In this case study, a small dental clinic had been using a single SAS Seagate hard drive to store their DentiMax dental records database. This enterprise-grade hard drive stored the X-ray images taken by the firm’s DentiMax CMOS sensors, along with electronic health records for the clinic’s patients. Needless to say, this was very important data for the clinic. Unfortunately, somebody accidentally quick formatted the hard drive, rendering all of that critical data inaccessible. The client then came to us for our secure quick format recovery services.
Accidental Quick Format Recovery Case Study: DentiMax Health Records Database
Drive Model: Dell/Seagate Constellation ST950043055
Drive Capacity: 500 GB
Operating System: Windows
Situation: Hard drive was accidentally quick formatted
Type of Data Recovered: Sensitive electronic health records from DentiMax practice management database
Binary Read: 100%
Gillware Data Recovery Case Rating: 9
Accidental reformats are just that—accidents. Sometimes the user is trying to format a certain partition and reformats another one by mistake. Sometimes a hard drive’s boot sector becomes corrupted or the drive has suffered a minor or intermittent physical failure, prompting the user to reformat it. The user may not be aware that reformatting will cut them off from their data until it’s too late. Whatever the reason, accidental quick formats aren’t usually the end of the world—especially not with Gillware on the case.
Quick Formats vs Full Formats
In Windows, there are two ways to format (or reformat) a hard disk drive: the full format and the quick format. From Windows Vista onward, a full format writes zeroes to every sector in the disk before creating the new volume metadata. By writing zeroes to every sector it can read, this format wipes out most of the old data irrevocably.
Because the process is so much more involved, the full format is generally used only when the owner of a drive plans to sell or give away the drive and wants to make sure that 1.) the drive is physically healthy (it can write zeroes to every or almost every sector) and 2.) their personal data has been reliably wiped from the device. It’s not the most sure-fire way to make sure the drive’s data has been completely erased, but it’s close.
The most common method of formatting a disk is the “quick format”. This is, as its name suggests, the fastest way to format a hard drive, and it’s the one people are most likely to choose by accident. Instead of erasing the entire hard drive, a quick format simply creates new partition metadata, such as the partition table, superblock, and file definitions.
A quick format overwrites only a few sectors on the drive. The new filesystem metadata covers up the tracks pointing to the files that previously lived on the drive and can damage the old metadata, but usually avoids doing any immediate damage to user-created files. When Gillware receives hard drives that have been accidentally reformatted, a quick format is almost always the culprit.
Data Recovery Software to recover
lost or deleted data on Windows
If you’ve lost or deleted any crucial files or folders from your PC, hard disk drive, or USB drive and need to recover it instantly, try our recommended data recovery tool.
Retrieve deleted or lost documents, videos, email files, photos, and more
Restore data from PCs, laptops, HDDs, SSDs, USB drives, etc.
Recover data lost due to deletion, formatting, or corruption
Accidental Quick Format Recovery
When we receive a healthy quick formatted hard drive, the most important factor for data recovery is how much use it has seen since the format. When the quick format process runs its course, only a few sectors of filesystem metadata are written to the drive. Continued use of the drive after reformatting, though, overwrites the user’s old data, which is still on the drive (albeit just out of the user’s reach).
The enterprise-grade hard drive in this quick format recovery case hadn’t been used after the accident. The only casualties of the quick format was a small portion of the root directory structure that had been overwritten. Usually this wouldn’t be a big deal, as long as the vast majority of the user’s files were still intact. However, in this case, the directory structure was very important.
The user’s critical data was the database created by their DentiMax practice management software. Many databases, such as Sage 50/Peachtree accounting databases, are extremely sensitive to the way their files are organized. Just a few files out of place can prevent the database from functioning altogether.
For this DentiMax database, only a few specific file directory paths were absolutely critical. The success of this case depended solely on whether or not the DentiMax database had been affected. If those specific paths had been hit, the results of the recovery would be very poor.
After we’d fully imaged the client’s drive and uncovered the old filesystem geometry, we sent them a list of the recovery results. The client paid careful attention to the recovery results. They confirmed that the directory loss hadn’t affected their critical DentiMax database of electronic health records.
In accordance with our HIPAA-friendly security policies, we sent the client their recovered data on a password-protected hard drive to ensure that their sensitive data was completely safe. Our engineers rated this quick format recovery case a 9 on our ten-point case rating scale.