Analyzing RAID parity

  Last time I discussed how to find the RAID data offset for a SNAP OS 4.x RAID handler.  To put it briefly it was just a simple matter of finding Cylinder Group zero on the first drive in the array and back tracking 48 sectors.  Once the RAID data offset is established we can plug those numbers into our RAID Diagnostic Toolkit and begin analyzing the parity. 

  The main objective of the parity check is to make sure that:

  1. We do not have a stale drive in the array

  2. We do not have a drive in the array that does not belong

  3. All RAID data offsets are correct.

  Lets take each item from one to three and explore their impact.  Item one basically means that there is a drive in the array that has not been functioning for a certain period of time.  Normally an alarm goes off, an email may be sent, there is some sort of notification that a drive has dropped out of the array and now the RAID is running in a degraded state.  When the technician who is administering the array does not get a warning it is usually because there has been some type of hardware malfunction that, although the drive is out of the array, the RAID BIOS does not sound the alarm.  A second reason is that the alarm stops working.  The little speaker on the RAID card that sends this terrible shrill through the server room is malfunctioning and nobody hears it.  Another reason might be that the original RAID administrator may have shut off all alarm notification flags during configuration and never turned them back on.  There are a lot of other reasons but the fact of the matter is that a RAID administrator may have a RAID that has been degraded for a year and not even be aware of it.

  Item two is rare, however, it happens enough to where you need to be concerned if you are trying to recover your RAID.  This item also is not very common in the SNAP line of servers as it is in DELL.  There are times when a RAID is configured as ‘X’ drives, and one hot swap.  The RAID admin who is now working for the company you are trying to recover the data for sends the RAID he tells you it has four drives when it is really three drives and one hot swap.  He may not know the original configuration.  He may not know how to get into the RAID BIOS to look to see how it was configured.  There could be a hundred and one reasons as to why you get a hot swap drive sent to you along with the rest of the array.  The point is, be aware that it can happen.

  As a side note, DELL has configure many of their RAID models to have two mirrored drives for the OS, and 3 to X drives as a RAID 5.  I have received all the drives from a client with them ’swearing’ that all of these drives are in the array.  Once I have analyzed the parity, and look at the drives through a hex editor I come to the realization that I have two RAIDS on my hands, not one.  Once again, be aware that the client may not know their exact configuration.

  Finally item three.  Sometimes, not often, actually this was the first time with a SNAP server, the RAID data offsets are staggered.  In my next installment I will explain what happened with this particular job, and why it happened.  Until next time.

Click here to Download the RAID Diagnostic Toolkit. Be sure to read the instructions on the page as well as follow the links to the instructions with screenshots. You may also visit our page: RAID Configuration and Parity Check for more information.

Finding SNAP OS 4.x RAID Data Offset

If you are in this business long enough you will see everything, or will you?  Two weeks ago I received a SNAP RAID OS 4.x for recovery.  I have done a lot of these and I am pretty familiar with the data offsets, how the drives are setup, and where to begin the virtual RAID for my software.  Having said that, these are the steps I normally take, and the results from those steps.

First thing I do is to make images of all four drives.  These were four identical Seagate Barracuda ST380011A hard drives, so I made sure I had at least 320GB of space on one of my partitions on my server and, using WinHex dumped the images.  Once I had done this I put the clients original drives in their bin hopefully not to use them again.

Next step is to use WinHex and eyeball the beginning of the RAID data.  With SNAP OS this is a simple matter of looking for the first cylinder group on the first drive then subtracting forty eight sectors from that.  The assumption is that the block size is 8192 bytes, or sixteen sectors.  If we were to look sixteen sectors before the first cylinder group you would see the file system superblock.  If we skip back another 16 sectors you see another super block.  Finally, another sixteen sectors and there should be a null sector.  Sometimes I see data in there but that is usually because the drive has somehow been corrupted.

So, once again, to find the beginning of the RAID data segment you find the first cylinder group and subtract forty eight sectors from that.  The sector offset derived from that formula is the beginning of the RAID data segment of each drive.  They will be the same on all four drives or at least I thought that until this particular recovery.

Next step will be to check the drive parity which, in this case, was unusual. This step will be in the next blog titled “Analyzing RAID parity“.

For more info on RAID Data Recovery or SNAP Data Recovery

Samsung Spinpoint Being Mass Produced

Last week Samsung announced that it will be mass producing their high capacity laptop hard drives. Their Spinpoint series has either high capacity or high speed, whichever is more important to the individual consumer.

Some day soon they will have the best of both worlds by introducing a high capacity laptop hard drive that has the large capacity that most users require in their laptop hard drives as well as high speed for those of us into gaming and media.

DTI Data Recovery has been doing research and Development on Samsung’s laptop hard drives in preparation for the data recovery and hard drive repair that will be required by these new hard disk drives.

If you happen to fall victem to a hard drive crash and have data that needs to be recovered, DTI has the skills and tools to perform hard drive recovery on even these new high capacity hard disks.

Spyware and Malware

Spyware and Malware protection and removal and what you MAY not know!

I have had the luxury of being in some sort of IT Industry in one way or another for the last 17 years of my life. I have worked in fields from standard PSTN Telecom, to basic PC building and repair, to Corporate Network Design and Infrastructure Integration, down to Web Design and Programming. I would say that over the years I have seen MANY drastic transitions in technology, some greater than others. I watched as I saw a standard telephone line connected to one personal computer at a time sending messages and files through a BBS (Bulletin Board System), develop into the large scale high speed data network we use now known as the Internet. One thing that has ALWAYS held true in the communications and data networking industry is that there is always someone out there trying to make a quick scamming buck or to take down systems of the masses by playing on the end users lack of knowledge on how to protect and secure their computers. Since the early days of BBSing, I remember even in the late 80’s and early 90’s, there were Trojan viruses and infections that were in place for NO other reason but to annoy and destroy file systems. Anyone who remembers Wildcat and Oblivion BBS’s and was ever struck by the Michelangelo or Jerusalem viruses knows exactly what I’m talking about.

Since the inception or communications, there has always been the need to secure and prevent hackers, warez freaks, and script kiddies from getting into your computers. The only thing I have seen change over the years, is that it is no longer just a 12 year old kid slurping down mellow yellow until 4 am that is hacking your system and corrupting your files, or even worse, stealing your personal information. Now it has become a multibillion dollar BIG BUSINESS for companies which I won’t mention in this article to install Spyware, Malware, and Scamware onto your system so they can collect information about your personal life, your personal preferences, your web surfing habits, and even your credit card and social security number so they can store your information into a database and sell your information off to the highest bidder.

Now please understand, I am not a conspiracy theory type of guy, and I don’t think that big brother is trying to get me, but I am a realist and I know for a FACT that EVERYONE that is reading this article has at some point in time in one way, shape, or form has had a virus, a Trojan, some Spyware, or Malware on their system. So that is not a conspiracy, it is the plain and cold hard truth. We as a community of Internet surfers and knowledge seekers have to be able to protect ourselves and our family’s against the unwanted bots, programs, and software that is being installed onto our systems and is invading our privacy without knowledge. So my next few articles are going to explain a few ways on how to spot the malicious software and viruses on your system, and a few of the best tools to protect and guarantee your computers and family’s safety from these devious applications.

So check back later this week for my next installment of, “Spyware and Malware protection and removal and what you MAY not know!”, which will explain how to understand, locate, and eliminate spyware, malware, and viruses.

Until then, take care, and if you have any questions or comments about the articles please leave a comment or send an email to my address below.

Richard Correa, MCSA, MCPS, MCSE, MCNPS, MCDBA
Senior Network Engineer
Lead Web Programmer and Developer
DTI Data – DTI Networks
Office :: 727.345.9665 ext.206
rcorrea@dtidata.com

http://www.dtidata.com
http://www.dtinetworking.com

Windows Explorer: Un-Hide Files

Windows Explorer: How to change files from Hidden

In my last windows explorer tutorial I explained how to open Windows Explorer, now I will start showing some of the functions people need to know. A lot of time a file we are looking for just doesn’t seem to be where we think it should be. This may be attributed to the fact that the file is hidden. In order to unhide these files here are the steps.

1. Open windows explorer (please see my other tutorial)

2. Click on “My Computer” in the left hand window.

3. Select one of your hard drives. In this case I have selected the “C” drive.

4. Now go up top to “Tools” and select “Folder Options”

5. Now click on the “View” tab along the top and you should see “Folder Views” and “Advanced Settings”

6. Scroll through the advanced settings until you come across something that says “Hidden Files And Folders” and under it should be radial buttons to allow you to select “Show Hidden Files” (see picture below)

7. Now just click the OK button. You may get a warning from Windows that this could be dangerous, because now you will have access to system files. If you think this is bad idea because you may delete them then I recommend that you don’t unhide these files.

That is all there is to it. In the next Windows Explorer tutorial I will go over how to see all of your USB mass storage devices this way.

Windows Explorer: How to Open It

A lot of times when I am speaking to customers I need them to make changes to their files or look at their files in a specific way. I will often tell someone to open Windows Explorer and tell me what they see. In many occasion I have had customers open Internet Explorer instead. Because Windows Explorer is a valuable tool that I think everyone should understand and know how to use, at least at a beginner level, I have decided to take a few weeks and write about it.

Click on Start then Accessories and then two from the bottom is Windows Explorer.  Click on it and you will then be given the following program. 

Windows Explorer defaults to the “My Documents” Directory. As you can see all the files and folders you have in your My Documents folder are now displayed.

Below that is “My Computer” clicking the plus sign next to it will now display any mass storage devices Windows sees connected to the machine (i.e. your C drive and CD-Rom drive). From here you can also see your Control Panel, Mobile Devices, as well as Shared Documents and your My Documents folder again. We go further into the Control Panel and Shared Documents in a later blog, for now we are just trying to see what we are able to look at in Windows Explorer.  You will notice you also have access to your Recycle Bin and any folders that reside on your desktop. (Note: You now have full access to your files, if you delete from here it will be sent to the Recycle Bin.)

To Be Continued…

How To Set Up Your Computer The Right Way

If I were a Technician how would I set my machine up to keep my data safe from Spyware, Malicious)ware and viruses? Although this article actually has little to do with actual “data recovery” if you are attacked by any of these issues it will cause to have data recovery done.Also, I thought it would be nice to share with you how I have my machine set up so that I stay safe. Firstly, I am going to go over your Internet connection and how to stay secure from the infamous 13 year old hacker. This defense, applies directly to my broad band friends out there (cable modems, dsl, etc.). If you are live on the Internet at all times, with your own ip then you should NEVER EVER have that connection going directly into your computer from the cable modem your ISP has provided you with.

It is imperative that you put a wall between you and your computer, and this can easily be done with a router. You can pick up router at most large electronics retailers for a very reasonable price. In many markets the cable company will provide you with a router if you tell them you need one.

I know many of you use a software firewall, but it has been my experience that they do not do a proper job. A software firewall like Zone Alarm just adds more headaches then it is worth in my opinion, and can end up being a data recovery nightmare if you ever decide you want to actually remove the software.

Now we move on to our most important daily protection for our computer. First, how do we scan for this spy ware and malware? I have used a lot of products, tested everything I could get my hands on, and after years of dealing with this problem one thing is clear. It does not get any better the Ad-Aware by Lava Soft. First of all, this software is free for use on a single home computer (you need to pay for it you are going to be running it at a business or in a network environment). Secondly, they are diligent in keeping their offender database up to date. The software is easy to use and allows for many different types of scans.

I run Ad-Aware 2-3 times a week depending on how much Internet surfing I am doing. The next thing we need to do is block the offending malware, and spy ware sites from even getting access your computer. In order to do this I use Spybot Search and Destroy. This product has an extensive list of sites of known spyware offenders and will add blocks to your machine so that they cannot install any of their nasty little pop-ups. Make sure you install the product and then update it. After that, you only need to use the IMMUNIZE feature.

Doing this will block the sites. I IMMUNIZE about once a week. As for virus protection, the product I use most is Norton Anti Virus. This product has a proven record and has long time been an industry leader. I do not recommend installing all of Norton system tools, just the virus scanner. Make sure you keep live the updates setting on and set the weekly scan up. I would also make sure you turn on the email protection. When it comes to trying to block spam, in your email, there are thousands of products. I have tried setting up rules in outlook to deal with this problem and have had little luck with it actually filtering all the bad guys out.

After looking long and hard for a decent product for this I finally found CloudMark. I cannot say enough about their service. Now it does have a subscription fee but is minimal compared to the headaches they prevent. IF one of the baddies does happen to sneak by you have an easy button to click and this will prevent you from getting email from them again. Finally, to toolbar or not to toolbar that is the question. For me the answer was easy.

Yes! With the toolbar battle raging I have found the Google tool bar to be the most flexible and reliable. The toolbar makes searching a snap, as well as blocking pop-up’s. It adds that extra oomph needed to really keep them at bay. Make sure you have your Internet Explorer pop-up’s turned off also. I hope that this article has at least been a little helpful in keeping your Internet browsing as safe as possible.

Why You Should Defrag Your Hard Drive

I more then likely average about 3 to 4 calls a day from people who have formatted and reinstalled their operating system. Usually by using the manufactures (i.e. Dell) system restore feature, not realizing that this will bring the machine back to the way it was when purchased. All of the data that was on this drive now seems to be gone forever.But this is not the case; most of the data should still be fairly intact. You will have to use what is called a file harvester, or raw data scan, piece of software in order to find these files. The way these pieces of software work, is they start at the beginning of a hard drive and begin to scan looking for unique file header information. These file headers, are unique to the type of file (i.e. JPG is FF D8 FF E0) and therefore the software can try to “piece” the drive back together. If you have defragged your hard disk recently there is a much higher recovery rate because there will be no trash data in your file. If you have not defragged, the likelihood of recovery diminishes greatly, because the software you are using can not tell where a file starts and ends, if it is fragmented.

So I still have not explained what Defragging does. In a perfect world when we wrote data to our drive we would never delete it, but that is just not the case. As we delete files and add files there is “empty” spaces left on our hard drives. These spaces have actual data in them but it is no longer part of any file. As we go forward with normal pc use, we continue to cause the drive to be fragmented and not contiguous. Running Windows defrag on a weekly basis will up the performance of your machine, free space on your hard disk, and leave you in a better data recovery situation should that happen to you. Windows Defrag will move your files around to make them contiguous and therefore more easily accessed by Windows. You can schedule a weekly defrag by following the directions below.

How To Schedule a Weekly Defrag:

Click on the Start Menu and go to the control panel.

Now click on Performance and Maintenance

Once in that screen click on the Scheduled Tasks option

Now double click on Add Scheduled Task

Then Click Next

Click Browse, and now let’s go to the windows/system32 folder, and select defrag.exe, and click Open

Now use the wizard to set a schedule for when to run the defrag.exe program.

When you are asked for your password be sure to enter it, and click next.

Check Open advanced properties for this task when I click Finish box, and then click finished.

The following window will pop up.

In the RUN text box add the drive you are wishing to run Defrag on, in most cases this will be C:, to the end of the line.

Click ok and your computer should run defrag on your main hard drive once a week! This will make it better for anyone who might need to perform hard drive data recovery on your hard drive.

RAID O or RAID 1 Choices In New Computer

RAID 0 or No?

So recently I got myself a brand spankin’ new computer. Yahoo, right? I can finally play Vanguard with out lag. So, anyway it was set up with a RAID 0 a 64k stripe for speed since it is my gaming machine. The RAID contained two 80gig Maxtor SATA drives. Now when I set up the RAID I promised myself I would not put any data on it, for fear of failure. Well as the story goes one of the drives has failed, and I have family photos all over my desktop.

In another article I had preached that RAID 0 is wonderful, and I still feel that way, just make sure you have a data drive in the machine. I only wrote this to show you all even someone who KNOWS better doesn’t back up, and makes what I feel was a silly mistake of not keeping the data in a safer place, so don’t feel bad if you make a mistake with your data, I do it all the time.

Fortunately I work for on of the best RAID Data Recovery companies, but if you don’t, then back up your data!

Beginners Guide To Computers: The Internet Protocol TCP/IP

Welcome to a new series of “Beginners Guides” that DTI Data is publishing to better assist novice to intermediate technicians and end users who are looking for a more clear understanding of basic computer, networking, and security knowledge. These guides may seem very basic for a lot of our viewers, but we recommend that everyone read them in full, as you may be surprised on how useful some of our hints and tricks may be.

No matter how much you have learned or know about these subjects, with the ever changing technologies and infrastructures around us it is important to stay up to date, because these technologies can pass you by in a matter of weeks. These articles are designed to give you a low level understanding of each of their subjects, so that you may be able to diagnose and fix issues that you keep running into without relying on restrictive applications to fix these problems for you. We have found that technicians, and even end users have become VERY dependent on 3rd party applications and tools to fix issues and problems for them, but what do you do when a problem is outside of the scope of your utilities? These articles are designed to not only help you solve problems, but to show you how they start, and WHERE they start, and how to get to the roots of the real problems on your PC’s.

This portion will give you a little bit of a background on who I am and what I do, so you can kind of associate with me in these articles. I am going to go over a little bit of where most of my knowledge has come from and how I can help you. My name is Richard Correa III, and I have been a Systems and Network engineer for as long as I can remember. My first computer that I ever used was an Atari 800xl, which at 6 years old I learned to program in basic in the early 80’s and from then on I was hooked on computers. Of course I played with the Commodore 64s and Vic 20s, Tandy’s, and other Atari’s (ST Series), but my first real PC was an IBM XT 8086 running DOS 3.3 that my father brought home from work to code on. My father is a true low level Systems Analyst, and has been coding in low level Assembler and C for 30+ years. He is also a Kernel UNIX coder and now engineers RAID Data Recovery software for our firm. I have been fortunate to work in my industry my entire life and have been able to see the amazing growth of computer technology over the last 20 years. Shortly after I started using the IBM XT, I was introduced to the 80286 AT series and then the 80386×16 series. My first true networking experience came when the 386s came out. I setup my first Novell IPX/SPX Token Ring network at the age of 12 so that I could play Doom and Quake with friends and family head to head. I was always interested in communications and started my very first Wild Cat BBS (Bulletin Board System) shortly after my parents opened a retail computer store in 1995. BBS’s were the predecessor to email, forums, and messaging systems we know and now use. I learned about IRC (Internet Relay Chat) systems shortly after I started BBSing and that is was when I truly saw technology changing. IRC was the first system in which I was able to talk to thousands of people online at one time, and it was LIVE! From that point further, I knew what I wanted to do with my life, and have been fortunate enough to grow with the technologies at hand, and have been teaching ever since.

In early 1999 I received my MCP, MCSA, MCSE, and MCDBA certifications to try and guarantee my place in the workforce, but I soon after found that companies were not only looking for certifications, but they also required years of field knowledge as well. In late 1999 I started working for a local IT Firm that installed High Speed Broadband for a major ISP and cable television company. I was a lead technical trainer there, and trained other technicians how to install network cards, setup home and small to medium business networks, and to show customers how to surf the Internet and use their computers safely. All of this technology was very new and EVERYONE wanted it. I left this firm shortly after and was offered a Director’s position at a much larger contracting firm who at the time had over 800 field engineers and technicians installing coaxial cable and large scale voice and data systems all over the state of Florida. I helped to implement all of the training and installation material to teach these 800 technicians how to use computers and integrate small scale networks. Within 2 years of being with this company I had trained over 2000 technicians and helped in becoming the largest contractor for Time Warner and Bright House Networks in the south east region. I published a lot of manuals and technical documentation that I am going to be posting in these Beginners Guides over the next few months, and I hope you can benefit from them as much as my technicians did. Please feel free to contact me anytime via phone or email with any questions or problems that you may have, no matter how large scale the problem may be. I love a good challenge and love to fix intricate problems.

The Internet Protocol TCP/IP and IP Addresses:

Have you ever wondered how the Internet works? Have you ever just been typing in a web address into your URL (Uniform Resource Locator) bar and wondered how your Internet browser knows where to go and get the information you are about to see on your screen? Well if so, here is a very basic introduction to the Internet and how it works.

Every computer, every server, every website, every router, and pretty much every network device uses something called a protocol to communicate between each other. A protocol is basically a common language that all of the network devices use to pass data and information back and forth. The protocol that the Internet uses to talk back and forth is TCP/IP v4 (Transmission Control Protocol / Internet Protocol version 4). TCP/IP Is bases on a 4 octet numbering system called an IP Address that we will not go too far into depths in this article, but this is an example of an IP Address (10.10.10.1). Understand that IP Addresses can range anywhere from 0.0.0.0 to 255.255.255.255. An IP Address is a unique identifier for every Internet device, and can be looked at similarly to a house or business address. If I wanted to send you a letter via the postal service, I would have to know your address, and if you wanted to send me a return message, you would have to know my mail address. Now do you see the similarities? Everyone has two unique numbers assigned to them to make sure that the correct information gets to the correct person or computer. Everyone has an IP Address, and they have a MAC address. The MAC address is a serial number that EVERY networking card or device has that is a 12 digit alpha-numeric number that is NEVER duplicated by the manufacturers, making sure that with a proper IP Address the correct information has 2 layers of addressing to guarantee packets and traffic to the right computer.

The Domain Naming System (DNS):

So hopefully, you now understand that your computer has an IP Address that allows you to send packets of information back and forth to websites so that you can surf the Internet. You now have to wonder, how do I use my IP Address to get to www.google.com? When the Internet was first designed, it was never even conceived that it would scale and grow to the size that it has gotten to today. The original design for the Internet was made so that military bases could securely send data back and forth to each other and guarantee the packets were addressed to the correct places. Shortly afterward the School Board and Universities started designing their own network protocols and adopted TCP/IP as their own internal LAN / WAN (Local Area Network / Wide Area Network) network protocol as well. When the Internet was first designed, you had to know the IP Address of the server or site you were trying to communicate with, but this was quickly becoming a problem, because people were starting to be expected to know thousands of IP Address just to communicate. It would be like trying to memorize a phone book to place a call. So this is when the first versions and implementations of DNS were introduced.

DNS Is an overlying service that runs on top of TCP/IP called the Domain Naming System. DNS uses special DNS Server Database to translate Domain Names (Such as google.com) to an IP Addresses so that your computer knows where to go when you make a request in your browser. So when you type in http://www.google.com into your browser, the first thing your network card, IP Address, and browser do, is check with your ISPs (Internet Service Provider) DNS server to find out what www.google.com’s IP Address is. Your ISPs DNS server then sends your computer the IP Address you are looking for, and your browser then goes to the IP Address for requested websites (I.e. google.com) web server. Google’s Web Server then sends the web page to your browser in HTML (Hyper Text Markup Language) format, and your browser converts the HTML to the web pages that you see in your browser every day. Now understand that this is in all actuality MUCH more complicated, but this truly is the gist of it.

TCP/IP Is a very fast and seemingly secure layered protocol that has been suffice for 20 years now. The only problem is that the world and the Internet have outgrown this protocol, and we will most likely be seeing a newer, faster, more secure, and robust protocol in the next 10 years. Companies like AOL, Time Warner, and Microsoft are already testing a new version of TCP/IP named TCP/IP v6 (version 6) on their internal networks. TCP/IP v6 is supposedly going to be more secure, and also going to allow for more public IP Addresses, which is one of the major issues that TCP/IP v4 is running into now.

If you would like to get a more technical understanding of the 7 layers of TCP/IP and how it handles data packets, or you want to understand how DNS truly resolves name in its hierarchy, please look for future articles or send me an email and I will be more than happy to deliver some intricate documentation explaining these 2 amazing Internet back bone pieces.

Until Next time, take care, and please leave comments on any questions or inaccuracies that you may have found for this article.

Richard Correa, MCP, MCSA, MCSE, MCDBA
Senior Network Engineer / Lead Web Developer
DTIData – DTI Networks
Office :: 727.345.9665 ext.206
Mobile :: 727.656.8690
rcorrea@dtidata.com
http://www.dtidata.com
http://www.dtinetworking.com