Data Replay Services

Computer Crime / Digital Discovery / CCTV Image Recovery / Computer Forensics

Archive for January, 2014

Storage Area Networks

without comments

Webfusion logoStorage Area Networks (otherwise known as SANs) – What are they exactly? – It’s a question that’s trickier to answer than you may think. My job has taken me off researching again – this time into those most noisy of places – server rooms. The one I went to was vast and belonged to an ISP – it’s staggering how much data these places handle and they told me they have other 1000 servers – a mixture of Windows and Linux operating systems, each with at least 5 disks in the RAID array. A quick calculation means this place had in excess of 5000 hard disk drives – all spinning and holding data.

A Storage Area Network (SAN) is a type of computer architecture where distant storage devices like disk arrays are attached to servers and set up in this manner they seem to be locally on the system. By sharing storage it can simplify things and will add flexibility as the storage doesn’t have to be physically moved around, a SAN environment may work with a variety of hardware from RAID’s to Network Attached Storage, as a result of the numerous components that may compose a Storage Area Network it could be rather sophisticated, the more sophisticated the system the bigger the odds of a failure in a single element, that consequently can impact the whole storage system.

By investing in a Storage Area Network it may supply adaptive storage direction and high performance, with a Storage Area Network enables one to allocate space to specific apparatuses or to hold the whole storage open or you may select who can obtain specific data. Storage Area Network systems seldom fail and when they do it is typically due to user error, typically within picture direction or an error with san direction characteristics, Storage Area Networks support large quantities of users, this makes it useful for companies who have a great deal of data but need it centralized in one accessible location. Because of the large quantities of users as well as the feature of the data that’s saved on Storage Area Networks they want continuous tracking and data recovery accessible twenty four hours a day.

Servers can be booted from your Storage Area Network this supplies advantages such as the fact if your server is flawed the Storage Area Network can be reconfigured to make use of the valid Component Quantity of the flawed server on a different server, Storage Area Networks may also be found in catastrophe protection, the reason being they are able to be crossed over distant places with an IP Wide Area Network, this empowers storage replication executed via disk array controllers, server applications or specialized Storage Area Network Apparatuses.

There’s a solution to gauge the operation and capacity of a Storage Area Network this is via quality of service, quality of service allows for the required storage operation to be preserved and computed for network users. The chief variables which influence Storage Area Network quality or service are; Bandwidth, Latency and Queue Depth. Bandwidth is the speed of the data throughput which can be found, latency is the time delay for a read/write function to happen and Queue depth is how many operations which are waiting to be ran to the discs. The essence of service can be influenced by matters like a spike in the level of data traffic from one user this subsequently affects the other users when quality of service services have been in area utilization and operation, causing their operation to reduce could be preserved and called.

When employing a Storage Area Network it’s important never to use over provisioning, this is where additional disk space is put into compensate for peak traffic loads yet where peak traffic loads can’t be called the additional capacity may cause bandwidth to be consumed entirely and latency to rise over time it is also called Storage Area Network degradation.

Link: This article is covered in more depth on the Data Recovery Reviews web site.

Written by Betty

January 29th, 2014 at 4:53 pm

Beware of Cryptolocker

without comments

Warning SignCryptolocker is a malware trojan that attacks Windows machines and was first seen in late 2013. It finds its way onto systems by several methods, most commonly by via an innocent looking email that requires the reader to open the a disguised attachment that it infect the trojan.

Once on a system, Cryptolocker will encrypt various files on the hard drive with a very strong encryption key before displaying a message to the user of the computer demanding a ransom payment in return for the decryption key.

As Cryptolocker was a completely new threat when first launched, malware detection programs were not able to spot it as these applications are only able to detect threats that have already been discovered. Although Cryptolocker is now detected by anti-malware and anti virus detection programs, the writers of Cryptolocker frequently update their code to avoid detection. This is a tactic that has proved successful on a number of releases.

The Cryptolocker program uses an encryption key of 1024 bits which means that the passwords are so long that they are more or less unbreakable. A brute force program (one that continually tries different password permutations in order to crack the password) would literally take many years, working at a rate of tens of thousands of attempts per day.

Alternatively the ransom amount can be paid in return for the decryption key allowing the encrypted files to be deleted. Cryptolocker ransoms are paid in Bitcoins – a new virtually untraceable internet currency and in December 2013 an attempt was made to discover how much Cryptolocker had earned it’s creators. It’s estimated that between October 15th and December 18th 2013 (ie. just over two months), almost 42,000 transactions had taken place with a total value of USD $27M.

If your system has been infected with Cryptolocker and you have some important files that need decrypting you can either pay the ransom – although there is no guarantee you’ll get the decryption key, try and crack the password using a brute force program – which will take decades, or accept that your data is gone. There’s little point contacting a data recovery company as they’ll only be able to do the same exercise as you – and will need the decryption key in order to access your data. The decryption key is not stored on the infected PC.

Written by Betty

January 15th, 2014 at 3:09 pm

A Data Recovery Adventure in Scotland – Part 1

without comments

Exposed Hard Disk DriveThis New Year I found myself in Edinburgh, and a very fair city it is too. It had been 12 months since my extended family had been gathered together in one place – it’s something we do each New Year, so packed my case and travelled up north of the border.

Accompanying me on the trip was my trusty 2TB external hard drive. This thing is totally invaluable and stores all my work and music, plus the movies and photos that I was looking forward to showing everyone over the Xmas holiday. I arrived safely on a wet New Years Eve morning and in my haste to get inside and out of the rain managed to accidentally throw my external hard drive from the car. I watched in horror as it flew across the pavement and landed in my parent’s garden. Oh No! I thought, but at least it had landed on the soft grass rather than a hard pavement. I retrieved the hard drive and went inside hoping it would still work.

I plugged the drive into my parent’s Windows computer and all was looking good, I heard the beep-beep noise that you get when you attach a USB device, so far so good. I then got an error message telling me the hard drive could no longer be read and asking me whether I wanted to format the drive. I said Yes. Several minutes later I got another message saying the process had failed. Uh-oh… what do I do now I thought…

My father told me a friend of theirs had recently had a hard disk problem too. He said they had to use a data recovery company to get the data off the hard drive but couldn’t remember the name of the company. A phone call later he told me the data recovery company was called Datlabs. But they weren’t in Edinburgh they were in Glasgow. Could we not use a company in Edinburgh I asked? He told me that his friend had done exactly the same thing but the the company in Edinburgh were not very good and he got the impression that they didn’t know what they were doing.

I agreed we should then follow my father’s friend’s recommendation and drive across to Glasgow to see the Datlabs data recovery people. OMG, I’m very glad we did. They were able to look at the hard drive and tell me one of the heads was about to fail. This apparently was bad, they said there was probably only a limited amount of time before the drive failed completely and recommended they get the data from it ASAP…. To Be Continued

Written by admin

January 3rd, 2014 at 1:58 pm