Recovering Data from Complex Multi-Topology Arrays

Complex Storage Array

Cutting edge technology comes at a price. It also comes with a very steep learning curve in the form of administration, configuration and operating knowledge. One wrong move, or concurrent failure, can bring down an essential piece of storage technology and with it, an enterprise’s most critical data.

Over 16 years we have developed many proprietary procedures to meet the most demanding situations

Virtualisation: VMWare & ESX

Instead of multiple hardware assets each controlling one or two individual core IT functions, virtual machines provide all of these roles within a single high-end server. With the added complexity of a virtualised environment, the array may contain operational instances of many different varieties of operating systems and server iterations. Consequently, the data content can be virtually impossible to retrieve without a thorough understanding of the vast number of combinations and attributes of this type of storage facility.

After building a construct of the array using hexadecimal analysis and RAID controller emulation, our engineers work backwards from the file level, creating a comprehensive map of the logical topography as they work through the various environment layers. Once they have reached the root level, or “hypervisor”, they scan for the signatures of the virtual machines and subsequently recover them.

Enterprise Storage: SAN & NAS, iSCSI, Fibre Channel (FC), Fibre Channel Over Ethernet (FCoE) & InfiniBand (IB)

Serving a massive amount of data calls for extremely high throughput and a solid piece of equipment to handle the user load. Enterprise filers are designed for this one purpose and perform this task exceptionally. However, even the most carefully designed fault-tolerant servers can fail, causing at the very least massive inconvenience to the enterprise.

Usually designed around a solid RAID level such as RAID-6 (dual parity), the manufacturer often goes one step further and improves on these elements, creating a unique proprietary solution which is supported only by the manufacturer’s equipment. This is compounded by the enormous volume of disks in these arrays, typically 20 – 60, creating an exponentially greater challenge in recovering data from these monolithic arrays.

Our engineers must identify the exact parameters of the array, through hexadecimal and Boolean algebraic analysis, in order to interlace the clones of all constituent disks and comprise a single entity. In addition to this, the unique properties of these enterprise storage devices necessitate creation of a custom solution to interface with, and extract data from, the established construct.

At Computer Forensics, we regularly use these custom solutions to successfully recover from huge arrays – recently 2 appliances each containing 3 32 disk volumes.

Scroll to Top