24TB of confidential data recovered from RAID 6 array

16 June 2015 by Milagros Gamero

The Client

A large UK company lost highly sensitive business critical data from one of its RAID 6 arrays when the company replaced two failed drives on a RAID 6, but the system failed to rebuild and data was lost.

The Situation

The customer was using a EonStor Infortrend RAID 6 array to run a range of business applications and had replaced two of the two terabyte SATA drives in the system (which had failed) with replacement drives.  However, the system had failed to rebuild after the drive change, which meant that data was not accessible. The lost data was business critical and highly confidential information.

The Solution

Unfortunately the customer’s RAID system had not been rebuilt or reconfigured when the new drives were added.  As a result the missing data was still held on the two failed drives and had not been replicated on to the new drives.

The company approached Kroll Ontrack for help and provided all of the drives apart from the two failed drives. It chose to work with Kroll Ontrack on the basis of its technical track record and because it had security clearance for working with confidential data.  It was also able to provide a cost-effective solution when compared with competitive quotes.  Kroll Ontrack was able to complete the job in a shorter timeframe than other companies, achieving full data extraction within just two weeks compared to the three to four months quoted by competitors.

The two new drives did not contain any of the missing data as the system had not been rebuilt.  And because the drives that had been replaced were missing, it was impossible to know exactly why the drives failed or what error message the users were seeing.

However, working with a specialist toolset the engineering team at Kroll Ontrack were able to recover and rebuild all 24 terabytes of missing data from the RAID array.  They were able to rebuild the missing data from the failed drives using their specialist toolset within two weeks of development time.

The fact that the customer was using a RAID 6 array helped the situation as it meant that the missing information could be restored from the existing data on the other drives. Each RAID controller uses different algorithms and a concept called parity to create a RAID 6 configuration and Kroll Ontrack had tool support for most of the controllers to rebuild two missing drives on a RAID 6 configuration.  However, the team didn’t have existing support for an Infortrend controller but the R&D team was able to develop and add support for this controller type within a short period of time.

The Outcome

The client was delighted with the outcome of the RAID array recovery and data restoration.  In all, 24 terabytes of data were identified and restored within four weeks.  None of the confidential data was compromised and the solution provided by Kroll Ontrack was cost-effective and completed within a very short timeframe.

Don’t let it happen to you!

To avoid this situation happening to you, here are some helpful tips:

  • Take regular backups so that if your system fails you have an up-to-date version in another location, preferably offsite
  • Closely monitor hardware systems for any failures so that you notice as soon as problems occur
  • Work with hardware manufacturers’ lifecycles and replace hardware after the recommended time period to avoid any failures. Traditional hard drives work 24/7, 365 days a year so after few years there is a high chance for the hard drives to fail. Try using a SMART tool to monitor your hard drive’s health, such as Ontrack EasyRecovery.