New Disk Encryption Standards Could Complicate Data Recovery

Monday, February 9th, 2009

When the world’s largest disk-makers joined last week to announce a single standard for encrypting disk drives, the move raised questions among users about how to deal with full-disk encryption once it’s native on all laptop or desktop computers.

For example, what happens if a user loses a password — essentially leaving the drive filled with data that can no longer be unencrypted? Or what if a drive becomes corrupted or damaged, the data has to be recovered by a third party — and your password is on the drive?

“Then you have just killed yourself,” said Dave Hill, an analyst at research firm Mesabi Group.

The Trusted Computing Group (TCG), made up of disk hardware and software vendors, last week published three encryption specifications to cover storage devices in consumer laptops and desktop computers as well as enterprise-class drives used in servers and disk storage arrays.

Some industry observers believe that within five years, all disk drive manufacturers will be offering drives — both hard disk and solid-state disk — that use the specifications for firmware-based encryption.

While enterprises using drives with full-disk encryption, such as the Seagate Momentus 5400 FDE.2 drive or Fujitsu’s 2.5 7200rpm self-encrypting drive, would monitor them through a central access administrator with a master password to unencrypt, consumers purchasing laptops or desktops with drives would face a more daunting scenario: They would need to either back up their data and their passwords, or lose their drives and data.

Robert Thibadeau, chief technologist at Seagate Technology LLC and chairman of the TCG, said the current disk-encryption specifications allow users to create more than one password to access data, so that if a user were to lose one, he could still access his hard drive with a backup password.

“Furthermore, with some password settings, you can provide a password that allows erasure so you can put the drive back into use, but the data will be gone,” Thibadeau said.

If a drive were to become corrupted or the hardware damaged and a data recovery firm needed to retrieve a user’s disk, Thibadeau said, the recovery firm could use the password to recover data from the damaged hardware. The TCG is also working with data recovery firms to create a technique that would allow them to recover encrypted data on drives using the standards, without requiring a user password.

Currently, however, if a user loses his password and a drive becomes damaged or corrupted, the data is not recoverable, Thibadeau admitted.

David Virkler, CIO at AdaptaSoft Inc., a payroll systems software and services company, said that administration of drives with hardware-based encryption is easy and that he has seen no I/O slowdown. Virkler installed Seagate’s self-encrypting, 2.5-in. Momentus 5400.2 drives in October 2007 on his company’s Dell laptops in order to protect customer financial data that his company often deals with in its service capacity.

He paid a $40 premium for each self-encrypting drive, spending about $120 total for each 80GB drive.

Technorati Tags: , , , , , , , , , , , , , , , , , , , , ,

If you enjoyed this post, make sure you subscribe to my RSS feed!

Hard Drive Data Recovery

Friday, February 6th, 2009

Boot Sector Viruses Can Damage HDD.

Before discussing what a boot sector virus does, let’s first take a look at what a boot sector is. A floppy disk or hard drive is comprised of many segments and clusters of segments, which (in the case of a hard drive) may be separate by partitions. There has to be a way to find all the data spread across these segments, hence the boot sector operates as a virtual rendition of a library’s Dewey Decimal system. Each disk also has a Master Boot Record or (MBR) that locates and runs the first of any necessary operating system files needed to facilitate operation of the disk. When a disk is read, it first seeks the MBR, which then passes control to the boot sector, which in turn provides pertinent information regarding what is located on the disk and where it is located. The boot sector also maintains the information that identifies the type and version of the operating system the disk was formatted with.

This is a highly simplistic overview of the boot sector function, but it serves our purpose well as it underscores the critical nature of the MBR and boot sector.

Obviously, a boot sector or MBR virus that invades this space on the disk puts the entire operation of that disk at risk.

A boot sector virus is spread via infected floppy disks. This typically occurs when users inadvertently leave a floppy disk in drive A. When the system is next started, the PC will attempt to boot from the floppy. If the disk is infected with a boot sector virus, that virus will infect the boot sector of the user’s local drive (C). Unless the floppy disk happens to be a bootable system disk, the user will simply see a standard warning that the drive contains a “non-system disk or disk error” and the user will be prompted to “replace the disk and press any key when ready”.

This is a standard error message and is not in and of itself indicative of a boot sector infection. All it means is that a non-bootable disk is contained in the drive the computer is first trying to boot from.

Most users will realize a floppy has been left in the drive, remove it, and reboot the system, unaware they may have just infected their system with a boot sector virus. Of course, if the disk was bootable, they would not receive the error noted above, but will simply be booted to a DOS screen.

Care should be taken to ensure that any bootable floppies have been checked for the presence of boot sector viruses and these disks should be write-protected to ensure no future infection takes place.

Even non-bootable disks can spread a boot sector infection when they are accessed. Further, a boot sector infected hard drive will also infect any floppies used in the system. Where applicable, use write-protected floppies to protect against this.

To write-protect a floppy disk, hold it so that the metal plate is facing downwards. Along the top edge there may be an “open” square. Look closely and you will find a small cover that can be pushed back and forth over the open square. If the cover is closed, i.e. the square is covered, the disk can be written to. If the cover is open, i.e. the square is not covered, the disk cannot be written to and is considered write-protected.

Of course, you would not want to write-protect floppies you use to copy files to, as you would receive a write protection error the next time you attempted the copy.

Most of today’s PCs no longer seek out the floppy drive during bootup, instead using the CD-ROM drive as the first boot device. This can be configured via the system CMOS screen to change the boot sequence to check the hard drive first, the CD-ROM drive second, and the floppy drive third, if at all.

Changing settings in CMOS incorrectly can result in system failure and should not be attempted by inexperienced users. Instructions for accessing the CMOS configuration screen for your PC can generally be found in the motherboard manual.

The first boot sector virus was discovered in 1986. Dubbed Brain, the virus originated in Pakistan and operated in full-stealth mode, infecting 360Kb floppies.

Perhaps the most infamous of this class of viruses was the Michelangelo virus discovered in March 1991. Michelangelo was a MBR and boot sector infector with a March 6th payload overwriting critical drive sectors. Michelangelo was the first virus to attract a large amount of media focus.

Article source from:-

Technorati Tags: , , , , , , , , , , , , , , , , , , , , ,

If you enjoyed this post, make sure you subscribe to my RSS feed!

Dental Office Impacted by Data Extraction

Thursday, January 15th, 2009

Benchmark Dental, a family practice in Sandy, Utah is virtually a paperless office. Everything from patient data, appointments and accounting to insurance records and X-rays are stored on a 160 gigabyte RAID system.

Losing this data was unthinkable; it would bring their practice to a screeching halt. Then, one Monday in February, the unthinkable happened.
When office manager Jenny Leigh arrived at work, she was greeted by an error message on her computer screen.

The system hadn’t been backed up in months and all the critical data was now inaccessible. They had no way of knowing when patients were due for check-ups or even who was coming in that day.

Benchmark Dental had a real concern about the sensitivity of their information and the need to be HIPAA compliant. Jenny contacted DriveSavers, not only because of our track record of successful RAID recoveries

 Also because we offer the most secure environment in the data recovery field, thanks in large part to our Cisco® self-defending network. Benchmark opted for DriveSavers Standard Service, “The recovery was so fast we couldn’t believe it,” exclaimed Jenny.

“They saved us from a situation that could have impacted us in so many ways and yet, they made it so simple for us. We would refer DriveSavers to anybody, especially companies with sensitive information.”

Having learned a painful lesson, the office is now set up with a new system and is backing up every day.

Technorati Tags: , , , , , , , , , , , , , , , , , , , , ,

If you enjoyed this post, make sure you subscribe to my RSS feed!