Failed hard drive(?) data recovery

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Exterous
Posts: 221
Joined: Mon Feb 20, 2012 1:34 pm

Re: Failed hard drive(?) data recovery

Post by Exterous » Wed Oct 10, 2018 9:42 pm

CaliJim wrote:
Wed Oct 10, 2018 9:50 am
Exterous wrote:
Tue Oct 09, 2018 4:16 pm
One Ping wrote:
Mon Oct 08, 2018 3:12 pm
jebmke wrote:
Mon Oct 08, 2018 2:16 pm
One Ping wrote:
Mon Oct 08, 2018 12:40 pm

Is there an app that will run backups on folders you select at intervals you select to locations you select? :?:

Seems like some things I might want to back up frequently, locally and others less often to remote storage.

One Ping
False frugality. I use FreefileSync to run nightly backups to my NAS; it can be configured to do versioning. Versioning is critical to avoid contaminating the backup with corrupted files. I use Task Scheduler in Windows to trigger the job.

I still have a cloud backup; I am currently using iDrive but I have plans to switch to SpiderOak when I have the time to work on this.

For making backup images of Windows I use Macrium Reflect.
So, does versioning then protect data backed up on NAS from ransomware attacks?
good on you. well done.

Yes but to what extent depends on a lot of factors like the NAS, the setup and the ransomware. If the NAS exposes all versions on mounted shares with Read\Write access for the account that was logged in when the computer was infected a decently coded ransomware app will find it and encrypt everything.

But many NAS devices now offer mitigation options like authenticated backups and "pull" backup options (So the NAS authenticates to your computer using different credentials to 'pull' information to backup.) In that case you're usually looking at a situation where you might have an encrypted version of the files on the NAS but you can then select a version of that file(s) that existed before the attack
CaliJim wrote:
Sun Oct 07, 2018 6:00 pm
Exterous wrote:
Sat Oct 06, 2018 9:39 pm
CaliJim wrote:
Sat Oct 06, 2018 8:50 pm
256gb Solid state drive is small. go bigger! 256 is barely big enough for the OS, with not much space left over for swap/paging. 512gb is better.
Uh...Windows 10 takes less than 30GB so 256 is quite a bit beyond 'barely big enough'. I have a Win 10 desktop with "only" a 256 SSD and find it plenty big enough for daily use - including 20GB of steam games. Currently I still have 47.9GB free. 512GB might be better depending on use case and storage location but 256GB is certainly usable.

Offline storage is not required to protect against ransomeware. Versioning from the major providers of both cloud and local connected storage protects against this. Risks of failure of versioning to protect the files should be weighted against failures of offline backup habits and physical destruction risk
All I can say is I remember spending quite some time trying to fit W10 and my user files into a 256gb ssd. I finally gave up and got a bigger ssd. Life then got much easier. Yes W10 alone will fit in 30gb.... but not leave a lot of room for swap and user files. That and a couple of user directories with docs jpgs mp3ssss etc. 256 can end up feeling tight.
In Win10 swap files are limited to 3x the RAM or 4GB whichever is bigger so even if we're talking 16GB ram and max sawp use you're still only using around 1/3 of the drive for the OS and swap. You can fit a lot of docs, jpgs and mp3s in 157GB

I agree it can be tight depending on use case. I was just being picky about the ability to use a 256GB drive with Win10. My team manages our windows build system and we have roughly 4,000 windows 10 laptops and desktops with 256GB SSD drives (along with many more with larger drives) and they work fine even with people saving data locally and syncing their iTunes library etc to the machine
do your users open tickets when they can't save a file because they are out of disk space? or do they silently curse IT and just go to the airport kiosk and buy a USB stick and put the cost on their expense report?

Do your sysadmins scan the domain for systems with low disk space? Do you report average PCT FULL to sr mgmt for your THOUSANDS of laptops? Do you have a desktop management system?

Yes....depending on use cases: use cases change over time. The future may not be like the past. On the system I am using now, c:\users\.... is > 300gb. (I might have ripped a few DVDs...... :P)

I have always found windows versioning system to be clumsy and opaque. I was spoiled by administering clusters of systems with a 'real' OS's... VAX/VMS. VMS may be coming to a PC near you! http://vmssoftware.com/updates_port.html Digital's RMS.... that was an GREAT file system, until it got lost in the Compaq to HP shuffle. Now you have to buy a HP PA Risc system to get it via ultix. It is a straightfward & easy to use versionning file system. Always on. No special taskmgr scripts to run. Restoring accidentally overwritten ocuments for users was so easy. So many "How did you do thast!?" Made being the IT guy so easy.

VMS Backup... that was a REAL backup program. It was nice to see that Acronis copied the vms backup feature set (full and incrementals) for a PC based backup program. Windows BACKUP.....puhlease.... it is so broken... winzip caught in a loop. Ugh. not so much. Launching winbackupfrom the command prompt is like doing precision science experiments in a filthy lab with dirty tap water. Who knows what will happen. Where is the log file? Where is $stderror?

Ransomware scares the c r a p out of me. WannaCry was extremely damaging (Billions of lost $) for many many many companies. A new variant of WannaCry ransomware forced Taiwan Semiconductor Manufacturing Company (TSMC) to temporarily shut down several of its chip-fabrication factories in August 2018. That stuff is still out there in the wild.

The virus spread to 10,000 machines in TSMC’s most advanced facilities.[6] I would not make ANY assumptions about what ransomeware can or can't do to a windows 10 versioned file system. I can imagine ALL VERSIONS of a file getting encrypted. What could stop a well written virus from encrypting the backup disk where the prior versions are stored? Then where would you be. Up the river w/ Mr. PING. For me it would be A Disaster.

I know A virus CAN NOT encrypt a disk that is tucked safely away offline and is NOT connected to the system. I know that with certainty and I don't need to experiment with 4000 laptops used by other people to know this.
Not sure why you choose to capitalize "THOUSANDS" in reference to laptops but deploying, managing and packaging for 10,000 windows 4,500 macs and 2,500 linux boxes without a management system would be asinine so we use SCCM for windows, JAMF for macs and Satellite\Ansible for RHEL\Ubuntu. If the user doesn't like the size of their hard drive they can go complain to their manager who OKs hardware purchases off of (or outside of with IT consult) an approved hardware list that has laptops with 512GB and 1TB drives. No my sys admins don't waste their time scanning for workstation space utilization but the reports, with historical data, is available for Desktop Support to pull if desired (Which is also how I know how many of our machines have 256GB SSDs in them)

NAS versioning of backups, particularly in the 'pull' configuration, is not dependent on Windows versioning so this seems like an odd tangent.

TSMC let a vendor install unverified software on a network that contained thousands of unpatched computers despite the existence of year old updates that would have prevented this. Basic IT policy or procedure failure and no relation how advanced their facilities were. Also companies, particularly large ones, have notably different risk profiles due to their much more numerous and prominent attack vectors when compared to individual users.

I certainly didn't say anything about any assumptions which should be clear from my word choice. For example choosing "mitigate" instead of "prevent". In particular my statement of "Risks of failure of versioning to protect the files should be weighted against failures of offline backup habits and physical destruction risk" should underscore that. The risk of data loss from ransomware on a properly configured NAS is quite small. Impossible? No. But neither is the chance of data loss for an offline manual backup process. And you can only be certain that disk remains unencrypted while its not connected to anything. But you'll have to connect it to something at some point and when you do you can't know with certainty it won't be infected then given the notable cases of maleware going unnoticed and infecting otherwise offline\airgapped\isolated environments.

ResearchMed
Posts: 7189
Joined: Fri Dec 26, 2008 11:25 pm

Re: Failed hard drive(?) data recovery

Post by ResearchMed » Wed Oct 10, 2018 9:47 pm

CaliJim wrote:
Wed Oct 10, 2018 9:50 am

<snip>

I know A virus CAN NOT encrypt a disk that is tucked safely away offline and is NOT connected to the system. I know that with certainty and I don't need to experiment with 4000 laptops used by other people to know this.
I still worry about a delayed virus, one that was previously installed, something that would be triggered later by a date or some event.
Something like that could be copied and kept, without realizing it was "there" until... too late.

Is this *not* a concern for backup drives that are only used for "data" (folders/files) and not programs or such?

RM
This signature is a placebo. You are in the control group.

User avatar
CaliJim
Posts: 2982
Joined: Sun Feb 28, 2010 8:47 pm
Location: California, near the beach

Re: Failed hard drive(?) data recovery

Post by CaliJim » Thu Oct 11, 2018 12:09 am

Exterous wrote:
Wed Oct 10, 2018 9:42 pm
The risk of data loss from ransomware on a properly configured NAS is quite small.
IMHO... that is not a good assumption.

Black swans happen all the time with any type of system.

"Properly configured" until someone presses the WRONG KEY, or a vendor pushes out an incompatible driver update, or a cosmic ray hits a memory chip.
OPs laptop was working fine and was configured properly... up until it wasn't, and nobody knows what happened and maybe never will. One day someone goes to read a file and, whooops. no file. no read. no backup. end of happy days. it's just, send coin to address asd;lf09309vcvl;asf094-043 11_)&klslkasdlkasfd09()*_)(&**
-calijim- | | For more info, click this Wiki

michaeljc70
Posts: 3556
Joined: Thu Oct 15, 2015 3:53 pm

Re: Failed hard drive(?) data recovery

Post by michaeljc70 » Thu Oct 11, 2018 9:41 am

CaliJim wrote:
Thu Oct 11, 2018 12:09 am
Exterous wrote:
Wed Oct 10, 2018 9:42 pm
The risk of data loss from ransomware on a properly configured NAS is quite small.
IMHO... that is not a good assumption.

Black swans happen all the time with any type of system.

"Properly configured" until someone presses the WRONG KEY, or a vendor pushes out an incompatible driver update, or a cosmic ray hits a memory chip.
OPs laptop was working fine and was configured properly... up until it wasn't, and nobody knows what happened and maybe never will. One day someone goes to read a file and, whooops. no file. no read. no backup. end of happy days. it's just, send coin to address asd;lf09309vcvl;asf094-043 11_)&klslkasdlkasfd09()*_)(&**
I don't know what "properly configured" means. Most home users would map a drive to it making it susceptible to ransomware.

User avatar
CaliJim
Posts: 2982
Joined: Sun Feb 28, 2010 8:47 pm
Location: California, near the beach

Re: Failed hard drive(?) data recovery

Post by CaliJim » Thu Oct 11, 2018 10:27 am

Yes... and sometimes someone w/ sysadmin will map a drive letter to it and then you are SOL.

Lack of knowledge....human error... that's usually "the problem". KLUG. Knut loose behind gun/keyboard.

PEBKAC: Problem Exists Between Keyboard and Chair- ie: user error, proper configuration lacking.
-calijim- | | For more info, click this Wiki

Exterous
Posts: 221
Joined: Mon Feb 20, 2012 1:34 pm

Re: Failed hard drive(?) data recovery

Post by Exterous » Sat Oct 13, 2018 6:03 pm

The debate between NAS and offline isn't an either\or situation. If the data is critical it should be a 'both' situation. Personally I have a NAS that is always on for backups. This gives me frequent, automated backups on a device with multiple drives for data redundancy (Because drives fail - sometimes helped by poor manufacturing). I also have a 4TB external drive that I connect after major events (ie tax filing) and take a backup before disconnecting it. It's size and weight also means there is a better chances I'd be able to carry it out of my house in the event of fire\evacuation\etc. Theoretically I should keep it in a safe deposit box at a bank or something but I've been too lazy to actually do that.
CaliJim wrote:
Thu Oct 11, 2018 12:09 am
Exterous wrote:
Wed Oct 10, 2018 9:42 pm
The risk of data loss from ransomware on a properly configured NAS is quite small.
IMHO... that is not a good assumption.

Black swans happen all the time with any type of system.

"Properly configured" until someone presses the WRONG KEY, or a vendor pushes out an incompatible driver update, or a cosmic ray hits a memory chip.
OPs laptop was working fine and was configured properly... up until it wasn't, and nobody knows what happened and maybe never will. One day someone goes to read a file and, whooops. no file. no read. no backup. end of happy days. it's just, send coin to address asd;lf09309vcvl;asf094-043 11_)&klslkasdlkasfd09()*_)(&**
And disconnected drives suffer from cosmic rays and bit rot without the periodic self checks that a connected drive would give you warning of. Not to mention that sometimes it just doesn't work when you connect it because you need to restore lost files. I've personally had to tell researchers with years of research backed up to offline drives that the best we can hope for is to send it to a clean room recovery facility but their data might be gone forever. It's one of the reasons we changed how we offered research storage. (To be fair the clean rooms have generally been successful but at a cost of between $500-800)
ResearchMed wrote:
Wed Oct 10, 2018 9:47 pm
CaliJim wrote:
Wed Oct 10, 2018 9:50 am

<snip>

I know A virus CAN NOT encrypt a disk that is tucked safely away offline and is NOT connected to the system. I know that with certainty and I don't need to experiment with 4000 laptops used by other people to know this.
I still worry about a delayed virus, one that was previously installed, something that would be triggered later by a date or some event.
Something like that could be copied and kept, without realizing it was "there" until... too late.

Is this *not* a concern for backup drives that are only used for "data" (folders/files) and not programs or such?

RM
It's a concern for any drive regardless of location (internal, NAS, disconnected drive on the shelf.) As soon as you connect it to something both devices are at risk of infection from the other.
michaeljc70 wrote:
Thu Oct 11, 2018 9:41 am
CaliJim wrote:
Thu Oct 11, 2018 12:09 am
Exterous wrote:
Wed Oct 10, 2018 9:42 pm
The risk of data loss from ransomware on a properly configured NAS is quite small.
IMHO... that is not a good assumption.

Black swans happen all the time with any type of system.

"Properly configured" until someone presses the WRONG KEY, or a vendor pushes out an incompatible driver update, or a cosmic ray hits a memory chip.
OPs laptop was working fine and was configured properly... up until it wasn't, and nobody knows what happened and maybe never will. One day someone goes to read a file and, whooops. no file. no read. no backup. end of happy days. it's just, send coin to address asd;lf09309vcvl;asf094-043 11_)&klslkasdlkasfd09()*_)(&**
I don't know what "properly configured" means. Most home users would map a drive to it making it susceptible to ransomware.
"Properly configured" these days just means running the backup setup software on your NAS. For vendors like Synology and QNAP (along with the enterprise players) its actually harder to setup a higher risk configuration although its certainly possible

User avatar
One Ping
Posts: 482
Joined: Thu Sep 24, 2015 4:53 pm

Re: Failed hard drive(?) data recovery

Post by One Ping » Sun Oct 14, 2018 12:54 pm

OP here ... Update 2

The hardware check was completed on Friday and didn't reveal any h/w problems with the laptop. Since the SSD had been removed earlier to recover the files, and seemed to check out okay, the h/w tech and I concluded that the problem must have either been unique to the h/w interface between the SSD and the laptop or Windows had somehow been corrupted and couldn't boot. Regardless, the 'carcass' was still good and salvageable. Replaced (just in case) the old SSD with a new 256 GB SSD, added a 1T HDD for data, and reinstalled Windows 10 Pro. Everything seems to work fine now and the recovered files are being transferred from the USB to the laptop. Back in business.

Now I am reinstalling applications ... primarily Office, Acrobat and a couple of special purpose investment and scientific applications. Should take a few hours. I also have to configure all the system operating options to the way I like them and figure out how to setup an automatic back-up process. I may have questions about how to do that. :idea: :wink:

One side effect of this event is it gives me a chance to do some file clean-up and restructuring of my folder system organization as I move files from the recovery USB to back the laptop. Over the years things had evolved into a somewhat 'less than optimal' situation.

This was a close call, but everything seems to have turned out about as well as it could. Lesson learned. Thanks for the help. :sharebeer

One Ping
"Re-verify our range to target ... one ping only."

ResearchMed
Posts: 7189
Joined: Fri Dec 26, 2008 11:25 pm

Re: Failed hard drive(?) data recovery

Post by ResearchMed » Sun Oct 14, 2018 1:12 pm

One Ping wrote:
Sun Oct 14, 2018 12:54 pm
OP here ... Update 2

The hardware check was completed on Friday and didn't reveal any h/w problems with the laptop. Since the SSD had been removed earlier to recover the files, and seemed to check out okay, the h/w tech and I concluded that the problem must have either been unique to the h/w interface between the SSD and the laptop or Windows had somehow been corrupted and couldn't boot. Regardless, the 'carcass' was still good and salvageable. Replaced (just in case) the old SSD with a new 256 GB SSD, added a 1T HDD for data, and reinstalled Windows 10 Pro. Everything seems to work fine now and the recovered files are being transferred from the USB to the laptop. Back in business.

Now I am reinstalling applications ... primarily Office, Acrobat and a couple of special purpose investment and scientific applications. Should take a few hours. I also have to configure all the system operating options to the way I like them and figure out how to setup an automatic back-up process. I may have questions about how to do that. :idea: :wink:

One side effect of this event is it gives me a chance to do some file clean-up and restructuring of my folder system organization as I move files from the recovery USB to back the laptop. Over the years things had evolved into a somewhat 'less than optimal' situation.

This was a close call, but everything seems to have turned out about as well as it could. Lesson learned. Thanks for the help. :sharebeer

One Ping
So glad it had a happy ending.

RM
This signature is a placebo. You are in the control group.

Post Reply