Just wanted to share an experience.
A small sister company had a small W2003 R2 server which "suddenly stopped working". Someone removed the drives from the server and gave them to me; adding either of the two disks as evidence in FTK IMager and FTK showed up as an unrecognised filesystem. The server had been re-built last year by a 3rd party who have since gone out of business and (no surprise) there was no documentation so we had no clue about how the server had been set up.
It was still possible to see that there was a lot of data on the disks, the company said that one disk was said to contain system files, programs files etc (C drive), the other to hold shared network folders (D drive).
Data files which we wanted to recover from the second drive included Word, Excel, PDF, PST, MP3, JPEG, plus a bunch of banking and finance stuff in proprietary format. We have a backup tape, and backup unit, but no immediate way of restoring.
Our central IT suggested some start-up RAID utilities but if they didn't work they said we were "goosed / knackered"
I put a question up on the AccessData user forum, the kind folks there were pretty sure this would be a RAID0 problem (which I had thought was a possibility but I have no experience with RAID) and pointed me to Runtime Software
So I spoke a little to Runtime Software and then
* downloaded Runtime's Live CD ISO and burned to CD (and copied to USB stick) so that we could boot the server
* reconfigured the drives on a different non-RAID SCSI Controller
* Ran the Runtime Lice USB and ran RAID Recovery for WIndows
* Identified the data we need to save
* Paid $99 for the license
And we're now in the process of saving who-know-how-many-gigs-of-data
And in the process I learned some stuff about SCSI, RAID, re-building RAID from images, perhaps even something about how perhaps SOPs would have helped us through this mini crisis - and to some extent what the difference is between IT Operation/Support people and forensicators (even ones as non-techie as me)
Cheers
P.S. I have no connection with Runtime Software, other than now being a registered user.
Cheers
Besides appraising the good guys at Runtime Software and their nice product, I guess it should be highlighted how setting up a server as Raid 0 is one of the most foolish things in IT practice, while doing so without an effective, tested (and possibly re-tested) backup strategy (either automated or manually performed and verified often) is "pure folly". 😯
That the "third party guy" which did that is now out of business is a form of "justice" but IMHO not enough
It's too bad that stupidity isn't painful.
And still remains to be fully cleared WHAT the heck your "central IT" guys are supposed to do (if not to check third party's work and make sure that sound backup strategies are performed). ?
jaclaz
RAID recovery can be something of a Black Art. Runtime has been my go to company for tools since Captain Nemo (for Novell). However I have run into proprietary cards and NAS boxes that have vexed quite a few applications. I now have probably six different RAID recovery tools in my kit.
RAID recovery can be something of a Black Art. Runtime has been my go to company for tools since Captain Nemo (for Novell). However I have run into proprietary cards and NAS boxes that have vexed quite a few applications. I now have probably six different RAID recovery tools in my kit.
Sure, but a Raid 0 should be a "piece of cake", those can usually be recovered even manually.
jaclaz
A RAID-0 is normally obvious because the MBR on one drive can indicate a disk of twice the size of the physical disk. As said above, the rest is trival.
RAID recovery can be something of a Black Art. Runtime has been my go to company for tools since Captain Nemo (for Novell). However I have run into proprietary cards and NAS boxes that have vexed quite a few applications. I now have probably six different RAID recovery tools in my kit.
Sure, but a Raid 0 should be a "piece of cake", those can usually be recovered even manually.
jaclaz
And your point, other than to be contrary? Did I every write that RAID0 recovery was not a "piece of cake"? Did I every write that a RAID0 could not be recovered manually? No. Sheesh.
If time is a factor, you can try recover it yourself
(dont be discouraged by the videos topic)
If you are uncertain of anything explained, go with a professional.
This is my favorite tool to recover broken RAID arrays http//
It works with or without the original RAID controller (and it works better without it). Most things are done automatically, but there's a healthy degree of manual control. Unrecognized file systems are OK, this tool supports most major ones even if they are severely corrupted. And, it comes with its own implementation of data carving, allowing to extract certain types of files (quite many, actually) even if there is no file system at all.