image of hurricane matthew aerial view

Hurricane Ida Data Recovery

What to do if you encounter computer storage equipment that has been damaged by water and severe flooding.

For those of you that may encounter damaged devices due to Hurricane Ida. Here are some quick DO‘s and DON’Ts for the best chances of data recovery on water damaged devices:

  • DO leave the device ‘as is’. Don’t try and clean off excess dirt or debris that may have occurred in a flood or disaster. Wiping debris from drives and media can cause greater damage to the electronic components of the device.
  • DON’T attempt to dry the water damaged drive. While it’s often your first instinct, doing so will decrease chances of recovery.
  • DO put it in a bag and help it retain moisture from water submersion. An unused sponge will help prevent further damage. As the moisture levels decrease corrosion levels and damages increase. (Think dried salt crust from ocean water)
  • DON’T power the device on.  If there is water on any of the electrical components or internals of a drive, you can ruin your customers chances of recovery forever.
  • DO let us know if your shipment containers items damaged in a natural disaster so that we can take additional precautions prior to opening the package.
  • DON’T hesitate to find out if we can help. We have the right tools and equipment to safely evaluate the chances of recovery quickly.

Please feel free to call us or use our web form for more information if any of your devices have come into contact with water.

 

Weather Emergency Data Recovery

If you’ve been following the news, you’ve probably heard that Texas went through several catastrophic emergencies back to back last week. We had record-breaking freezing temperatures that were sustained for almost a week, which doesn’t happen too often in Texas. This led to power grid failures, undriveable roads, destroyed water systems that left homes flooded or without resources, and a natural gas shortage.

This led to a slew of calls as the weather broke – people experienced power interruptions that messed up their firmware, flooding that blew out their computers, and a host of other issues that led to unexpected data loss (adding insult to injury in a terrible state-wide event).

This event came as a huge surprise to all of us, as in Texas, cold snaps tend to stay above freezing temperatures and only last a couple of days. This time, our whole state was under ice for the week.

There is only so much you can do to prevent data loss in a major emergency like this. Primarily, you’ll want to make sure your power-dependent systems are connected to a reliable backup service like Carbonite or iCloud. That way, at least you will have a relatively recent back-up of your data that won’t add to your list of challenges to overcome, or add to the growing stack of emergency expenses. Making sure that your back-ups are all paid for and connected appropriately should be part of any monthly office or home checklist you have.

Of course, there are times where despite your best efforts, these things won’t come together as planned.

So, what happens when your computer floods, or a power outage causes a system failure in your phone? What do you do?

Power Outage Data Recovery

If you’ve lost your data due to a power failure, such as rolling blackouts in a weather emergency, do not try to power your device further. You could cause further electrical issues and render your data unrecoverable.

  1. Identify whether it’s a total failure, or if a charging cable or connector cable could be the culprit. Try swapping your charging or connector cables, and change the device you’re connecting to. Once you’ve ruled out anything like that, do not attempt to power or access they device any further.
  2. Locate and assess any further electrical-related damage in the home, while you’re at it. Safety first! Focus on important data centers such as phones and computers, and anything potentially dangerous – like stoves, ovens, etc.
  3. Place the data-compromised device in two anti-static bags
  4. Contact us.

Water Damage Data Recovery

Water damage is a stranger to no one at this point, but because of that, there are certain myths surrounding what to do when you have a water damage experience – particularly, anything involving rice. Rice is popular because as a super dry ingredient, it will absorb the moisture out of a waterlogged device. What it doesn’t absorb are the sediments and particulates that came in with the water. Once you absorb that water out of the device, those particles are left behind, causing corrosion and damage to the internal components. So, what do you *really* do?

  1. Stop attempting to power up your device. This could make everything worse for you.
  2. Do NOT put your device in a bag of rice.
  3. Instead, put your device in a Ziploc bag with a damp sponge. This keeps the internal components damp instead of drying them out, which will allow a recovery technician to properly clean the particulates out of the device before removing the moisture. This way, no damage will happen from corrosion or cleaning particles off of fragile surfaces.
  4. Contact us.

For larger units with electrical-related or water damage, such as a multi-device RAID system, you are still essentially in the same boat. Do not attempt to power up the unit or dry it out, and give us a call as soon as possible. If you are an entrepreneur or work for a business, and your business insurance covers extreme weather events, call them immediately to get that lengthy process started.

As always, please don’t hesitate to reach out if you have any questions. If you have other critical tips you think are worth mentioning, let us know so we can add them!

How to Prevent Mobile Device Data Recovery

At Flashback Data, we get many calls about recovering lost data from mobile devices (phones and tablets). Phones and tablets are two of the most commonly used devices in the world today, and carry an unthinkable amount of our data – from photos and videos, to our private messages and search history. Understandably, these clients are often the most devastated clients when they call us with a significant data loss. Smartphone and tablet memory works very differently than other devices, so it surprises many people to hear that common, everyday practices are what led to their data loss.

We put together this article to detail the do’s and don’ts of mobile device data – some of these may surprise you, but we suspect there are a couple you’ve known all along (and it’s time to get with the program). Follow these tips in order to prevent a catastrophic data loss that could leave your heart or your business sidelined in a major way.

Mobile Device Do’s

1. Sign up with a cloud backup service

This is the most important recommendation on our list. Sign up with a cloud backup service that automatically updates its backup and automatically charges your operating expenses. This ensures that no matter what’s going on with your device, a very recent digital copy of your data is safe and ready to re-download. If you’re an Apple device user, you can easily use their iCloud service. For Android users, a Google backup service would be an easy fit.

We often hear that people are nervous and suspicious of cloud services, usually citing that they don’t want Google or Apple reviewing their private data, or hackers getting into their data and using it. There is a misconception around all of this that we’d like to dissolve. If you’re reading this article, it is extremely unlikely that you are a target for a data breach.

Simply put – we are not that important. Hackers and allegedly malicious employees of cloud services do not waste time on targets without a certainty of the data they’re profiting from. Think of it this way – would a robber risk breaking into a house if there’s no way to know anything of value is inside? Most all of us fall into this category when it comes to our backed up data.

Once you’ve signed up with a cloud service that meets your needs, check it monthly to make sure your bill is paid and your data is being upload properly. That way, if you’ve gotten disconnected from the service, you’ve only lost a few weeks of data at most. If you have any monthly checklists – like going through your bills, conducting expense reports, etc. – checking your backups is a great candidate to add to your monthly responsibilities.

2. Back up before any system updates

One of our most frequent data recovery questions surrounds iPhones and boot loops – a failure called Error 14. This can happen when your iPhone downloads its own system updates, but your phone is overfull with too much data. It crashes your phone, causing it to power up and down in a loop. This is an unrecoverable situation, so if your data isn’t backed up, that’s it – all of your mobile device data is gone.

It’s impossible for you to know how our phone or tablet is going to respond to a system update outside of whether or not you have enough room to download it. Most of the time, everything is fine, and after a few minutes you’re back to using our phone, but plenty of people experience data loss from system updates that were fine for everyone else. Sometimes, unfinished or disastrous system updates are released, and many people lose their data as a result.

If you are someone who takes tons of photos, and regularly has a close-to-full phone, or if you don’t know much about phone technology, we highly recommend turning off your auto-update settings to prevent something like this from happening. This will make the phone or tablet notify you when an update is going to happen in the near future, so you’ll have time to double-check your back-ups and make some space on device.

3. Keep 10 GB available on your phone

For the reasons we listed above, always make sure your mobile device has some space on it. It is often running updates and downloading data in the background that you might be unaware of, all of which runs the risk of corrupting your phone if you don’t have enough free space. Your phone may advertise that it has 128 GB of space, for example, but our techs at Flashback Data would agree that you shouldn’t fill it over 115.

4. Invest in a water and shatter-proof case

Here is an uncomfortable truth: water damage and impact damage are fully avoidable. Yep, you read it here, and we stand by it. We’re not saying we have a running tally of how many times we hear “I know I should have a waterproof case, but, my kid spilled liquid on my tablet and shorted It”… but we certainly could.

Reputable water and shatter preventative cases do run a bit pricier than your typical silicone sleeve, but $50 is nothing when it comes to our minimum mobile device recovery fee ($399) or an uninsured phone replacement (up to over a grand!).

Don’t know where to start? Here are some examples of high quality brands that make fantastic, reliable phone cases.

LifeProof 
Hitcase Shield
Aquavault 
Otterbox

Flashback Data is not affiliated with any of these brands – we’re merely showcasing examples of brands on the market that make the quality of cases you’re looking for. We are not responsible for any manufacturer issues or customer satisfaction on these products.

5. Use high quality charging and connector cables from your device manufacturer, or from a manufacturer-recommended vendor

Low quality connector cables are a huge reason that customers come to us for data recovery. Low quality cables can cause electrical shortages in your phone, rendering it unusable and potentially corrupting your data. These cheap connector cables can also corrupt your data, and they’re easy to break and tear, making a data transfer easy to interrupt (which can often lead to a phone failure). Invest in cables that are directly from your device manufacturer, or are recommended by the manufacturer.

Apple has a program in particular to certify other vendors for use on their products, called the MFI Certification. Through this process vendors can assure their consumers that their products are fully safe to use with Apple products. This sort of certification program doesn’t exist for all mobile devices, but it’s worth reading reviews to make sure your components don’t compromise your data.

Mobile Device Don’ts

1. Fill your device storage

As we mentioned above, there are tons of risks associated with filling up your phone. This doesn’t leave any room for the device to download system or application updates, take photos and videos, or run its own operating system. You may notice that your phone “stutters” – applications lock up during use or take a long time to open, apps and videos close without warning, or you find yourself having to restart your phone on a regular basis. Keeping your mobile device stuffed to its limit with data is practically begging for a memory failure.

We understand that a lot of people want all of their photos and videos in one device, ready to review and reminisce at a moment’s notice. Unfortunately, this is the most common risky behavior we see when it comes to our customers with crashed phones. We highly encourage you to embrace using a cloud service or online photo album service to store all of your picture and video archives. When you want to take a walk down memory lane, they’ll be waiting for you.

2. Put your device in rice

Putting your phone in rice is a popular, but often destructive approach to trying to reverse water damage. While technically, yes, this method will dry out your phone, but it can do so in a very harmful way that make matters worse. The way rice interacts with exposure to electronics can cause more damage than you already have, leading to corruption of your data and damage to your motherboard.

If your device has been exposed to liquid and is damaged as a result, zip it up in a bag with a slightly damp sponge, and take it to a repair shop immediately. This will allow the liquid to be extracted from the device without corroding any of the components through over-drying.

3. Take your device swimming

We’ve seen the commercials. Someone is basking in the ocean with their smartphone or enjoying drinks in a pool, taking underwater photos to commemorate their summer vacations and spring breaks. These people live seemingly worry and risk-free, drinking beer and making funny faces underwater for social media photos.

Don’t be those people.

A recurring call we receive is customers who are upset because they thought their phone was water proof, so they took it in the pool or to the beach, and now it won’t turn on. Your smart phone is never going to be “water proof”. It is water resistant. It is water resistant in clear, clean water with no currents or waves.

Pools and hot tubs are full of chemicals that aren’t meant to be exposed to electronics. The ocean is full of salt and sediments, which ruin electronic components on contact.

There are certainly reputable waterproof cases that will allow you to submerge your phones and tablets in different bodies of water, but as we all know, even the best brands do not carry a 100% success rate. We recommend being safe over sorry – do not bring your devices swimming with you.

4. Use cheap or unsanctioned accessories

Using convenience store charging cables is a sure-fire ticket to losing your data. These cheaply made cables can fray easily, or may have components that aren’t well-fit to your device.

This will lead to data transfer interruptions (which can corrupt your device), electrical shorts, and other disasters that will come at the wrong place at the wrong time.

Invest in high quality accessories to ensure the safety of your data.

5. Try to guess your PIN

If you’ve forgotten your PIN or passcode, do not try to guess it over and over. Find a way to confirm what that PIN is, or get in touch with support to find out what your options are.

Entering a password or PIN repeatedly is the fastest way to lose your data forever. Too many incorrect entries will permanently “brick” your device, making it useless and rendering your data destroyed. This is often referred to as the device being in “Disabled Mode”. It is a security feature implemented in order to make the phone as secure as possible for anyone – from politician to technology executive,

By following these easy suggestions, you’ll be a world apart from most of the customers who come to us with a mobile device data crisis. In the event you do have a crisis and need your phone or tablet data recovered, give us a call at 866.786.5700.

Cyber Security Basics

A common example of a call we receive is, “I need your help. My spouse just identified that someone has hacked into our PayPal account and is withdrawing $1,700 per month. We have contacted our bank, but they are not willing to help. We contacted PayPal, and they indicated that they have ACH number. We are afraid that they have all our other accounts, passwords, and contact information. Can you help?” Cyber security isn’t household talk yet, but people are learning about its possibilities, and the risks they take when operating in the digital world.

Common Types of Cyber Attacks

Individuals and small business owners are becoming increasingly aware of common types of Cyber Attacks, but rarely are they aware of all the different ways they can happen. These attacks can include (but aren’t limited to) locking them out of their business files, defacing their websites, or stealing money. The most common cyber security attacks are:

Malware – a specific kind of software that’s designed to cause damage, disrupt, or create access to a computer system or network.
Phishing – when a scam is set up to impersonate a reputable person or company in order to acquire personal / sensitive information directly from a user – such as passwords and credit card numbers.
Man-in-the-middle attack (MITM) – this is an intrusion that involves a third party that intercepts, monitors, and alters communications between two parties without them knowing. For example, being able to intercept chat messages with a banker.
Distributed Denial-of-Service (DDoS) – when an attacker overloads a network resource, such as a website, rendering it unusable for its intended users
SQL injection – A SQL injection is when an attacker accesses a database and alters its code in order to exploit it, such as coding it to extract private customer information from your private business records.
Zero-day exploit – This type of attack is particularly dangerous, because it happens long before the users in question are aware of the exploited vulnerability. The attack happens the same day the vulnerability is identified by the attacker, before the user is ever made aware of the specific gap in security.
DNS Tunnelling – It is one of the most damaging DNS attacks. It encodes the data of other programs or protocols in DNS queries and responses. It often includes payloads that can be added to an attacked DNS server and used to control a remote server and applications.
Business Email Compromise (BEC) – An attacker impersonates a corporate email address, impersonating an individual in order to exploit and/or manipulate the user(s).
Cryptojacking – When an attacker installs malware on a user’s device in order to mine / steal cryptocurrency without their consent.
Drive-by Attack – A drive by attack is when a malicious piece of software is downloaded to your device without your consent, and potentially, without your knowledge. You may not know this code ends up in your device at all, or you may think you’re downloading one thing, but you’re actually downloading something harmful.
Cross-site scripting (XSS) attacks – When malicious code is injected into an otherwise trustworthy website, with the intention of exploiting the users who visit that site.
Password Attack – A cyber attacker uses a host of possible passwords on a user’s security systems, hoping that one of them works (usually banking on the idea that people often repeat passwords).
Eavesdropping attack – Similar to a “man in the middle” attack, this involves an attacker “snooping” or “eavesdropping” on communications without the users’ knowledge, in an attempt to acquire sensitive information.
Al-Powered Attacks – An aggressive and targeted cyber attack that uses artificial intelligence to determine the most vulnerable security points in your system.
IoT-Based Attacks – Internet of things (IoT) is easily one of the most versatile technologies in existence today. It is the primary force behind the biggest distributed denial of services (DDoS) botnet attacks for some time. Numerous IoT device manufacturers continue to ship products that cannot be properly secured.

Unfortunately, most individuals and small business owners do not carry cybersecurity insurance, or have enough money stowed away to afford a full incident response lifecycle. This typical lifecycle includes preparation, detection & analysis, containment & eradication, and post incident activity.

These attackers usually first analyze their target (reconnaissance), then they initialize an exploitation to intrude the network. Once established, they will then start to dig into your systems. They will try to move across your network quickly, looking for further exploitable data to take advantage of. Once they find the key data to collect, they exfiltrate and exploit the information. Once they have hit this phase, they are usually in and out of your network rather quickly.

How Cyber Security Works

It is unnerving because you don’t know if your system is clean, or if they have placed spyware on your system that watches your every move. The cybersecurity industry processes consist of the following segments:

• Proactive Protection – Hardware and software to keep your systems secure
• Monitoring – Scanning logs to detect intrusions or gaps
• Consulting – Analyze your business in order to receive pointed security recommendations
• Incident Response – Analyze a security breach in order to assess damage and recovery of data or funds
• Recovery – Recover any lost data or business functions that were negatively impacted by the data breach

Cyber Attacks – What To Do

If you are locked out of your business systems, your web site has been defaced, or you have lost money, then you require Incident Response services. Understanding your networked media, passwords, roles within the network, who belongs to which user group, and the privileges each staffer is granted are all required when preparing to deal with an incident. It is important to identify patient zero, so to speak, but most of the time, that’s rather unclear at first. Detecting how the network was compromised is critical to identifying, isolating, and eradicating any harmful factors that have been left behind.

Depending upon the network, this may take several ten-hour days to several weeks. Once the threats have been identified, contained, and eradicated, then you’ll need a follow up, post-incident action recommendation to ensure that this doesn’t happen again.

If an individual or small business is not able to activate an incident response team, then the following steps are your best bet to achieve a resolution and minimize damage:

• Unplug your internet connection
• Find a Password Manager: (Last Pass, One Pass, etc….)
• Change all your passwords
• Authorize 2-Party Verification
• File a Police Report to your local authority
• File an IC3 Report to the FBI
• Run a malware & anti-virus scan
• (Stole money?) Contact your financial institutions

Unfortunately, it will be rare that the individuals causing this havoc will be caught, but following these suggestions and you will be better prepared then most and hackers usually go for the weakest target.

When we get a call like the one we discussed above, we notify them that if a hacker has their ACH number, they would usually get in and get out with as much money as possible in as little time as possible. We might even mention that there could be some sort of payment schedule to a bill they don’t remember.

On this particular example, we received a notification days later explaining that this was exactly the case. It was a loan payment that was forgotten about, but they did implement the suggestions above, and already feel safer and more informed.

If you think you’re a victim of a cyber security attack, don’t hesitate to call us at (866) 786-5700. We will consult with you to see if your suspicions are valid, and then scope out the work accordingly. We’re here for you.

iOS exploits and their impact on digital forensics

Last September, the iOS hacking community got a big surprise when a security researcher named axi0mX released a ‘game changing’ exploit called ‘checkm8’.  What makes checkm8 so unique is that unlike previous exploits, it is a Boot ROM exploit. This means that on affected devices, there is no way for Apple to patch it via software updates.

To be clear, this exploit is not a remote threat, as the physical device must be tethered to a computer. Further, it does not allow someone to bypass your PIN or Touch/FaceID. The exploit is also non-persistent.  Meaning that once the device is rebooted, the exploit is removed.

The affected devices are and iPhone and other iOS models such as iPad running Apple’s A11 chip or earlier.  Which basically means, any iOS device before and including the iPhone X. The iPhone XR, XS, 11, and Pro models are not included in this exploit.

How can this new exploit help us in digital forensics? 

The checkm8 exploit now allows us to obtain an entirely new level of device data extraction which, up to this point, was impossible. Previously, on Phones newer than the iPhone 4, we were essentially only able to get what equates to an iTunes backup of the device. In many cases, this is fine.  However, over the years Apple has made it increasingly difficult to recover deleted information from chat databases and other application data by using a vacuum-like function that cleans up databases more frequently than earlier iOS versions.

Checkm8 allows a forensics examiner to exploit the device, collect the file level decryption keys and then extract the entire active file system of the device including the keychain and other valuable data previously unattainable by earlier extraction methods. Previously, we were only able to get parts of the data which were approved to be included in iTunes backups. The aforementioned non-persistence is great because no user level data is altered, and we no longer even have to boot the device into the native iOS.

For example, below are the results from a test iPhone in our lab on which we performed two separate extractions: Advanced Logical vs Checkm8.   The first screenshot from Cellebrite Physical Analyzer shows what was retrievable via the traditional Advanced Logical extraction, about 8.5 gigabytes of data.

The next screenshot, below, shows the data which resulted from the checkm8 full file system extraction of the exact same iPhone:

The difference in readable data obtained is staggering! The full file system extraction pulled approximately 36 GB of data, vs the 8.5 GB obtained via the advanced logical method. With Chat messages alone we were only able to obtain 251 messages and 9 deleted messages via the old method. With the exploited method we recovered 3228 messages and 75 deleted messages.

Another key area is that the phone stores logs that are usually inaccessible to the users. These logs store massive amounts of data related to how a user interacts with a device as well as tons of extra location data.  There is a treasure trove of information that we are still just discovering.

Think about the implications of this extra data in a criminal investigation or traffic accident cases.

clicking hard drive malfunction

Hard Drive Clicking? Common Causes and How to Recover Data

You’re in the middle of a big project, working to hit a deadline, and you hear a “click, click, click” coming from your hard drive. Also known as the “click of death”. Hearing strange sounds coming from your computer is never a fun experience.

From what you’ve heard or researched online, you think your data is gone forever.

Sometimes it’s a quick fix, but there are situations when this hard drive clicking sound can be very serious. Waiting too long to diagnose and fix the issue can lead to a computer crash and even complete data loss.

If you’ve been hearing this sound from your hard drive, then you’ll want to know what’s causing the issue and if it’s fixable. Is it something you can safely ignore or fix yourself? Or, do you need the help of an experienced professional?

Here are the most common causes of hard drive clicking (not beeping) and what you can do to fix the problem the right way.

Why/Causes

There are a handful of reasons you’re hearing this sound coming from your hard drive.

If you have an older hard drive, then it’s most likely a hardware issue. But, if you have a newer one it could be either hardware or software.

Regardless, you’ll want to determine the root cause of the issue before it leads to data loss.

Most often, the clicking sound comes from an actuator arm that’s not functioning properly.

These are the major causes of a clicking drive:

Physical Damage

This is one of the most common culprits. Have you recently dropped your external drive? Or has it been exposed to extreme heat or cold in any way?

If your hard drive has been dropped, exposed to fire, or had water spilled on it, this can cause the clicking to occur.

Wear and Tear

Hard drives don’t last forever. If you’ve had a hard drive for years and it recently started clicking, then it could just be failing. Just like a car engine that finally gives out, so can a hard drive.

Usually, this happens when the actuator arm wears out and malfunctions.

Electrical Problems

Sometimes your hard drive won’t be receiving enough power due to a defective power supply unit. If you have an alternative power supply source, then you can test this to see if it’s causing the clicking. These issues can also be caused by power surges and electrical storms. Your hard drive circuit board could also be a related issue.

Read/Write Head Misalignment

If the read/write heads are out of alignment, due to dropping, or not carefully handling your hard drive, then you’ll hear the clicking hard drive noise to occur.

Service Area Issue

There is a portion of your hard drive where manufacturer data is stored, this is known as the service area. If this becomes damaged your hard drive won’t operate correctly. The actuator arm will swing back and forth, trying to find the information, leading to the clicking you’re hearing.

Damaged Disc Platter

If the disc platter has sustained damage, then the actuator arm won’t work properly. It’ll attempt to locate the platter and swing back and forth, resulting in a clicking sound.

Manufacturer’s Defect

A lot of hard drives will fail due to manufacturing errors, faulty parts, or issues with the firmware. If you have a relatively new hard-drive that hasn’t sustained any damage, then this could be the problem. Usually, this will be covered under the manufacturer’s warranty, however, they only cover the drive, not the data that’s on it.

Signs of Failure

There are a few ways to tell if your hard drive isn’t functioning properly. The most obvious is the clicking sound emanating from your drive.

However, there are other signs you’ll want to be aware of as well:

  • Repetitive clicking noises coming from your hard drive (this suggests mechanical damage)
  • A message that states “Operating System cannot be found”
  • Your hard drive is not detected when you startup your computer
  • Your hard drive is silent making no noise whatsoever
  • Accessing your files takes a very long time (this suggests data corruption)
  • Your system endlessly reboots, or you’re greeted with the “Blue Screen of Death”
  • When you mount the drive, the computer asks to format the drive
  • Your hard drive isn’t recognized when inserted (USB or external hard drive)

If you’re experiencing any of the above signs of failure, you should stop using your hard drive and consult a hard drive repair professional as soon as possible.

How to Fix

Unless you’re an experienced technician with the proper know-how it’s not recommended to try and fix your hard drive yourself. This usually leads to further damage and even permanent data loss.

That being said, it might be a minor issue and the problem can be solved with a few quick fixes.

One thing that you can check is the power source. You may have a power socket that’s overwhelmed and unable to deliver enough power. You can also try replacing the power cable, as it could be malfunctioning and in need of replacement.

Outside of these simple power fixes, your hard drive should be in the hands of a hard drive recovery professional.

A hard disk has very sensitive internal components and can be easily damaged by using improper tools or an unclean environment. Your data is at risk the moment the internal platter or disk head is exposed to dust and debris.

What Not to Do

It can be tempting to try to diagnose and fix your hard drive issue yourself. Although Google is great for a lot of things, it’s not the best for fixing complex hardware issues.

Here are some common hard drive fixing myths that won’t do you any good.

  1. Cool Down Your Hard Drive in the Freezer
    Putting your hard drive in the freezer can help to constrict the mechanics. But, this is a very outdated technique. Once it thaws and warms up, it’ll lead to corrosion of the drive and electrical components.
  2. User Recovery Software for a Hardware Issue
    Often, the clicking sound from inside your hard drive indicates a mechanical or physical issue, so running software won’t fix the problem. Continued operation of the drive will only cause further issues. Including running your own data recovery software.
  3. Open the Drive Yourself
    Attempting to open the drive and fix the clicking yourself can completely damage the drive. Repairing the read/write heads requires a cleanroom facility, without this you run the risk of dust and other debris corrupting your existing data.

How to Recover Data

If you can hear your hard drive clicking or making any other kind of sound, then you’ll want to consult with a data recovery professional right away.

This isn’t the kind of issue that will get better on its own. Beyond a faulty power connection, nearly every other issue relates to the inner workings of your hard drive. Attempting to open up your hard drive yourself can lead to complete hard drive failure.

When your hard drive is clicking the physical damage has already been done. This most likely can’t be replaced.

But, you can still get your data back. Although it can be tempting to run your own backup or recovery programs this can put your drive at further risk. Continuing to operate your hard disk drive can further the damage.

If you attempt to repair your hard drive clicking on your own or run a data recovery program while your hard drive is clicking you run the risk of losing all of your data. Forever.

Your data isn’t worth that risk. Get in touch with a data recovery specialist today to determine the best plan to move forward.

low cost data recovery - hard drive

The “$199 Data Recovery”

If you Google search “cheap or low-cost” data recovery you are likely to come up with a slew of sites claiming that they can do data recovery for as low as $199, sometimes even as low as $150. Given this, you might be wondering, why am I now being asked to pay hundreds or sometimes even thousands of dollars for my data recovery job? Or, if you are just beginning your recovery exploration, you might be wondering if these offers are right for you. We wanted to share some thoughts on why you should or shouldn’t use one of these companies because we care about what is best for you and your valuable data, as I am sure you do too!

Tl;dr – The $199 companies are only appropriate for extremely uncomplicated software issues. However, if you have anything even slightly more complex like mechanical, electrical, or even minor sector damage, $199 companies will not be able to help you.

At Flashback Data, we offer a No Data, No Fee Guarantee.

Call 866-786-5700 to speak with an expert 24/7 or submit your case here.

When is $199 is not right for you?

First of all, if you have a drive that no longer is recognized in your operating system or is making clicking sounds, stop right there. These inexpensive data recovery companies will not be able to help you. Most of these companies are not capable of recovering in situations where the drive is actually not registered by the operating system. When this happens, the $199 companies will usually tell you one of two things:

  1. “Your drive is unrecoverable.”This might be true, but keep in mind, a lot of times it isn’t  What might actually be happening is that they do not have the equipment to recover your data. So if you hear this, never fear, there is still hope! Or they will say…
  2. “We need to send it out to someone else”When they say this it is again because they do not have the equipment to recover your hard drive’s issue so they need to send it out to a firm that does, like ours! However, this is not always ideal for you. $199 companies naturally want to make some profit for their handling of the situation so often they will add additional cost on top of the outsourced work. In the end, their quote will end up at least 10 times higher than what they originally stated. In other words, you could save yourself $300 and “outsource” your job yourself to a company with the proper equipment for your issue.

 

If you do decide to go with the $199 company be sure to ask them these questions or you may be putting your data at risk:

  • Security – Can you view their lab? Where is the recovery taking place? You want to make sure your data is safe from predators that might take advantage of it.
  •  How long they have been in business? Data Recovery takes years of experience to become a reliable source. For example, our engineers have almost 15 years of experience recovering data.
  • Do they charge if they can’t recover the data? Paying $199 for recovered data is a steal. However, paying $199 if they are unable to recover is less of a deal. Most firms with more resources, like ours, will only charge you for your data if a successful amount is recovered.
  • Do they have a clean room on site to work on physically damaged drives? Hard drives are incredibly sensitive machines. An improper environment could damage your data forever. If a company is going to open a drive in any way, that drive is ONLY SAFE if it is in a Clean Room facility, like ours. Most $199 place do not have the resources for such an expensive facility.
  • Can they fix damaged electronics or flash-based devices? Often, the smaller a piece of electronics is the more difficult it is to work on. So, chances are… if they can work on flash drives or fix complicated electrical issues…they can also work on more complicated hard drive issues; such as mechanical or electrical failure.

 

Generally speaking, the $199 companies are only appropriate for extremely uncomplicated software issues. However, if you have anything even slightly more complex like mechanical, electrical, or even minor sector damage, sadly,…

 

$199 Companies will not be able to help you.

If your data is valuable to you it is likely not worth the risk if your drive has particularly complex issues. Think about it like heart surgery (hard drives certainly have the capacity to be similarly complicated). The $199 services are like the general nurses. They are able to give you shots, take your heart beat, etc; but they wouldn’t necessarily be capable to do open heart surgery, nor would you want them to. Firms like ours are hard drive specialists because they can help with really difficult procedures. And like most things, specialists are the best at what they do and work with the best equipment, and that that is why their services cost more.

The engineers at Flashback Data have over 15 years of experience and everyone on our team cares just as much about your data as you do! Here are just a few other valuable resources we have that $199 usually do not:

  • 24/7 video surveillance
  • 4 zone Biometric access with man trap into the lab
  • All employees are FBI background checked through the Texas Department of Public Safety and are licensed private investigators.
  • Our lab has a steel evidence cage with video and motion detectors surrounding it for devices involved in litigation
  • We have Class 10 (ISO Level 4) and Class 100 (ISO Level 5) Laminar flow clean workstations
  • We are the only Lab in the world with the same accreditation as the FBI and DEA for handling digital evidence – ASCLD/LAB (ISO 17025)

 

AND REMEMBER, if the drive makes strange noises, smells burnt, won’t spin, or any other odd physical symptom, DO NOT KEEP TURNING IT ON, this could cause more and more damage to your dive.

 

 When $199 is right for you?

  • When your data is not very valuable and you don’t want to try over-the-counter data recovery software yourself.
  • When you know that your drive only suffers from a failure related to the file system and not anything related to physical or electrical damage to the drive
  • When you do not care about the security of the facility that you are sending it to, or the security of the data

 

What about over the Counter Data Recovery Software?

In general, we don’t recommend trying to run over-the-counter data recovery software. BUT if you have the ability to connect your drive in an external USB caddy or enclosure and install trial software (you can find many data recovery utilities by Google searching) on a different computer, you may be able to see if you can recover the data on your own for much less than $199. However, if there is anything more complicated going on; sadly, no amount of Google or store-bought software will save you. Again, this is where we can help.

Flashback data is in the business of getting people’s data back at a fair honest price, and unfortunately, sometimes that price is high. Data recovery is an expensive business to run and an expensive process.

If your data is very valuable, please be careful who you send it to. We feel terrible for people when they come back to us after trying the cheaper options. We have many testimonials of people who almost lost their job or the entire business or even irreplaceable pictures from the first years of their child’s life. If your data is irreplaceable, use a respectable data recovery lab.

Again, we truly care about data loss and do not want you to get in a bind with someone that may not have the capabilities that are needed for your situation. We are even happy to recommend a reputable company that we know can help you out if you do not want to use us.

If you want to see more about us and actual video of the inside of our lab see the following links:

http://www.kvue.com/home/Data-detectives-195487811.html

http://www.kvue.com/news/Should-warrants-be-required-for-Cell-phone-searches-181271821.html

http://www.myfoxaustin.com/story/19503992/crimewatch-austin-company-helps-solve-crimes

On Scene in a Water Emergency

Securing Digital Evidence in a Water Emergency

Water and electrical devices do not mix, especially if the device contains valuable data. When you’re on scene in a water emergency, the decisions you make in handling potential digital evidence can have huge impacts down the line in your department’s ability to recover evidence and use it to make a case. We’d like to share a few on-scene tips to help protect digital evidence that may be damaged by water.

How Water Damages Electronic Devices

Before we talk about what to do with a device in water, it helps to understand the two most common ways that water actually damages electronic devices.

Electrical Damage

Water is rarely pure water. It contains dissolved electrolytes, such as sodium chloride (table salt). Pure water is a very poor conductor of electricity, but when it contains ions (sodium and chloride), it can act as a good conductor of electricity. So, if this ion-filled water commonly known as tap, coastal, lake, river, or sewage water comes into contact with any electronic device in an ON state, it is going to make connections in places where there should be no connections. This can result in a large current, which in turn, damages the circuit.

Corrosion

Corrosion is another problem when water is involved with electronic devices. Corrosion happens when you have long-term exposure to water. The electrical connections within electronic devices are made of metal. When that metal comes into contact with water, it starts corroding and converting to another non-conducting compound. The additional ions that water contains can speed up this process of corrosion. If the metal connection between two parts of a circuit is sufficiently corroded, the connection is broken and the electronic device stops working.

What To Do On Scene

The decisions you make on scene in a water emergency can have significant impacts on your department’s ability to recover and analyze digital evidence for future use. We recommend the following steps to help protect the integrity of digital evidence in a water emergency:

1) Assume The Device Was Powered On

Technically, it matters whether a device is in the ON state of OFF state when disaster strikes. If the device is in its OFF state, it is very possible that it will start working as long as you dry and clean it up sufficiently before turning it on, as the dried water can no longer make any undesired connections. This can be done using rice, solvent, or other methods that will absorb or displace the water content without leaving anything to interfere with the circuit.

Unfortunately, when most disasters or accidents strike, devices found are in an unknown state. It is unknown if the device was originally in the OFF or ON state. The most conservative approach from a data recovery perspective is to assume the device was ON and has short-circuited.

2) If It’s Dry, Keep It Dry

This may sound obvious, but even a good-intentioned effort to wipe down a device with a damp cloth can do permanent damage. If a digital device has dried after a flood, storm or fire, it’s best to keep it dry. Simply get the device as it is to your digital crime lab and make sure they know it may have water damage. If there are contaminants on or inside the media, an accredited crime lab will follow specific protocols when recovering data to address any potential contaminants.

3) If It’s Wet, Keep it Wet

If the device is still wet, DON’T TRY TO DRY IT! Trying to dry a wet electronic device on scene is usually done with the best of intentions, but it’s a mistake from a data recovery perspective. As noted above, it’s not the actual water that does the damage, but the ions and contaminants in the water. If you try to dry the device you may be ensuring that those ions stay in places they shouldn’t be. The most conservative approach is to package the media with a wet towel and immediately send it to the digital crime lab.

4) If It’s Submerged, Keep It Submerged (In Distilled Water)

In a flood emergency, you may find digital devices that are completely submerged. In this situation, don’t try to dry the device. Instead, place the device in a bucket of distilled water and get it to a digital crime lab. Remember that it’s the extra ions from things like salt or other contaminants in the water that damage the device, not the water itself. Distilled water is, by definition, pure water that doesn’t contain the additional ions that can do damage.

It sounds counterintuitive to bring water to a flooded crime scene, but if you need to secure digital evidence during a flood emergency, a few gallons of distilled water could help you make the case.

If you need help recovering digital evidence that may have water damage, contact Flashback Data. We’ve worked with devices damaged by hurricanes, floods, fires and sabotage. We are the first private crime lab accredited under the same specifications as the FBI and state labs. We can help you prepare, recover, analyze and use digital evidence especially in unique and time-sensitive cases.

CALL US AT 866-786-5700 FOR A FREE CONSULTATION.

Cyber-Attack: Does it mean the end?

We’ve all the heard stories about the 200,000+ systems in 150 countries getting hacked last week. The attacks hit computers running factories, hospitals, banks, government agencies, and transport systems in countries including Russia, United States, Ukraine, Brazil, Spain, India and Japan, among others. Among those hit were Russia’s Interior Ministry, Spain’s Telefonica, FedEx Corp. in the U.S., and about 45 National Health Service organizations in the U.K.

The culprit is malware called WannaCry and seems to have spread via a type of computer malware known as a worm. Unlike many other malicious programs, this one has the ability to move around a network by itself. Most others rely on humans to spread by tricking them into clicking on an attachment harboring the attack code.

Once a company’s data is encrypted, a message appears demanding a fee of hundreds of dollars. If the ransom is paid in time, the information may be restored. “At the heart of this new business model for cybercrime is the fact that individuals and businesses, not retailers and banks, are the ones footing the bill for data breaches,” Josephine Wolff noted in The Atlantic.

As the worst cyber-attack in recent history, why has WannaCry has proven so vicious?  It leverages a Windows vulnerability known as EternalBlue that allegedly originated with the NSA. The exploit was dumped into the wild last month in a trove of alleged NSA tools by the Shadow Brokers hacking group. Microsoft released a patch in March, but many organizations haven’t caught up.

“The spread is immense,” says Adam Kujawa, the director of malware intelligence at Malwarebytes, which discovered the original version of WannaCry. “I’ve never seen anything before like this, It’s nuts.”

One cyber security firm estimates that costs for extortive attacks at small and medium companies cost $75 billion in expenses and lost productivity each year.

(WannaCry) Ransomware Prevention

Multiple things go wrong when infected with malware, yet It isn’t the ransom that is the expensive part of being infected.  The downtime and lost productivity increase with each passing day. Prevention of infection is the best possible way to avoid downtime. However, there is no single defense solution currently on the market that can 100% guarantee ransomware prevention. Instead, step up your data protection game to increase your front line of defense. If that still doesn’t work, Flashback Data has had limited success in recovering data on infected drives.

  • Install reputable anti-virus and firewall technology, and update both OS & software consistently.
  • Proceed with caution when opening emails; Do not click links or open email attachments you aren’t expecting; verify the source of the link or attachment first.
  • Ensure that ALL employees are trained on these email best practices – phishing scams are the #1 cause of ransomware’s success today.
  • Despite popular belief, the Cloud is NOT immune to Ransomware. Particularly within popular SaaS applications like Dropbox, Office 365 and Google Apps.

RansomWare Recovery

Like many of the leading ransomware strains today, the code is constantly being adapted to avoid detection by the leading solutions of defense available. More than 91% of IT service providers  reported ransomware infiltrating anti-virus and anti-malware software in the past 12 months and 77% report it infiltrating email and SPAM filters. The social engineering tactics cyber criminals employ to dupe their victims continue to be highly effective, and will remain so for the next few years, likely due to Increase in phishing emails/SPAM, general awareness of best practices against phishing, and the lack in cybersecurity training.

  • Don’t negotiate with e-terrorists. 42% report customers paid the ransom, 1 in 4 of whom did so and never recovered the data. This is largely why the FBI recommends victims do not pay up. But if you decide to risk paying the ransom you should know that cyber criminals will likely require you to pay using Bitcoin or another virtual currency over the Tor network, which is a software designed to make web browsing anonymous and untrackable.
  • Identify Time of Infection – Pinpoint the timing of a ransomware hit by reviewing the timestamps of changed file versions within a user’s backup archive.
  • Protect ALL users and applications – Provide better support by closing gaps in data visibility and protection, and capture every end-user file, regardless of OS platform. Educate people to NOT click links unless they can verify the source.
  • Contact Flashback Data BEFORE too much damage has been done to the device, thus increasing chances of a successful recovery. We have had success recovering data without paying ransom.