$2,000,000 Clean Room! – DriveSavers Data Recovery Tour


You’d never know it from the outside But in there through those doors is one of the world’s oldest and most advanced data recovery companies. Drive Savers headquarters here in Novato, California features almost a hundred employees Almost that many security certifications and a two million dollar ISO five clean room and they sponsored us down here to have a close look at how it is they take this and Turn it in to this So let’s go inside ( Intro Music plays) We’re gonna kick things off in the museum as Long as our escort says that that’s okay Security is a huge Deal at Drive Savers not just on the outside of the building, but also throughout it, so guests get these incredible badges that actually change color over time eventually turning red so that anyone who sees it will know to – kick me out or call the cops and everything in here is on a need to access basis with biometric security on secure spots and Annual background checks for all staff members
So these guys have recovered data from pretty much everything that you would normally think of – hard drives phones laptops SSDs and From a lot of things that you probably wouldn’t think of defibrillators photocopy machines and even a TiVo so the museum here contains many of their biggest success stories both in terms of the importance of the data That was recovered, uh they once saved Twisted Sisters Christmas album and twelve episodes of The Simpsons Including the conclusion of the who shot mr.. Burns cliffhanger during a national contest to guess who did it and in terms of the difficulty so run over by an 18-wheeler check, lit on fire Check buried in a mudslide check that too – this one that you’re looking at right now was actually pulled from a sunken Cruise ship after sitting underwater for two days, it had the owner’s memoirs Successfully recovered from it now. Let’s talk about how they do it Consultation and in some cases even diagnosis with an analysis of what data they expect to get back is free so you send in your drive, we’re shipping sorts it into a colored bin according to the priority of the job and the uhh (cough) Cleanliness of the drive or device and you might think to yourself ah come on. It’s a hard drive how dirty could it be, but they’ve actually had to obtain a Geiger counter to evaluate the radioactivity of drives coming out of nuclear disasters And through some of their forensics work They’ve even seen devices come through here that were found on murder victims One phone apparently had the camera element gouged out Before being placed back on the victim’s body in an apparent attempt, to get rid of the photos So yeah drive savers got that **** back good work idiot Hope prisons treating you well, from shipping your bin travels to one of a few different places and we’ll go through those in a minute, but Everything will eventually get the cloning treatment and that starts here drive savers keeps a huge inventory of spare Wiped donor drives because, you dramatically improve your chances of recovery if you’re working with a bit 4-bit Digital copy of your data set it gives you the time to analyze more than just what files were there and then dig into Who accessed them when, what did they do? These kinds of things can be particularly important in cases of corporate intellectual property protection for example Where there might have been some attempt to destroy data or cover up a data access The folks in this room also do the initial analysis of raid arrays using Software tools like the one you’re looking at here to rebuild the array logically and determine which drives are probably working fine Versus which ones will likely need physical repairs before making a cloning attempt, and they’ve got the hardware for everything from Reconstructing a – a four drive home Nazare to this over here. This is a 45 drive j baud That’s on standby waiting for I don’t know maybe another 96 drive server that got gallons of water dumped on it due to a sprinkler system malfunction because, yeah That was a thing that happened but as you saw in the museum a Lot of the hard drives that come through here need a lot more than a little bit of software rika jiggering so Welcome to the clean-room! Or strictly speaking. This is the inventory room and the cleaner was on the other side of the glass, but but this stuff’s cool Too in here, they’ve got basically every hard drive. You could imagine. They’ve got two and a half inch! they’ve got three and a half inch! They’ve got Todd the latest helium sealed drives and all the way from the latest to look at these Clunkers, I mean look at this, this is called a mini scribe I guess you know relative to this guy It is pretty mini, but basically the point is Whatever the text on the other side of the glass inside that is o5 cleanroom so that is less than 100 Thousand point one micron particles per cubic meter ten thousand times cleaner than a normal room, whatever they need They put a request onto this little cart. It comes out here. We load it up We fire it back in there and whether it’s a brand new driver an ancient one they start the process of Rebuilding one working drive from the donor and the recipient Now they did put away some of the proprietary equipment that they use, uh for example They found a way to work on helium sealed drives, which won’t function at all in regular air That’s seven times more dense and so they wouldn’t show us like I don’t know how they either Reseal them or put them in a helium chamber or something, but this place is still incredible, so thanks to the 34 filtered fans air is circulated in here so quickly that it’s not only clean But they can actually do soldering work Anywhere in this room without disrupting anyone else’s sensitive recovery operation incredible, and an operation it is They actually agreed to let us do an actuator swap so Stay tuned for that video because I’m super stoked for you guys to see it. Anyway for now let’s continue our journey so then With the drive physically working, I mean it’s copying data. They can just ,send it back to you, right wrong so this guy right here is Working, but it is not reliable drive savers wouldn’t be able to keep their warranty approved service status with Every major hard drive vendor for very long if they pulled that kind of a stunt so the next step, then is Logical recovery where, maybe not all but some of the data should be recoverable even in cases of severe physical Damage, like we saw downstairs in the museum, and we’re going to head over there But first we need to make a quick stopover in flash memory town now hard drive recovery is complicated Flash memory hoho well, that’s a whole other ballgame son. So what you’re looking at here is raw ones and zeros off a flash chip So you can think of it kind of like a QR code? except that there is no app for your phone to read it and Making matters even more difficult this middle spare area part right here Well, that contains information about where the block numbers are where your ECC belongs etc. It’s such a really good stuff except Oh wait That gets intentionally scrambled in many cases as a security measure So figuring out which bytes are bad and getting the whole thing to turn green Takes a lot of knowledge and then to do it quickly takes years of Experience and even getting it to that point isn’t trivial in many cases flash memory chips require proprietary not to mention expensive readers and They come from devices, but don’t always want to give them up easily including everything from standard Apple or MDOT 2 to SSDs and computers to, camcorders Mp3 players like what year is it? I know right. and even bear flash chips that are soldered on to the motherboard like in some of the latest Mac books THANK YOU APPLE and the craziest part is coming back to device security again on a Device with a security module, like an iPhone for example, so you can see in this footage They’re taking apart and iPhone 10 for us that might later Be used as a known good for a customer recovery attempt. You could actually need at least FOUR components to even hope to pull data off of it the NAN flash itself, which needs to be de solder from the board and The baseband I see the controller which you can actually see from this disassembled A8 chip actually sits under the RAM with contacts on the top and bottom and The ROM. So four parts, which means that if you were to hope to pull data from a badly damaged, one of these You would need to desolder, clean, reball, and resolder all of these four components successfully to a donor phone and did I mention by the way that even the couple generations old A8 processor already had eleven-hundred contact points, so they apparently haven’t attempted an operation like this with the ten YET But they think that it might be possible (#MIND BLOWN LINUS) Finally we’re in Logical land now stuff without any physical damage to the hard drive itself may end up coming straight here like Let’s say for example You plug the wrong power supply into your external drive enclosure like this and it released all of its magic blue smoke Tella he actually sent this drive to drive savers four years ago But ended up opting not to go forward with the recovery service So as you can see from what we pulled off of this drive. It’s clear that for some people It’s not necessarily going to make sense necessarily to pay for data recovery if all you’ve got that’s Not backed up somewhere is Clips from a Cheech and Chong live concert. With that said, even around here at Drive savers where their bread and butter is failed or corrupted devices, they still absolutely preach the principles of data backup, because the cold hard truth is even if you are an extremely skilled data recovery engineer there are still things that can take out your storage permanently. So I think a perfect example of that is our host today, Mike, ended up losing pretty much all of his data in the Santa Rosa fires. So even though he’s an executive here at DriveSavers there was nothing he would have been able to do about that if he hadn’t had an off-site backup. So at the end of the day, that’s the takeaway guys. Make backups of your data; the three-two-one principle should never be ignored But in the event that something goes terribly wrong Drive savers has got your back. I want to thank them for making this video possible I want to thank you guys for watching and you can check out the link to drive savers in the video description (bloopers time!) Yeah, no no. No I think I can I think I can do it no problem this time. OK OK (SUBSCRIBE FOR MORE AWSOME CONTENT)

100 Comments

Add a Comment

Your email address will not be published. Required fields are marked *