Services: Data Recovery
Goal
Reconstruction of accidentally lost (e.g. after a hard disk failure), deliberately erased or manipulated data (e.g. after an attack).
Initial Situation
The customer provides the objects from which the lost or compromised data need to be extracted (e.g. computer hard disk, fax machine, USB stick, etc.)
Approach
- Preparation: Basic information is gathered about the problem, the affected components, and the data that are to be collected.
- Research: If new technology or products are encountered their functionality is researched.
- Data back-up: The integrity of the data and the affected objects is guaranteed before, during, and after the data collection process (e.g. through back-ups or working only with a copy)
- Data collection: The data are extracted from the affected objects securely and transparently (e.g. constant logging, without write access).
Result
The customer is provided with a document which details the data recovery process as well as the recovered data. The recovered data are provided on a separate storage medium.
Pros and Cons
Sometimes data recovery is necessary in order to be able to perform a forensic analysis (see Forensic Analysis). However, such a data recovery sometimes requires a certain amount of effort, especially for proprietary and complex products.
Reference Example
Data Recovery Copy Machine: A financial institution accidentally discovered a possible case of fraud by one of its employees. During a forensic analysis a copy machine was confiscated. A post-mortem examination of the device was performed to collect evidence to confirm/disprove the suspicion. The reconstruction of the data that was cached on the hard drive was successfully completed after initial reverse engineering of the file structure, and the recovered data was subsequently transferred to the authorities to facilitate legal action.
