View It Now Software Tool
May 14, 2009 by Dick Correa
Filed under File Systems Explained
I am a pretty visual guy and because of that my problem solving skills are based on viewing. When trying to recover data from a corrupt file system I like to use a hex editor and view the system areas of the drive to make sure that everything is intact. ...
[Read more...]View It Now NTFS File System Viewer
May 1, 2009 by Dick Correa
Filed under Data Recovery Solutions, File Systems Explained
I have worked with Microsoft file systems since DOS 3.3. From FAT12, to the current NTFS 5.0 Microsoft has always strived to make their file systems fast and reliable. However, there has always been one major drawback. Their file systems have always...
[Read more...]Hard Drive Recovery and Remote Diagnostics… Old School gone retro…
April 29, 2009 by Dick Correa
Filed under File Systems Explained, The Black Art of Data Recovery
When I first started writing hard drive recovery software, many, many, years ago Microsoft file systems were pretty straight forward. It was a simple FAT, with some file entry tables scattered throughout the drive with a few key system components. ...
[Read more...]View It Now for SNAP OS 4.X
March 4, 2009 by Dick Correa
Filed under SNAP Server File System
The original SNAP NAS devices were developed by SNAP Appliance. The operating system that was used was a flavor of BSD in concert with the file system UFS. Although the file system looks very similar to the original UFS there were some subtle changes...
[Read more...]Recovering Folder Relationships Using DOS Clustering Design
November 18, 2008 by Dick Correa
Filed under Data Recovery Solutions, File Systems Explained, How To's
In my last installment I described what a file entry record would look like if it were in fact a cluster holding file entry data. I went over the fact that the first two entries of the folder cluster would be a period followed by ten spaces, and...
[Read more...]Using FAT32 File Entry Record For Recovering Folders Using Software Logic
November 12, 2008 by Dick Correa
Filed under Data Recovery Solutions, File Systems Explained, Software How To's
In my last installment I described the file entry record and its on-disk format. I used a ‘C’ structure to denote the different fields of the record and defined which five are most important to us when trying to recover a FAT32 file...
[Read more...]FAT32 Recover File Entry Table On-Disk Layout Using a C Structure
October 30, 2008 by Dick Correa
Filed under Data Recovery Solutions, File Systems Explained
In my last installment Recovering FAT 32 With File System Markers, I offered a brief outline of a case that destroyed a FAT32 file systems major components. This was done by formatting the drive using an operating system that is not native to the file...
[Read more...]Recovering FAT32 With File System Markers
October 24, 2008 by Dick Correa
Filed under Data Recovery Software How To's, Data Recovery Solutions, File Systems Explained
In my last installment, Recovering FAT 32 with File Entry Records, I talked about USB and Fire Wire devices and how they are susceptible to damage. In addition I spoke about the file system used to store data on these devices as being FAT32 in order...
[Read more...]How platter swelling affects a hard drive
October 8, 2008 by Dick Correa
Filed under File Systems Explained, Hard Drive How To's
Okay, I know this is not about how to read bad parity in a drive in order to find a the stale drive in an RAID five. This is an important subject, however, I also think it is important to know why heat and a swelling platter can cause hard drive...
[Read more...]Recovering from Accidental FDISK using Free Software
September 4, 2008 by Dick Correa
Filed under File Systems Explained, How To's
Like many of us I have accidentally used ‘fdisk’ to partition a drive that I had never intended to. Whether it be adding a new drive, repartitioning and formatting a USB device, or just trying to reload the operating system there has been...
[Read more...]Use Bad Block Frequency to determine RAID 5 stale drive
August 11, 2008 by Dick Correa
Filed under File Systems Explained, How To's, RAID Recovery Explained
We have been discussing the love affair I have with stale drives in a RAID five array and how best to determine if in fact one exists. I explained how the NTFS file system data is normally laid out and the fact the old and new data, as well as how...
[Read more...]Analyzing RAID parity
July 23, 2008 by Dick Correa
Filed under File Systems Explained, RAID Recovery Explained, SNAP Server File System
Last time I discussed how to find the RAID data offset for a SNAP OS 4.x RAID handler. To put it briefly it was just a simple matter of finding Cylinder Group zero on the first drive in the array and back tracking 48 sectors. Once the RAID data offset...
[Read more...]Finding SNAP OS 4.x RAID Data Offset
July 21, 2008 by Dick Correa
Filed under SNAP Server File System
If you are in this business long enough you will see everything, or will you? Two weeks ago I received a SNAP RAID OS 4.x for recovery. I have done a lot of these and I am pretty familiar with the data offsets, how the drives are setup, and where...
[Read more...]RAID Configuration and Parity Check
May 8, 2008 by Dick Correa
Filed under File Systems Explained, RAID Recovery Explained
The function set for the inaugural offering of RAID Diagnostic Toolkit is very basic. This post will explain how to choose a set of ‘streams’ to build a ‘RAID set’. Initially the software does not have any options for stripe size,...
[Read more...]MFT Data Recovery
April 21, 2008 by Dick Correa
Filed under Data Recovery Software How To's, File Systems Explained, Software How To's
Over the years I have recovered many hard drives configured with NTFS. One of the leading reasons that data recovery is performed on these hard drives is an anamoly developed in the Master File Table. This area of the drive is the single most important...
[Read more...]SNAP RAID Recovery Part II Drive Set Definition
February 19, 2008 by Dick Correa
Filed under SNAP Server File System
One of the many attributes of a RAID 5 that make it popular is that if a drive goes down in the array the RAID will remain functional. In such a case the following events should occur. An alarm should sound. An alarm that would wake the dead. ...
[Read more...]SNAP Server Data Recovery 3 Spanned RAID 5 Arrays
February 8, 2008 by Dick Correa
Filed under SNAP Server File System
Recently, it was my task to take sixteen drives, spanned across three RAID fives, and recover a set of hundreds of AVI files. These files were used for research and although not time sensitive, were critical to the conclusions of the research. We have...
[Read more...]Black Art Of Data Recovery: BIOS – MBR – Part Two
June 22, 2007 by Dick Correa
Filed under The Black Art of Data Recovery
Let’s take a look at some of the boot code of a pretty standard MBR. The first thing we want to do is a little house keeping, then relocate the code we loaded at 0000:7C1B to 0000:061B. Which is spelled out in the First Part of – The Black...
[Read more...]The Black Art of Data Recovery: BIOS, MBR, VIRUS
June 13, 2007 by Dick Correa
Filed under The Black Art of Data Recovery
Virus programmers, although destructive, were at one time some of the most innovative programmers in the industry. They exploited the very core of an operating system, and could do magic with the BIOS and MBR. The virus writer of present is just some...
[Read more...]The Black Art Of Data Recovery
May 25, 2007 by Dick Correa
Filed under The Black Art of Data Recovery
Over the next several weeks we are going to take an in depth look at how data recovery in all of its phases is applied to the Microsoft NTFS file system. You may consider this a class in the data recovery of an NTFS file system as well as a mini course...
[Read more...]