$2,000,000 Clean Room! - DriveSavers Data Recovery Tour
Linus Tech Tips
·Linus Tech Tips
·2018-05-06
·
1,977 words · ~9 min read
0:00
you'd never know it from the outside but in there through those doors is one of
0:04
the world's oldest and most advanced data recovery companies drive savers
0:09
headquarters here in nevado california features almost a hundred employees
0:15
almost that many security certifications
0:18
and a 2 million iso 5 clean room
0:24
and they sponsored us down here to have a close look at how it is they take
0:29
this and turn it into this
0:34
so let's go inside
0:46
we're gonna kick things off in the museum uh
0:50
as long as our escort says that that's okay
0:53
security is a huge deal at drive savers
0:57
not just on the outside of the building but also throughout it so guests get
1:01
these incredible badges that actually change color over time eventually
1:06
turning red so that anyone who sees it will know to kick me out or call the
1:12
cops and everything in here is on a need
1:15
to access basis with biometric security
1:18
on secure spots and annual background checks for all staff members so these
1:23
guys have recovered data from pretty much everything that you would normally
1:29
think of hard drives phones laptops ssds
1:32
and from a lot of things that you probably wouldn't think of
1:37
defibrillators photocopy machines and even ativo so the museum here contains
1:43
many of their biggest success stories both in terms of the importance of the
1:47
data that was recovered uh they once saved twisted sisters christmas album
1:51
and 12 episodes of the simpsons including the conclusion of the who shot
1:56
mr burns cliffhanger during a national contest to guess who did it
2:00
and in terms of the difficulty so
2:04
run over by an 18-wheeler check lit on fire check buried in a mudslide check
2:10
that too this one that you're looking at right now was actually pulled from a
2:14
sunken cruise ship after sitting underwater for two days it had the
2:19
owners memoirs successfully recovered from it now let's talk about how they do
2:25
it consultation and in some cases even diagnosis with an analysis of what data
2:30
they expect to get back is free so you send in your drive where shipping
2:35
sorts it into a colored bin according to the priority of the job and the uh
2:40
cleanliness of the drive or device and you might think to yourself oh come on
2:45
it's a hard drive how dirty could it be
2:48
but they've actually had to obtain a geiger counter to evaluate the
2:52
radioactivity of drives coming out of nuclear disasters and through some of
2:57
their forensics work they've even seen devices come through here that were
3:02
found on murder victims one phone
3:05
apparently had the camera element gouged out before being placed back on the
3:10
victim's body in an apparent attempt to get rid of the photos
3:15
so yeah drive savers got that back good work idiot hope prism's treating
3:20
you well from shipping your bin travels to one of a few different places and
3:24
we'll go through those in a minute but everything will eventually get the
3:28
cloning treatment and that starts here drive savers keeps a huge inventory of
3:33
spare wiped donor drives because you
3:36
dramatically improve your chances of recovery if you're working with a bit
3:40
for bit digital copy of your data set it
3:43
gives you the time to analyze more than just
3:47
what files were there and then dig into who accessed them when what did they do
3:53
these kinds of things can be particularly important in cases of
3:56
corporate intellectual property protection for example where there might
3:59
have been some attempt to destroy data or cover up a data access
4:04
the folks in this room also do the initial analysis of raid arrays using
4:09
software tools like the one you're looking at here to rebuild the array
4:13
logically and determine which drives are probably working fine versus which ones
4:18
will likely need physical repairs before making a cloning attempt and they've got
4:22
the hardware for everything from reconstructing a four drive home nas
4:27
array to this over here this is a 45 drive jbod that's on standby waiting for
4:34
i don't know maybe another 96 drive server that got gallons of water dumped
4:39
on it due to a sprinkler system malfunction because yeah
4:42
that was a thing that happened but as you saw in the museum a lot of the hard
4:46
drives that come through here need a lot more than a little bit of software
4:50
reconjiring so welcome to
4:54
the clean room or strictly speaking this
4:58
is the inventory room and the clean room is on the other side of the glass but
5:01
but this stuff's cool too in here they've got basically every hard drive
5:06
you could imagine they've got two and a half inch they've got three and a half
5:10
inch they've got uh the latest helium sealed drives and all the way from the
5:16
latest to look at these clunkers i mean look at this this is called a
5:21
mini scribe i guess you know relative to this guy
5:27
it is pretty mini but basically the point is
5:31
whatever the text on the other side of the glass inside that iso 5 clean room
5:37
so that is less than 100 000.1 micron particles per cubic meter
5:43
10 000 times cleaner than a normal room whatever they need
5:46
they put a request onto this little card it comes out here we load it up we fire
5:50
it back in there and whether it's a brand new drive or an ancient one they
5:54
start the process of rebuilding one
5:58
working drive from the donor and the
6:01
recipient now they did put away some of the proprietary equipment that they use
6:06
for example they found a way to work on helium seal drives which won't function
6:11
at all in regular air that's seven times more dense and so they wouldn't show us
6:16
like i don't know how they either reseal them
6:19
or put them in a helium chamber or something but this place is still
6:24
incredible so thanks to the 34 filtered
6:27
fans air is circulated in here so
6:31
quickly that it's not only clean but they can actually do soldering work
6:36
anywhere in this room without disrupting anyone else's sensitive recovery
6:41
operation incredible and
6:44
an operation it is they actually agreed
6:47
to let us do an actuator swap so stay
6:50
tuned for that video because i'm super stoked for you guys to see it anyway for
6:54
now let's continue our journey so then with the drive physically working
6:59
i mean it's copying data they can just send it back to you right
7:04
wrong so this guy right here is working but it
7:08
is not reliable drive savers wouldn't be
7:11
able to keep their warranty approved service status with every major hard
7:16
drive vendor for very long if they pulled that kind of a stunt
7:20
so the next step then is logical recovery where maybe not all but some of
7:26
the data should be recoverable even in cases of severe physical damage like we
7:31
saw downstairs in the museum and we're going to head over there but first we
7:35
need to make a quick stopover in flash memory town now hard drive recovery is
7:41
complicated flash memory
7:44
well that's a whole other ball game son so what you're looking at here is raw
7:50
ones and zeros off a flash chip so you can think of it kind of like a qr code
7:55
except that there is no app for your phone to read it and making matters even
8:00
more difficult this middle spare area part right here well that contains
8:05
information about where the block numbers are where your ecc belongs etc
8:10
really good stuff except oh wait that gets intentionally scrambled in many
8:15
cases as a security measure so figuring
8:18
out which bites are bad and getting the whole thing to turn green takes a lot of
8:23
knowledge and then to do it quickly takes years of experience and even
8:28
getting it to that point isn't trivial in many cases flash memory chips require
8:33
proprietary not to mention expensive readers and they come from devices that
8:39
don't always want to give them up easily including everything from standard apple
8:43
or m.2 ssds and computers to camcorders
8:48
mp3 players like what year is it i know right and even bare flash chips that are
8:54
soldered onto the motherboard like in some of the latest macbooks thank you
8:58
apple and the craziest part is coming back to
9:02
device security again on a device with a
9:05
security module like an iphone for example so you can see in this footage
9:10
they're taking apart an iphone 10 for us that might later be used as a known good
9:15
for a customer recovery attempt you could actually need at least
9:21
four components to even hope to pull data off of it the nand flash itself
9:26
which needs to be desoldered from the board and the baseband ic the controller
9:32
which you can actually see from this disassembled a8 chip actually sits under
9:37
the RAM with contacts on the top and bottom
9:41
and the rom so four parts which means
9:44
that if you were to hope to pull data from a badly damaged one of these you
9:49
would need to desolder clean re-ball and
9:52
re-solder all of these four components
9:55
successfully to a donor phone and did i
9:58
mention by the way that even the couple generations old a8 processor already had
10:03
1100 contact points so they apparently
10:07
haven't attempted an operation like this with the 10 yet but they think that it
10:12
might be possible
10:17
finally we're in logical land now stuff without any physical damage to the hard
10:23
drive itself may end up coming straight here like
10:27
let's say for example you plug the wrong power supply into your external drive
10:31
enclosure like this and it released all of its magic blue smoke
10:36
pella he actually sent this drive to drive savers four years ago but ended up
10:41
opting not to go forward with the recovery service so as you can see from
10:45
what we pulled off of this drive it's clear that for some people it's not
10:50
necessarily going to make sense necessarily to pay for data recovery if
10:56
all you've got that's not backed up somewhere is clips from a
11:00
chichen chang live concert with that
11:03
said even around here at drive savers where their bread and butter is failed
11:08
or corrupted devices they still absolutely preach
11:13
the principles of data backup because
11:17
the cold hard truth is even if you are
11:20
an extremely skilled data recovery engineer there are still things that can
11:26
take out your storage permanently so i
11:29
think a perfect example of that is our host today mike ended up losing
11:34
pretty much all of his data in the santa rosa fires so even though he's an
11:39
executive here at drive savers there was nothing he would have been able to do
11:43
about that if he hadn't had an off-site
11:47
backup so at the end of the day that's the takeaway guys
11:52
make backups of your data the 321 principle should never be ignored but in
11:58
the event that something goes terribly wrong drive savers has got your back i
12:04
want to thank them for making this video possible i want to thank you guys for
12:07
watching and you can check out the link to drive savers in the video description
12:12
yeah no no no i think i can i think i can do it no problem okay you get better
12:16
angles okay