IT question and answers

The Importance of Recovering Data After Logical Damage

The entire process of recovering lost data from some damaged secondary storage media is termed as data recovery. The salvaging of the many important data is done when the secondary storage device fails to function normally. In such cases, the data are retrieved from several electronic storage devices such as the CDs, DVDs, many hard disk drives, storage tapes and various other storage formats. The disk damage can be of two major kinds, viz. the physical damage to the storage device or the logical damage of the files stored. The recovering of lost data therefore includes both the physical damage recovery as well as the logical damage recovery. The recovery process also involves the salvaging and securing of some deleted stuffs from the storage disk or device.

How to enhance the process of recovering lost data after a logical damage?

The primary cause of logical damage pertains to the power outages that affect the file system materials to be accurately copied in the hard disk drives or any other storage media format. As a result, the file system is left completely unsecured in an inconsistent status. This actually leads to roster of problems ranging from several abnormal behaviors of the disc drives and the storage devices to the entire system crash down and the eventual loss of every data.

However, there are also several programs formulated to combat the inconsistencies and the discrepancies of the operation system and the respective native files. The operating systems are mostly equipped with a rudimentary tool kit to ensure restoration of the file inconsistencies. Linux, Microsoft Windows and Mac OS X have different utility programs set to fight against the logical damage of the files. While Linux provides with the fsck utility and Microsoft Windows the chkdsk, Mac OS X comes with disk utility services. There are also several third party utility programs also available such as The Coroners Toolkit and The Sleuth Kit that are experts in recovering lost data just when the operating system fails to recognize them.

Number of logical damages is often referred to a kind physical damage mistakenly. Many times the hard disc read or write header starts to blink; this is often mistakenly considered to be physical disc damage while, actually it refers to the logical damage of the storage device.

How to prevent the logical damage

Since the logical damage of the file system has taken a huge shape with most other operating systems, therefore a wide range of journal file systems have been introduced to minimize the logical damage affectation. The latest journal files, NTFS 5.0, ext3, and XFS, are experts in their action and effectively reduce the chance of logical damage. Moreover, the files systems can always be rolled back, such as to lose only that portion of the data that remained in the drive cache during the system crash. The other previously stored data are restored safely in their respective place. Yet, even after all these; the data loss takes place at random. Therefore, it is of prime importance to maintain the system properly and regularly using a consistency checker.

The inconsistency checker actually acts effectively to reduce the complicacies of the file system software as well as deals with the many incompatibilities involved in designing storage hardware. One of such incompatibility results when the disc controller informs that the files have been saved to the disc while it has actually not been so. This often occurs just as the disc drives wrongly, report the file to have been saved in the disc, while it is actually saved in its write cache. As a result, when there is a power-cut, the file system becomes inconsistent just as the journals are lost or damaged. However, if the system is provided with a battery back-up, that enables the system to restore the files and prevent the loss of the unsaved data.

The basic recovering techniques

There are mainly two major recovering techniques used to retrieve and restore the lost data. They are consistency checking and data carving. The entire phenomenon of logical damage can be retrieved through the two ultra recovering techniques, the data recovery software actually fails to assure with guaranteed recovery or an absolute absence of data loss. For example, in case of the FAT file system, if two of the files decide to share the same allocation, then it is guaranteed of one of the files to lose all its data.

What is consistency checking?

Consistency checking involves the specific scanning and checking of the workings and function of the discís logical structure. This is done by detection through the file directory. Mostly, the directory contains two entries, dot (.) and dot-dot (..) entry; the dot entry pointing to itself and the dot-dot entry pointing to the parent system. The file system repair software is enabled to read through the dictionary to ensure the presence of the articles in the disc. However, if there is an error detected in the process, a report is printed to correct the problem. In this manner, the chkdsk and fsck utility programs work in recovering lost data from the system. This plan however, suffers from 2 severe drawbacks.

Firstly, if the file system is suffers an ample of the logical damage then it becomes impossible for even the consistency checker in recovering lost data from there. Secondly, what happens is that, when the utility checker finds out that a particular file is out of place or unimportant for the system, it automatically deletes the files from the system. This is actually maintained to keep the system run smoother in the absence of too many unwanted and scrap files.

What is data carving?

One of the major data recovering techniques, data carving includes the restoration of the files and data that have no allocated space in the system and are retrieved by the many sectors and clusters belonging to the group. The data carving process of recovering lost data includes a wide search for the desired file structures. Since there is simply no allocation information on the file signature, therefore, the investigator is required to give a block size of the file to get it detected and retrieved. The process is quite risky though, as there can be several false hits before the detection of the actual file. The method of preventing logical damage of the files is considered quite time and resource demanding.