NAS RAID Recovery
0x80070035 Error code: NAS RAID Recovery Case Study
April 26, 2017
Lenovo data recovery: Hard drive 0xc000009 boot error
Error Code 0xc00000e9: Lenovo Data Recovery Case Study
May 1, 2017
WD My Book Live Duo NAS Array

This client came to us for our NAS array recovery expertise after losing the data from their Western Digital My Book Live Duo. The device had stopped responding and was no longer accessible. They pulled the My Book Live device’s two hard disk drives—connected in a mirrored RAID-1 NAS array—from the enclosure and plugged them directly into their computer. If only the enclosure itself had failed, the client hoped they could pull data off of the naked drives.ReformatGillware1

However, both the hard drives the client plugged in showed up as blank. Actually, they showed up as worse than blank. To the client’s computer, these hard drives were raw, and seemed to contain nothing but unallocated space. When a computer sees a raw, or unformatted, device, it asks the user to format it.

And, unfortunately, the client did. All it takes is a slip of the finger, and in the heat of the moment—we all know how stressful data loss is—it’s an easy mistake to make.

NAS Array Recovery Case Study: My Book Live Duo
Drive Model: Western Digital WD40EZRZ-00GXCB0
RAID Level: RAID 1
Total Capacity: 4 TB
Operating/File System: Linux Ext3
Data Loss Situation: NAS array stopped responding. User took the hard drives out of the device and tried to read them on their computer, but accidentally reformatted the disks.
Type of Data Recovered: Documents, photos
Binary Read: 100%
Gillware Data Recovery Case Rating: 9

The My Book Live Duo is a two-drive consumer-grade NAS, or Network Attached Storage, device. Western Digital’s NAS devices look a lot like their external hard drives (which, conversely, are considered DAS, or “direct-attached storage” devices, because they connect directly to your computer instead of your local network), and share a lot of the same features. Their innards, though, are a bit more complicated. Our NAS array recovery experts had their work cut out for them with this data recovery case. The features of the NAS, though, weren’t the challenge with this NAS data recovery case. Rather, the bigger challenge would come from something just about every Western Digital external hard drive has.

Western Digital My Book and My Passport external hard drives have a hardware-level encryption feature referred to by Western Digital as SmartWare. SmartWare is a form of full disk encryption, like Bitlocker or FileVault 2, in that it encrypts everything, not just specific files or folders. A highly secure encryption key scrambled all of the data on the hard drive, and only the password you set up can turn that key and turn that scrambled gibberish into readable data.

Why Can’t You Just Pull the HDD Out of a Western Digital External Drive?

WD My Book Live Duo NAS ArrayWhat makes SmartWare different is that unlike Bitlocker or FileVault 2, it exists whether you specify a password to secure your data or not. If you choose not to set a password for your Western Digital device, the layer of encryption is still there. SmartWare isn’t an opt-in or opt-out deal—it’s just there, whether you want it or not.

Normally this isn’t a problem. For SmartWare-enabled WD devices, including the My Passport and My Book (both in DAS form and NAS array form), the enclosure itself encrypts data flowing to the drive (or drives) and decrypts the data flowing out. If you did set a password, putting in that password tells the device to let you access the data. If you did not, the encrypting and decrypting process happens anyway, without your noticing.

So you might be able to imagine what happens if you remove a SmartWare-encrypted drive from its enclosure. You don’t have the special piece that handles decryption. (In the My Book, the enclosure uses a dongle plugged into the HDD; in the My Passport, though, the drive’s PCB has the parts built right into it.) As a result, you can only see encrypted gibberish.

Your computer doesn’t know how to interpret that encrypted data. Without a tool capable of bridging the gap and helping your computer understand what it’s looking at, your computer thinks it’s looking at an uninitialized disk. A disk it wants to format, install a fresh file system on, and start using as a totally new disk (with no data on it).

This is what happened to our client.

When SmartWare Requires Smart Engineers

Dealing with full-drive encryption such as SmartWare can make for a bit of a headache in the data recovery lab. Especially if the drive needs to be repaired, full-drive encryption hinders our engineers’ ability to strategically target the most valuable data on the drive.

To recover encrypted data, our engineers image as much of the hard drive as possible, then decrypt the image. If we’ve missed anything the first time around—which can happen if a drive needs extensive repairs—then our engineers go back to the lab, try to read more data from the platter surfaces, and decrypt again to see what we’ve gotten. It’s a more laborious process than a normal hard drive data recovery case.

In this data recovery case, recovering data from this Western Digital NAS array would present a challenge for our engineers. We quickly made 100% disk images of both hard drives in the RAID-1 NAS array. The drives were healthy. Or, rather, they had been before the client accidentally reformatted them.

Hard drive damage comes in two flavors: physical and logical. Physical, obviously, refers to actual physical damage to a drive. Logical damage refers to any sort of change to the drive’s file system that results in data loss. We include reformats, operating system reinstalls, and file deletion under the umbrella of “logical damage” when these (otherwise perfectly normal) operations are done accidentally rather than intentionally.

These hard drives had been logically damaged by the accidental reformat performed by the client. What’s more, the accidental reformat had dumped a little bit of unencrypted data on top of the encrypted data, destroying a roughly equivalent amount of encrypted data. This data lost due to logical damage could have been anything—filesystem metadata, actual files, etc.

NAS Array Recovery Results

Ancient palimpsest

The “old-school” method of reformatting and reusing a “data storage device”, centuries before hard drives

Recovering data from this RAID-1 NAS array was a bit like having to read a page of French handwriting after someone had erased some bits and scribbled some English words over it. (Archaeologists and historians call this a “palimpsest”.) It took some hard work to work around the SmartWare encryption on both drives. But the experts in our data recovery lab were able to persevere. We successfully recovered the vast majority of our client’s data from their reformatted Western Digital NAS array. This case ranked a 9 on our ten-point case rating scale.

Leave a Reply

Your email address will not be published. Required fields are marked *