Presentation on theme: "Recovering Data from Flash and SSD. Proprietary | Kroll Ontrack Your presenters today Jennifer Duits Sr. Marketing Specialist Kroll Ontrack, Inc. Steve."— Presentation transcript:
Recovering Data from Flash and SSD
Proprietary | Kroll Ontrack Your presenters today Jennifer Duits Sr. Marketing Specialist Kroll Ontrack, Inc. Steve Hruska Research & Development Engineer Kroll Ontrack, Inc. Teleconference information Participant Pass code:
Proprietary | Kroll Ontrack Today We Will Discuss: SSD Survey Results HDD vs. Flash/SSD Technology Flash/SSD Data Recovery SSD Data Encryption SSD Data Erasure Summary/Q&A 3
Proprietary | Kroll Ontrack Deliveries HDD vs. SSD 7 * Source: IHS iSuppli, January 2013 ** Source: Coughlin Associates, May 2012 in millions
Proprietary | Kroll Ontrack Hard Drive Internals 8 Spinning hard drives look like a record player with one or more disks (platters) and a read/write head on each side of each platter. Hard drives store data by magnetizing parts of the disks and store data sequentially. A cleanroom environment is necessary in the majority of recoveries. Microscope view of magnetized bits on a platter Data Servotracks + ECC
Proprietary | Kroll Ontrack HDD Roadmap – HDD GAP Performance Increase: »CPU 8-10x »DRAM 7-9x »Network 100x »Bus 20x Capacity Roadmap: »Heat Assisted Magnetic Recording (HAMR) »Bit Patterned Media (BPM) »Shingled Magnetic Recording (SMR) 9 Performance GAP: Disk Drive 1.2x
Proprietary | Kroll Ontrack Solid State Drive - SSD
Proprietary | Kroll Ontrack Solid State Drive Internals 11 Solid State Drives have no moving parts. The data is not stored sequentially on the chips so the engineer must re-assemble the data, similar to a Raid recovery. Connector Controller Chip Memory Chips Memory Chips Removed
Proprietary | Kroll Ontrack Memory Chips - Blocks - Pages 12 = Page [smallest Unit] 4 KB or 8 KB Block [128 Pages = 1 Block] Possible status: > free > filled with data marked for deletion bad Smallest Unit to delete! Memory-Chip [ n Blocks = 1 Chip ] 0 n
Proprietary | Kroll Ontrack NAND-Flash Type 13 SLC = Single Level Cell: Highest endurance; Highest performance; Most expensive MLC = Multi Level Cell: Moderate cost; Read intense apps; Web server eMLC = Enterprise MLC: Lowered wear rates at moderate cost; Database apps TLC = Triple Level Cell: Low cost; High density; Consumer Electronics Source: SAMSUNG
Proprietary | Kroll Ontrack HDD vs SSD Manufacturers: HDD Graphic Source: Chris Ritter, Buzzfeed.com 14
Proprietary | Kroll Ontrack SSD Manufacturers 15 Six NAND Manufacturers but > 200 SSD Manufacturers SSD is easy to build: Controller, NAND, Firmware,…
Proprietary | Kroll Ontrack Realities of SSDs SSDs and HDDs are equally reliable »Susceptible to different types of failures »Limited time for testing SSDs for Mean Time Between Failures (MTBF) SSDs work well in a hybrid data storage environment »Adds speed for commonly accessed data SSDs and HDDs measure endurance differently »SSDs increase in endurance when used for low-write processes SSD data recoveries are more complex »Inconsistent standards between manufacturers 16
SSD Data Recovery
Proprietary | Kroll Ontrack Types of HDD Failures
Proprietary | Kroll Ontrack Types of Flash/SSD Failures 19
Proprietary | Kroll Ontrack Types of Flash/SSD Failures User Error/Environmental Influences »Fire/Water Damage »Broken Connector/Physical Damage »Deleted Data »Virus Electronics Component Failure »Flash Controller »Flash NAND Memory Chip »Component Failure System Area Corruption »Erased/Corrupted Mapping Table »Erased/Corrupted Firmware 20
Proprietary | Kroll Ontrack Rise of SSD Deliveries and SSD Recoveries 21 SSD Drives Shipped Source: IHS iSuppli, January 2013 HDD Drives Shipped Source: Coughlin Associates, May 2012
Proprietary | Kroll Ontrack SSD Recovery Challenges 22 What?Why? Software/Hardware Proprietary ToolsOnly a few tools are on the market -new tools are constantly in development Time ConsumingNeed to research the algorithms used to originally store the data Wear leveling (balances usage evenly across all disk sectors) Creates added complexity when piecing the data back together – we see a lot of duplicate files RAID-like configuration Individual memory chips on devices make data less contiguous and difficult to piece back together Lack of standardized configurations Many recovery jobs bring new challenges and new algorithms
SSD Data Encryption
Proprietary | Kroll Ontrack Types of Encryption 24 Type of EncryptionRisks and Opportunities Software Encryption (eg. BitLocker, Pointsec, etc.) The master key is in your hands – even when a data recovery from a physically damaged hard disk is necessary the use of the key, password or pass-phrase guarantees access to your stored data. Hardware Encryption or Self- encrypted Drive (SED) The device holds the key to the encrypted data on your drive. The data is stored encrypted by default.
Data Erasure for SSD
Proprietary | Kroll Ontrack SSD Data Erasure Study Research from UCSD shows that techniques designed for erasing hard drives such as overwriting and using built-in secure erase commands are unreliable when used on SSDs and sometimes results in all the data remaining intact. Individual file erasure techniques all failed and left at least 10MB of a 1000MB file 26
Proprietary | Kroll Ontrack The Challenges of Data Erasure Retired Block: One bad cell can make a block become retired One Block has 128 pages 1 page 4 or 8 KB 27
Proprietary | Kroll Ontrack Data Erasure Techniques 28 Secure data erasure is at a very critical point with SSDs. Erase MethodSecurity Issues Erase SoftwareMay not completely erase SSD -Bad blocks, firmware, smart data not erased “Secure Erase Function” or “Enhanced Secure Erase Function” Secure-but not supported by all Flash controllers Physical DestructionSecure via shredding. Cannot re-use the drive Cryptographical EraseEncryption needs to be set up before data is written on the drive
Proprietary | Kroll Ontrack Recommendations for Data Erasure Our Recommendations for erasing sensitive data: Use encryption on your SSD from day 1 Delete the remaining data with cryptographic erase by deleting the encryption key. Employ multiple erase methods for encrypted drives Overwriting + Secure Erase + Cryptographic (SED) Use physical destruction Shredding If you want to be sure your data is erased – use Kroll Ontrack’s Erasure Verification Service 29
How Is Kroll Ontrack Overcoming Data Recovery Challenges?
Proprietary | Kroll Ontrack Staying Ahead Of The Curve R&D team fully dedicated to advancing our capabilities. Just In Time (JIT) development team available for customized software development and tools when needed. Long-standing relationships with leading data storage manufacturers. 31
What Should You Take Away From Today’s Webinar?
Proprietary | Kroll Ontrack Summary 33 SSD technology will continue to grow. »Choose your technology wisely… Do your research for your needs No matter how good or safe a technology is data loss can always happen. Be prepared and make data recovery a part of your disaster recovery plan. »Chose your data recovery provider carefully –Availability 24/7/365 –Possibility of just-in-time development of client-built tools –Do they provide R&D –What about data safety and data protection Don’t forget to back up your data regularly!
Proprietary | Kroll Ontrack Kroll Ontrack – Worldwide Reach 34 EMEA UK France Germany Italy Norway Poland Netherlands NORTH AMERICA Los Angeles Minneapolis Washington DC New York City Toronto APAC Singapore Hong Kong Japan Australia
Proprietary | Kroll Ontrack Thank you for your interest! What questions do you have? Peter Magnuson Key Account Manager Follow us on : 35