX2 Ultra, MyCloud EX4 and MyCloud Home Duo. Call us on 1890 571 571 or find out more at: www.datarecoverydublin.ie

USB memory stick is not recognised by Windows?

Here is a simple way to recover your data.

1) Connect your damaged USB memory stick to your Windows computer.

2) Navigate to the Device Manager. Click on the “plus” sign
beside “Disk Drives”.

3) Then right click on your damaged disk and click on “properties”.

4) Navigate to the “drivers” tab and click “disable”.

5) Insert your USB memory stick back into your Windows system. Go to “Device Manager” again and re-enable the device.

6) The volume containing your data should now appear under “My Computer”.

This is just one fix. Other more advanced problems such as a failed NAND controller can also cause your memory stick not to be recognised by Windows.

Drive Rescue (Dublin, Ireland) offer a complete data recovery service from USB memory stick brands such as PNY, SanDisk, Adata, Sony, Integral, Toshiba and Ativa. We also perform recovery from promotional USB memory sticks.

Data recovery of from Synology NAS (DS216)

Two disks taken from a Synology NAS DS216

NAS devices have never been so popular. They consume less power than a PC or server, they support RAID and their compactness means they can be stored in even the most space deprived homes or offices. While first generation NAS devices were basically conjoined hard disks with a built-in networking component, modern NAS devices are much more sophisticated. Most come equipped with their own operating system such as DSM (for Synology) or QTS as used by Qnap. Most NAS devices also support file sharing protocols such as SMB and NFS, which make them ideal for OS-agnostic environments.

Even though most NAS devices support RAID redundancy, it is surprising how many users forsake this safety net in lieu of performance by setting up their devices in a RAID 0 configuration.

Recently, we helped a user to recover files from his Synology NAS DS216 configured in RAID 0. Inside the array were two Western Digital Disks – a 1.5TB disk (WD15EARS) and a 2TB disk (WD20EZRX). Our diagnostics revealed that the latter disk had firmware issues. Once these were resolved, we imaged both disks. Using both disk images, we rebuilt the RAID 0 using its original parameters. The file system used was EXT4.
We recovered over 2TB of Final Cut Pro 9 (. fcp) files along with .MOV and.AVI files. – everything which the client needed.

In this case, the user made the mistake of using RAID 0 but can you spot the second mistake from the photo above? He also used two WD Green disks. For NAS devices, this is another common technical faux pas. “Eco-class” disks and many standard “desktop-class” disks do not support TLER (time limited error recovery) functionality needed to minimise errors on a RAID environment. “NAS-class” disks such as WD’s NASware disks or HGST’s Deskstar NAS disks are recommended. But perhaps the greatest step the user could have taken was to have his data backed up! Apps in Synology’s DSM facilitate this as well as third party apps such as BackBlaze B2 or using OS apps such as Resilio.

Recovering a corrupted Word or Excel document: an easy solution.

You have a Microsoft Office file (such as Word, Excel, etc) which you (or your user) have been working on all week. But now, for whatever reason, the file has either gone corrupt or been over-written.

Hours of work wasted? Maybe not. In Windows, the quickest recovery route possible is the much forgotten and underused feature called Shadow Copy. The steps to recovery are easy. 1) Right-click the overwritten or corrupted file and click ‘Properties’. 2) Select ‘Previous Versions’. 3) If you want to view the old version, click ‘View’. To copy the old version to another location, simply click ‘Copy’ and you’re done. The quickest data recovery ever!

Recover data from a CD-R, CD-RW, DVD-R or DVD-RW disc

Generally speaking good quality CD-R, CD-RW, DVD-R, DVD-RW are a fairly reliable backup medium. This is assuming, however, that they’re kept out of direct UV sunlight and are kept free from deep scratches. But, occasionally user error can result in data loss. Like a gentleman from Kildare we helped last week. He had an Outlook .PST file from his old workplace which he had stored on a Maxell DVD-RW. He inadvertently performed a “quick format” on the disc, erroneously thinking a different disc was in his DVD tray. His heart sunk as he thought that 9 years’ worth of emails and contacts we now gone into the ether. He contacted us.

The data recovery process for this type of data loss is cut and dry. Firstly, we configured the read-speed settings on our DVD reader to read at the slowest possible speed and then ran a utility IsoBuster called on his disc. This recovered his .PST file quickly. However, when this file imported into Outlook, it still would not read. The error “outlook.pst is not an outlook data file” appeared. So, we ran SCANPST on the folder and re-tried. (SCANPST is a utility built into Windows OS to repair minor errors in .PST files). The utility found some errors which it repaired. The second import of the .PST file worked with all the client’s contacts and old emails now appearing. A very quick data recovery case! I hope this post helps someone else who has experienced the same problem.

Drive Rescue Data Recovery are based in Dublin, Ireland. We recover data from most brands of hard disk including Seagate, Toshiba, WD, Samsung, Iomega, LaCie, Intenso, Adata and Transcend. Find out more on: www.datarecoverydublin.ie

Giving Back @ Drive Rescue

Pictured: Robert Scanlon of Drive Rescue and Brother Sean Donohoe of the Capuchin Day Centre

 

Drive Rescue recently presented their annual donation to the Capuchin Day Centre in Dublin. The centre provides 800 meals a day to people who are homeless or in need. The centre also distributes 1400 food parcels in Dublin in 350 in Kilkenny for people on the poverty threshold. It receives only partial funding from the Irish government. The centre does not run PR or advertising campaigns. It generates most of its income from the goodwill and generosity of the Irish people. It was a pleasure being able to help them.  If you would like to help, you can make a donation here:

http://www.capuchindaycentre.ie/Capuchin_Day_Centre_2013/Capuchin_Day_Centre_-_Donations.html

 

Data Recovery from Intel 5400s (Intel 540) Pro 240GB SSD

A customer recently dropped in an Intel 5400s Pro solid-state disk to us for data recovery. They first noticed a problem with the disk when, upon starting their Dell Inspiron laptop, they received the “no boot device found” error message.  They removed it from their laptop and connected to another computer using a USB dock – but the disk could still not be seen.

Disk architecture

The solid-state disk, an Intel 5400 (lately, this model has been marketed as the 540 as Intel has recently abandoned the four-digit naming convention for their SSDs) holds 240GB of data and uses a Silicon Motion 2258 controller. The PCB holds 8 x 30GB SK Hynix memory chips using TLC NAND and uses an S-ATA 3.0 interface.

Diagnosis

Upon delivery of the disk, we connected it to a standard Windows PC. The make or model number was not detected by the BIOS. At this stage, we were beginning to suspect controller failure. But making assumptions in data recovery can easily set your recovery methodology on the wrong track – so more analysis was needed. Physical inspection of the PCB revealed dies tightly bonded to the board and no signs of thermal stress.  Using a multi-meter in voltage mode, readouts showed that all areas of the disk’s PCB were getting the correct voltage. So, we could safely eliminate a power issue as being the problem.

SSD data recovery process

We then put the disk into what is known as technological mode. This is a mode used by disk manufacturers themselves to perform diagnosis on disks which have been returned to them. It helps them spot design defects (with the disk controller, NAND, DRAM, etc.) which are then used by their R&D departments to (hopefully) make reliable disks. But technological mode also allows data recovery technicians to bypass the inbuilt controller and use an emulator. (I’m sure this “backdoor” access to a disk also comes in very handy for the NSA…). The controller plays a vital role in the operation of an SSD. It performs bad block management, logical block addressing, wear-leveling, error correction control and interleaving. We uploaded a Silicon Motion 2258 translator module to our recovery system. The disk successfully ID’ed. The NTFS volume finally appeared, but with errors.  We made an image of the volume and then using this image made reparations to the NTFS partitions.

The result

After several hours work, we now had the disk’s two NTFS partitions fully recovered. The files, mostly V3D (medical imagery) files and one gigantic 33GB PST (Outlook store folder) were extracted onto external USB 3.0 drive for the more-than-satisfied client.

 

Drive Rescue Data Recovery is based in Dublin, Ireland.  We perform SSD data recovery from most brands of SSD including Samsung Evo, Crucial, SanDisk, Toshiba OCZ, Integral, Adata and PNY. For more information log onto www.datarecoverydublin.ie or phone us on: 1890 571 571

Don’t forget to check the “found.000” folder after running CheckDisk.

CheckDisk is a file system integrity checker built into Windows’ operating systems. (It runs a FS integrity check similar to the “verify” command in OS X‘s Disk Utility). For the most part, where small file system errors exist on FAT and NTFS volumes, CheckDisk does a reasonable job at repairing them.  However, occasionally it repairs the file system, but the volume will still be inaccessible to the user. This is because Checkdisk stores the recovered files in a newly created folder called “found.000”. Last week, a customer dropped in an NTFS formatted Samsung Momentus 2.5” disk to us. Another data recovery company in Dublin wanted to charge them hundreds of euro for recovery. But the files were already on the system in the folder found.000! This job took all but 10 minutes to diagnose and resolve. We did not charge anything to the delighted customer. It was a simple fix. Next time you run CheckDisk on a disk with small errors, don’t forget to check the folder “found.000”- you could end up saving yourself a lot of money.

Drive Rescue at IP Expo Europe (London) 2017

Drive Rescue recently attended the IP Expo Europe event in London checking out some of the latest storage devices. The data storage world continues to move at a blisteringly fast pace and there were lots of interesting new technologies on show.

12 TB Helium Disk 

Just arrived (1 hour before above photo was taken) from Seagate’s European hub in Schipol was this 12TB Iron Wolf disk. With a speed of 7200rpm and a transfer rate of 250 MB/s, this range of disks also comes with “Rotational Vibration Sensors” to minimise vibration. Its disk heads use PMR (perpendicular magnetic recording) technology and not SMR (shingled magnetic recording) which one might expect on a disk this size. This is thanks to helium gas used in the disk’s main chamber which reduces platter turbulence and enables increased areal density. After all, 12TB is a lot of bytes for just 7 thin platters. Of course, many years ago Seagate toyed with the idea of injecting helium into the main chamber of their high-capacity disks but abandoned the idea as no economically viable production technique could be found. Then Western Digital came along where Seagate left off. Their production engineers made a breakthrough, developing a helium-injection process suited for mass-scale production. So Seagate have now come full circle and have realised their helium dreams. But “what about reliability?” I hear you ask. Well, Seagate are claiming the MTBF (mean time before failure) for this disk (model pictured) is 1.2 million hours…(stop sniggering). And not so long ago, Seagate said they would relinquish using the MTBF metric and promised they would use AFR (Annualised Failure Rate) instead to quantify disk dive failure rates. I’m guessing they reinstated this awful but more standardised metric not to be disadvantaged when procurement teams  devise HDD comparison matrices. Failure specifications aside, Seagate (with a little prodding from Synology) have developed their own disk health monitoring software for this disk family. This diagnostic and monitoring software awkwardly named “Iron Wolf Health Management” (yes, I know it sounds like a dodgy healthcare insurance company from Ohio) is badly needed as SMART has become well past its sell-by date. According to Seagate’s marketing bumf, it monitors 200 disk parameters which influence disk health as opposed to the 20 paltry parameters used by SMART. The software also promises “intervention action” notifications in instances of imminent disk failure. Moreover, it offers a probability rating of catastrophic failure and gives a longitudinal view of disk health by showing trend analysis rather than the one-snapshot-in-time view offered by so many other HDD monitoring apps. Already, Synology the NAS manufacturer, has integrated the IWHM software into their DSM operating system.

Buffalo NAS – Security in Mind 

 

 

And talking of NAS devices, Buffalo, the Japanese NAS manufacturer were also showcasing their wares. Their flagship Terastation NAS line-up has been re-designed with security at the forefront. Their NAS devices now employ a secure file-access architecture where not even the administrator has root-rights. In terms of encryption, AES-256 hardware encryption is now standard on all the Terastation range. This is a useful feature if the NAS is accessed remotely or in the event of your NAS device being stolen. (And on that note, all Terastations also come equipped with a Kensington lock). There is also the option of enabling pre-boot authentication using a VPN, Windows Server or PC. Buffalo has also introduced its “Drive Recognition Technology” whereby the volume’s disks are digitally “tied” to the hardware. Just in case, all these security features go haywire due to corrupt or bricked firmware, Buffalo have added a feature known as “duplex firmware”. This stores a secondary firmware module to fall back on should the original module go askew. Nice! A Terastation NAS would make an ideal Christmas present for any data protection officer…

QNAP – NAS with ThunderBolt 3, SSD caching and advanced virtualisation (for a NAS…) 

QNAP also presented an innovative line-up. Their TS-456BT3 model comes with two ThunderBolt 3 ports (also compatible with second generation USB 3.1) which is sure to please both Mac and Windows users collaborating in OS agnostic environments. This model also has a dual M.2 SATA interface for disk caching – (SLC or MLC SSD recommended) for faster transfer speeds. QNAP were also displaying their performance powerhouse NAS – the TVS-1282T3. This 8-bay (for 2.5 or 3.5) and 4-bay (2.5” SSD) device is powered using an Intel i3 or i5 processor and can hold up to 64GB of DDR4 RAM. This model also offers link aggregation in the form of four 10GbE ports. Used in conjunction with Thunderbolt 3 this can offer blistering fast data transfer speeds of up to 40Gb/s.

In terms of data backup, QNAP offers their Real-Time Remote Replication (RTRR) feature which can backup files to another NAS immediately or to a remote FTP server. Their QTS operating system (version 4.2 or higher) also allows for volume snapshots using their Snapshot Manager utility. Another innovative feature of this model is that it supports VJBOD whereby unused QNAP devices (selected models only) can be connected to it to create virtual storage pools. These can be managed using QNAP’s Virtualization Station 3 software. So, if you ever wanted to have your own mini data centre – now is your chance.

Synology and their transition to BTRFS

While QNAP might be innovating with NAS interconnectivity and virtual storage pools, Synology are also innovating albeit at a more fundamental level. The BTRFS (developed by Oracle) file system has now become default on most of their mid-to-high range NAS devices. Previously, Synology’s used EXT3 or EXT4. But in 2009 and again in 2015, EXT4 developed bugs which meant several thousand EXT4 based servers and other storage devices got hosed. This might have spurred a decision at Synology Towers to change the file system of their devices altogether. In terms of file systems, BTRFS is still only a baby. Introduced in 2009, it’s still only on version 4 but it does offer some compelling data protection features. For example, it stores two copies of metadata per volume. This could become extremely useful when performing data recovery from a disk with bad sectors or from a damaged disk. Moreover, BTRFS includes native check-summing for data and metadata, making sure data integrity is maintained. So even if bit-rot has set in, file corruption will be detected and automatic recovery using mirrored metadata will initiate (theoretically, at least). And if that’s not good enough, BTRFS offers much better snapshotting capability whilst incurring very little overhead in terms of disk space or performance. Certainly, in this era of crypto-ransomware, snapshotting has become more important than ever. So, maybe Synology’s decision to jump from the EXT ship was probably not such a bad idea.

Drive Rescue Data Recovery is based in Dublin, Ireland. Need data recovery from a Seagate drive? We can help. We are also Ireland’s leading experts in NAS data recovery. We recover from most major brands, including Synology (DS115, DS116, DS210, SD216j, DS216se, DS416J, DS718, DS1517 etc.,) Buffalo (Terastation and Linkstation), QNAP (TS-231, TS-251, TS412, etc.) and LaCie NAS (Big Disk, 2Big Dock, 2big Quadra and 5big Thunderbolt). Call us on 1890 571 571 www.nasrecovery.ie 

Recovery of holiday photos from SanDisk 8GB SD memory card with corrupted controller chip

NAND memory in the form of SD cards (such as SDHC and SDXC), micro SD cards and CF cards have almost replaced 35mm film as the de facto storage medium for most camera devices.

Last week a customer who had photos from a family wedding and a trip to Ethiopia contacted us because his 4TB SanDisk SD card could no longer be read by his Canon EOS camera or his Apple Mac computer. The latter presenting him with the error message “The disk you inserted was not readable by this computer”. This error can sometimes be caused by partition or controller failure. In this case, a quick diagnostic test on our NAND reader made a controller issue the most likely cause.

The controller in NAND memory devices serves the important role of managing read and write cycles. It also performs a process known as “wear-levelling” – a feature which optimises the utilisation rate of all cells evenly across a die. It also performs the important role of logical block addressing, mapping information from the logical block address to the physical addresses. The controller chip also manages bad blocks. Just as a hard disk uses a P-List and a G-List, many NAND chips use Bad Block Omission and Bad Block reallocation algorithms. For cells which have been subject to the erase function, the garbage collection function designates them as “free” for new recording cycles.

Each controller type will use different LBA and page schemes. The accurate determination of these is crucial for successful data recovery. Typically, the page size is 512 bytes. In this particular case, the page size was 512 bytes with a logical block size of 1024 bytes. After having created a virtual image of the disk, we analysed the inversion and XOR used by the controller. Inversion is a type of encoding commonly used in TLC chips to minimise cell wear. This inversion algorithm must be deciphered. Secondly, we had to work out the XOR used by the controller. User data is merged with a XOR key to (rather un-intuitively) create noise. This is needed by TLC NAND to preserve data quality. After working out the XOR, the virtual and block allocation patterns, we now had a logical image of the SanDisk card to work with.
Logical block number and logical page number sequence had to be calculated followed by data block sorting and filtering. This included removal of invalid and duplicate blocks and checking of LBN integrity.
And then to the final stage…the data extraction phase. Most of the file types were .CR2 (Canon Raw Image), JPEG and .MOV files all of which extracted beautifully. The client collected a DVD with all his treasured memories vowing never to trust a camera card again!