http://www.dtidata.com/resourcecenter Hard drive recovery data recovery resource center with how to guides for windows RAID Snap server file system repair NTFS partition recovery tools tips and tricks to recover data Fri, 10 Feb 2012 20:13:35 +0000 en hourly 1 http://wordpress.org/?v=3.1.2 http://www.dtidata.com/resourcecenter/2011/01/14/microsoft-fat32-and-integrated-data-recovery/ http://www.dtidata.com/resourcecenter/2011/01/14/microsoft-fat32-and-integrated-data-recovery/#comments Fri, 14 Jan 2011 21:39:07 +0000 DTI Data Recovery http://www.dtidata.com/resourcecenter/?p=1665 With several years in the data recovery industry there are, like all things, a metamorphosis from one method of recovery to the next. In the beginning there were simple file systems and simple drives and a coarse data recovery method was used in order to retrieve data. This method was based mostly on the hardware side and not [...]

]]> http://www.dtidata.com/resourcecenter/2011/01/14/microsoft-fat32-and-integrated-data-recovery/feed/ 0 http://www.dtidata.com/resourcecenter/2009/05/14/view-it-now-software-tool/ http://www.dtidata.com/resourcecenter/2009/05/14/view-it-now-software-tool/#comments Thu, 14 May 2009 15:38:16 +0000 Dick Correa http://www.dtidata.com/resourcecenter/?p=905 I am a pretty visual guy and because of that my problem solving skills are based on viewing.  When trying to recover data from a corrupt file system I like to use a hex editor and view the system areas of the drive to make sure that everything is intact.  There have been many times [...]

]]> http://www.dtidata.com/resourcecenter/2009/05/14/view-it-now-software-tool/feed/ 1 http://www.dtidata.com/resourcecenter/2009/05/01/view-it-now-ntfs-file-system-viewer/ http://www.dtidata.com/resourcecenter/2009/05/01/view-it-now-ntfs-file-system-viewer/#comments Fri, 01 May 2009 20:12:49 +0000 Dick Correa http://www.dtidata.com/resourcecenter/?p=979 I have worked with Microsoft file systems since DOS 3.3.  From FAT12, to the current NTFS 5.0 Microsoft has always strived to make their file systems fast and reliable.  However, there has always been one major drawback.  Their file systems have always been too centralized.  What I mean by that is when storing the file system [...]

]]> http://www.dtidata.com/resourcecenter/2009/05/01/view-it-now-ntfs-file-system-viewer/feed/ 3 http://www.dtidata.com/resourcecenter/2009/04/29/hard-drive-recovery-and-remote-diagnostics-old-school-gone-retro/ http://www.dtidata.com/resourcecenter/2009/04/29/hard-drive-recovery-and-remote-diagnostics-old-school-gone-retro/#comments Wed, 29 Apr 2009 15:51:04 +0000 Dick Correa http://www.dtidata.com/resourcecenter/?p=898 When I first started writing hard drive recovery software, many, many, years ago Microsoft file systems were pretty straight forward.  It was a simple FAT, with some file entry tables scattered throughout the drive with a few key system components.   In addition, the file system was designed to be fairly virtual.  In other words, if [...]

]]> http://www.dtidata.com/resourcecenter/2009/04/29/hard-drive-recovery-and-remote-diagnostics-old-school-gone-retro/feed/ 0 http://www.dtidata.com/resourcecenter/2009/03/04/view-it-now-for-snap-os-4x/ http://www.dtidata.com/resourcecenter/2009/03/04/view-it-now-for-snap-os-4x/#comments Wed, 04 Mar 2009 19:28:21 +0000 Dick Correa http://www.dtidata.com/resourcecenter/?p=924 The original SNAP NAS devices were developed by SNAP Appliance.  The operating system that was used was a flavor of BSD in concert with the file system UFS.  Although the file system looks very similar to the original UFS there were some subtle changes made.  View It Now takes those changes into consideration when searching [...]

]]> http://www.dtidata.com/resourcecenter/2009/03/04/view-it-now-for-snap-os-4x/feed/ 6 http://www.dtidata.com/resourcecenter/2008/11/18/recovering-folder-relationships-using-dos-clustering-design/ http://www.dtidata.com/resourcecenter/2008/11/18/recovering-folder-relationships-using-dos-clustering-design/#comments Tue, 18 Nov 2008 19:35:41 +0000 Dick Correa http://www.dtidata.com/resourcecenter/?p=740     In my last installment I described what a file entry record would look like if it were in fact a cluster holding file entry data. I went over the fact that the first two entries of the folder cluster would be a period followed by ten spaces, and the next entry would be two [...]

]]> http://www.dtidata.com/resourcecenter/2008/11/18/recovering-folder-relationships-using-dos-clustering-design/feed/ 2 http://www.dtidata.com/resourcecenter/2008/11/12/using-fat32-file-entry-record-recover-folders-software-logic/ http://www.dtidata.com/resourcecenter/2008/11/12/using-fat32-file-entry-record-recover-folders-software-logic/#comments Wed, 12 Nov 2008 18:32:39 +0000 Dick Correa http://www.dtidata.com/resourcecenter/?p=711   In my last installment I described the file entry record and its on-disk format.  I used a ‘C’ structure to denote the different fields of the record and defined which five are most important to us when trying to recover a FAT32 file system where all the main file system components have been destroyed or [...]

]]> http://www.dtidata.com/resourcecenter/2008/11/12/using-fat32-file-entry-record-recover-folders-software-logic/feed/ 2 http://www.dtidata.com/resourcecenter/2008/10/30/fat32-recovery-file-entry-table-on-disk-layout-c-structure/ http://www.dtidata.com/resourcecenter/2008/10/30/fat32-recovery-file-entry-table-on-disk-layout-c-structure/#comments Thu, 30 Oct 2008 19:19:49 +0000 Dick Correa http://www.dtidata.com/resourcecenter/?p=684 In my last installment Recovering FAT 32 With File System Markers, I offered a brief outline of a case that destroyed a FAT32 file systems major components. This was done by formatting the drive using an operating system that is not native to the file system. In other words, a Mac was used to format [...]

]]> http://www.dtidata.com/resourcecenter/2008/10/30/fat32-recovery-file-entry-table-on-disk-layout-c-structure/feed/ 3 http://www.dtidata.com/resourcecenter/2008/10/24/recovering-fat32-with-file-system-markers/ http://www.dtidata.com/resourcecenter/2008/10/24/recovering-fat32-with-file-system-markers/#comments Fri, 24 Oct 2008 16:13:35 +0000 Dick Correa http://www.dtidata.com/resourcecenter/?p=651 In my last installment, Recovering FAT 32 with File Entry Records, I talked about USB and Fire Wire devices and how they are susceptible to damage. In addition I spoke about the file system used to store data on these devices as being FAT32 in order for the manufacturer to optimize their marketing base. Finally, [...]

]]> http://www.dtidata.com/resourcecenter/2008/10/24/recovering-fat32-with-file-system-markers/feed/ 4 http://www.dtidata.com/resourcecenter/2008/10/08/how-platter-swelling-affects-a-hard-drive/ http://www.dtidata.com/resourcecenter/2008/10/08/how-platter-swelling-affects-a-hard-drive/#comments Wed, 08 Oct 2008 21:10:32 +0000 Dick Correa http://www.dtidata.com/resourcecenter/?p=276   Okay, I know this is not about how to read bad parity in a drive in order to find a stale drive in a RAID five.  This is an important subject, however, and I also think it is important to know why heat and a swelling platter can cause hard drive damage.   In [...]

]]> http://www.dtidata.com/resourcecenter/2008/10/08/how-platter-swelling-affects-a-hard-drive/feed/ 0 http://www.dtidata.com/resourcecenter/2008/09/04/recovering-from-accidental-fdisk-using-free-software/ http://www.dtidata.com/resourcecenter/2008/09/04/recovering-from-accidental-fdisk-using-free-software/#comments Thu, 04 Sep 2008 19:14:12 +0000 Dick Correa http://www.dtidata.com/resourcecenter/?p=268 Like many of us I have accidentally used ‘fdisk’ to partition a drive that I had never intended to. Whether it be adding a new drive, repartitioning and formatting a USB device, or just trying to reload the operating system there has been more than one occasion where I have chosen the wrong drive and [...]

]]> http://www.dtidata.com/resourcecenter/2008/09/04/recovering-from-accidental-fdisk-using-free-software/feed/ 4 http://www.dtidata.com/resourcecenter/2008/08/11/use-bad-block-frequency-to-determine-raid-5-stale-drive/ http://www.dtidata.com/resourcecenter/2008/08/11/use-bad-block-frequency-to-determine-raid-5-stale-drive/#comments Mon, 11 Aug 2008 19:05:45 +0000 Dick Correa http://www.dtidata.com/resourcecenter/?p=266 We have been discussing the love affair I have with stale drives in a RAID five array and how best to determine if in fact one exists. I explained how the NTFS file system data is normally laid out and the fact that the old and new data, as well as how long the drive [...]

]]> http://www.dtidata.com/resourcecenter/2008/08/11/use-bad-block-frequency-to-determine-raid-5-stale-drive/feed/ 0 http://www.dtidata.com/resourcecenter/2008/07/23/analyzing-raid-parity/ http://www.dtidata.com/resourcecenter/2008/07/23/analyzing-raid-parity/#comments Wed, 23 Jul 2008 17:38:25 +0000 Dick Correa http://www.dtidata.com/resourcecenter/?p=244 Last time I discussed how to find the RAID data offset for a SNAP OS 4.x RAID handler. To put it briefly it was just a simple matter of finding Cylinder Group zero on the first drive in the array and back tracking 48 sectors. Once the RAID data offset is established we can plug [...]

]]> http://www.dtidata.com/resourcecenter/2008/07/23/analyzing-raid-parity/feed/ 3 http://www.dtidata.com/resourcecenter/2008/07/21/finding-snap-os-4x-raid-data-offset/ http://www.dtidata.com/resourcecenter/2008/07/21/finding-snap-os-4x-raid-data-offset/#comments Mon, 21 Jul 2008 20:04:36 +0000 Dick Correa http://www.dtidata.com/resourcecenter/?p=228 If you are in this business long enough you will see everything, or will you?  Two weeks ago I received a SNAP RAID OS 4.x for recovery.  I have done a lot of these and I am pretty familiar with the data offsets, how the drives are setup, and where to begin the virtual RAID [...]

]]> http://www.dtidata.com/resourcecenter/2008/07/21/finding-snap-os-4x-raid-data-offset/feed/ 2 http://www.dtidata.com/resourcecenter/2008/05/08/raid-configuration-parity-check/ http://www.dtidata.com/resourcecenter/2008/05/08/raid-configuration-parity-check/#comments Thu, 08 May 2008 15:24:14 +0000 Dick Correa http://www.dtidata.com/resourcecenter/?p=209 The function set for the inaugural offering of RAID Diagnostic Toolkit is very basic. This post will explain how to choose a set of ‘streams’ to build a ‘RAID set’. Initially the software does not have any options for stripe size, raid type, meta data offsets, so on and so forth. For the ‘parity check’ [...]

]]> http://www.dtidata.com/resourcecenter/2008/05/08/raid-configuration-parity-check/feed/ 24 http://www.dtidata.com/resourcecenter/2008/04/21/data-recovery-master-file-table-recovery/ http://www.dtidata.com/resourcecenter/2008/04/21/data-recovery-master-file-table-recovery/#comments Mon, 21 Apr 2008 20:47:36 +0000 Dick Correa http://www.dtidata.com/resourcecenter/2008/04/21/data-recovery-master-file-table-recovery/ Over the years I have recovered many hard drives configured with NTFS. One of the leading reasons that data recovery is performed on these hard drives is an anamoly developed in the Master File Table. This area of the drive is the single most important set of data stored on your system. The Master File [...]

]]> http://www.dtidata.com/resourcecenter/2008/04/21/data-recovery-master-file-table-recovery/feed/ 4 http://www.dtidata.com/resourcecenter/2008/02/19/snap-server-data-recovery-3-spanned-raid-5-drive-set-definition/ http://www.dtidata.com/resourcecenter/2008/02/19/snap-server-data-recovery-3-spanned-raid-5-drive-set-definition/#comments Tue, 19 Feb 2008 17:11:48 +0000 Dick Correa http://www.dtidata.com/resourcecenter/2008/02/19/snap-server-data-recovery-3-spanned-raid-5-arrays-part-ii/ One of the many attributes of a RAID 5 that make it popular is that if a drive goes down in the array the RAID will remain functional.  In such a case the following events should occur.  An alarm should sound.  An alarm that would wake the dead.  An alarm that would make raking your [...]

]]> http://www.dtidata.com/resourcecenter/2008/02/19/snap-server-data-recovery-3-spanned-raid-5-drive-set-definition/feed/ 3 http://www.dtidata.com/resourcecenter/2008/02/08/snap-server-data-recovery-3-spanned-raid-5-arrays/ http://www.dtidata.com/resourcecenter/2008/02/08/snap-server-data-recovery-3-spanned-raid-5-arrays/#comments Fri, 08 Feb 2008 20:40:11 +0000 Dick Correa http://www.dtidata.com/resourcecenter/2008/02/08/snap-server-data-recovery-3-spanned-raid-5-arrays/ Recently, it was my task to take sixteen drives, spanned across three RAID fives, and recover a set of hundreds of AVI files. These files were used for research and although not time sensitive, were critical to the conclusions of the research.  We have been asked to do many similar jobs where the archive of a [...]

]]> http://www.dtidata.com/resourcecenter/2008/02/08/snap-server-data-recovery-3-spanned-raid-5-arrays/feed/ 1 http://www.dtidata.com/resourcecenter/2007/06/22/black-art-data-recovery-mbr-bios-virus-part-2/ http://www.dtidata.com/resourcecenter/2007/06/22/black-art-data-recovery-mbr-bios-virus-part-2/#comments Fri, 22 Jun 2007 16:08:39 +0000 Dick Correa http://www.dtidata.com/resourcecenter/2007/06/22/black-art-data-recovery-mbr-bios-virus-part-2/ Let’s take a look at some of the boot code of a pretty standard MBR. The first thing we want to do is a little house keeping, then relocate the code we loaded at 0000:7C1B to 0000:061B. Which is spelled out in the First Part of – The Black Art Of Data Recovery: BIOS, MBR, [...]

]]> http://www.dtidata.com/resourcecenter/2007/06/22/black-art-data-recovery-mbr-bios-virus-part-2/feed/ 0 http://www.dtidata.com/resourcecenter/2007/06/13/data-recovery-bios-mbr-virus/ http://www.dtidata.com/resourcecenter/2007/06/13/data-recovery-bios-mbr-virus/#comments Wed, 13 Jun 2007 19:21:27 +0000 Dick Correa http://www.dtidata.com/resourcecenter/2007/06/13/data-recovery-bios-mbr-virus/ Virus programmers, although destructive, were at one time some of the most innovative programmers in the industry. They exploited the very core of an operating system, and could do magic with the BIOS and MBR. The virus writer of present is just some hack script writer who has no understanding of the true nature of [...]

]]> http://www.dtidata.com/resourcecenter/2007/06/13/data-recovery-bios-mbr-virus/feed/ 3 http://www.dtidata.com/resourcecenter/2007/05/25/black-art-data-recovery-overview/ http://www.dtidata.com/resourcecenter/2007/05/25/black-art-data-recovery-overview/#comments Fri, 25 May 2007 23:02:47 +0000 Dick Correa http://www.dtidata.com/resourcecenter/2007/05/25/black-art-data-recovery-overview/ Over the next several weeks we are going to take an in depth look at how data recovery in all of its phases is applied to the Microsoft NTFS file system. You may consider this a class in the data recovery of an NTFS file system as well as a mini course in hard drive [...]

]]> http://www.dtidata.com/resourcecenter/2007/05/25/black-art-data-recovery-overview/feed/ 1 http://www.dtidata.com/resourcecenter/2007/05/21/snap-server-data-recovery-inode/ http://www.dtidata.com/resourcecenter/2007/05/21/snap-server-data-recovery-inode/#comments Mon, 21 May 2007 18:27:58 +0000 Dick Correa http://www.dtidata.com/resourcecenter/2007/05/21/snap-server-data-recovery-inode/ This week is the final offering of our topic Recovering a single file from a SNAP Server Operating System. We have learned what a Super Block is, a cylinder group, and some of the important data elements in those data structures. We have learned how to find these data structures by using the data elements [...]

]]> http://www.dtidata.com/resourcecenter/2007/05/21/snap-server-data-recovery-inode/feed/ 1 http://www.dtidata.com/resourcecenter/2007/04/26/snap-os-file-data-recovery-super-block/ http://www.dtidata.com/resourcecenter/2007/04/26/snap-os-file-data-recovery-super-block/#comments Thu, 26 Apr 2007 21:45:05 +0000 Dick Correa http://www.dtidata.com/resourcecenter/2007/04/26/snap-os-file-data-recovery-super-block/ SNAP Operating System File Recovery Through The Super Block Recovering a single file from a SNAP OS Part 2 Last week we discussed how to find the file name on a SNAP OS file system. Using a sector editor we searched the hard disk drive for the file name. Once we found the file name I broke [...]

]]> http://www.dtidata.com/resourcecenter/2007/04/26/snap-os-file-data-recovery-super-block/feed/ 1 http://www.dtidata.com/resourcecenter/2007/04/19/snap-server-data-recovery-single-file/ http://www.dtidata.com/resourcecenter/2007/04/19/snap-server-data-recovery-single-file/#comments Thu, 19 Apr 2007 19:41:11 +0000 Dick Correa http://www.dtidata.com/resourcecenter/2007/04/19/snap-server-data-recovery-single-file/ Recovering a single file from a SNAP OS As we know SNAP Appliance used a proprietary Unix File System (UFS) handler in order to run there Network Attached Storage (NAS) product. This particular OS ran a Berkley Software Distribution (BSD) flavor of UFS. Although there are many similarities to the original file system, there are [...]

]]> http://www.dtidata.com/resourcecenter/2007/04/19/snap-server-data-recovery-single-file/feed/ 0 http://www.dtidata.com/resourcecenter/2007/04/11/snap-raid-recovery/ http://www.dtidata.com/resourcecenter/2007/04/11/snap-raid-recovery/#comments Wed, 11 Apr 2007 20:15:36 +0000 Dick Correa http://www.dtidata.com/resourcecenter/2007/04/11/snap-raid-recovery/ SNAP Server NAS RAID Data Recovery SNAP Appliance, now owned by Adaptec was one of the pioneers of the Network Attached Storage (NAS) technologies. Through the use of  the Berkeley Software Distribution (BSD) and the UNIX File System (UFS), SNAP developed a reliable and easy method for using a mass storage device through a shared [...]

]]> http://www.dtidata.com/resourcecenter/2007/04/11/snap-raid-recovery/feed/ 2