Part 1 - Part 2 - Part 3 - Part 4 VMFS File System Reconstruction (Part 4) In the last three installments we have taken an in depth look at the VMFS file system. As we have seen there are many different components that make up the file system … [Read more...]
VMFS File System Reconstruction (Part 3)
June 13, 2013 By
Part 1 - Part 2 - Part 3 - Part 4 In the last two sections we covered the coarser portions of the VMFS file system. First we looked at what a volume consists of and the best way to find a volume on a storage device where the file system has been … [Read more...]
VMFS File System Reconstruction (Part 2)
May 24, 2013 By
Part 1 - Part 2 - Part 3 - Part 4 In the first installment of our explanation of rebuilding the VMFS file system from a damaged volume we covered some of the attributes of the volume on disk data structure. In addition to that we reviewed some … [Read more...]
VMFS File System Reconstruction (Part 1)
May 15, 2013 By
Part 1 - Part 2 - Part 3 - Part 4 Recently DTI Data received a challenge in the form of a VMWare ESXi 5.1 server which contained 16 (sixteen) 2 (two) terabyte Seagate ST2000DM001 hard drives. These drives were configured as a RAID 10, 8 (eight) … [Read more...]
Microsoft FAT32 and Integrated Data Recovery
January 14, 2011 By
With several years in the data recovery industry there are, like all things, a metamorphosis from one method of recovery to the next. In the beginning there were simple file systems and simple drives and a coarse data recovery method was used in … [Read more...]
View It Now Software Tool
May 14, 2009 By
I am a pretty visual guy and because of that my problem solving skills are based on viewing. When trying to recover data from a corrupt file system I like to use a hex editor and view the system areas of the drive to make sure that everything is … [Read more...]
View It Now NTFS File System Viewer
May 1, 2009 By
I have worked with Microsoft file systems since DOS 3.3. From FAT12, to the current NTFS 5.0 Microsoft has always strived to make their file systems fast and reliable. However, there has always been one major drawback. Their file systems have … [Read more...]
Hard Drive Recovery and Remote Diagnostics… Old School gone retro…
April 29, 2009 By
When I first started writing hard drive recovery software, many, many, years ago Microsoft file systems were pretty straight forward. It was a simple FAT, with some file entry tables scattered throughout the drive with a few key system … [Read more...]
View It Now for SNAP OS 4.X
March 4, 2009 By
The original SNAP NAS devices were developed by SNAP Appliance. The operating system that was used was a flavor of BSD in concert with the file system UFS. Although the file system looks very similar to the original UFS there were some subtle … [Read more...]
Recovering Folder Relationships Using DOS Clustering Design
November 18, 2008 By
   In my last installment I described what a file entry record would look like if it were in fact a cluster holding file entry data. I went over the fact that the first two entries of the folder cluster would be a period followed by ten spaces, … [Read more...]
Using FAT32 File Entry Record For Recovering Folders Using Software Logic
November 12, 2008 By
 In my last installment I described the file entry record and its on-disk format. I used a 'C' structure to denote the different fields of the record and defined which five are most important to us when trying to recover a FAT32 file system … [Read more...]
FAT32 Recover File Entry Table On-Disk Layout Using a C Structure
October 30, 2008 By
In my last installment Recovering FAT 32 With File System Markers, I offered a brief outline of a case that destroyed a FAT32 file systems major components. This was done by formatting the drive using an operating system that is not native to the … [Read more...]
Recovering FAT32 With File System Markers
October 24, 2008 By
In my last installment, Recovering FAT 32 with File Entry Records, I talked about USB and Fire Wire devices and how they are susceptible to damage. In addition I spoke about the file system used to store data on these devices as being FAT32 in order … [Read more...]
How platter swelling affects a hard drive
October 8, 2008 By
 Okay, I know this is not about how to read bad parity in a drive in order to find a stale drive in a RAID five. This is an important subject, however, and I also think it is important to know why heat and a swelling platter can cause hard drive … [Read more...]
Recovering from Accidental FDISK using Free Software
September 4, 2008 By
Like many of us I have accidentally used 'fdisk' to partition a drive that I had never intended to. Whether it be adding a new drive, repartitioning and formatting a USB device, or just trying to reload the operating system there has been more than … [Read more...]
Use Bad Block Frequency to Determine a RAID 5 Stale Drive
August 11, 2008 By
We have been discussing the love affair I have with stale drives in a RAID five array and how best to determine if in fact one exists. I explained how the NTFS file system data is normally laid out and the fact that the old and new data, as well as … [Read more...]
Analyzing RAID parity
July 23, 2008 By
Last time I discussed how to find the RAID data offset for a SNAP OS 4.x RAID handler. To put it briefly it was just a simple matter of finding Cylinder Group zero on the first drive in the array and back tracking 48 sectors. Once the RAID data … [Read more...]
Finding SNAP OS 4.x RAID Data Offset
July 21, 2008 By
If you are in this business long enough you will see everything, or will you? Two weeks ago I received a SNAP RAID OS 4.x for recovery. I have done a lot of these and I am pretty familiar with the data offsets, how the drives are setup, and where … [Read more...]
RAID Configuration and Parity Check
May 8, 2008 By
The function set for the inaugural offering of RAID Diagnostic Toolkit is very basic. This post will explain how to choose a set of 'streams' to build a 'RAID set'. Initially the software does not have any options for stripe size, raid type, meta … [Read more...]
MFT Data Recovery
April 21, 2008 By
Over the years I have recovered many hard drives configured with NTFS. One of the leading reasons that data recovery is performed on these hard drives is an anamoly developed in the Master File Table. This area of the drive is the single most … [Read more...]