A fundamental role of an organization’s IT department is to protect its data. Most IT departments invest significant resources to develop, implement and maintain a process for backing up important data on their machines.

In case of computer world data recovery is, retrieving data, lost from a computer’s storage device, due to any possible reason caused data loss. As it is clear from its name data recovery leads recovery from data lost due to mishandling of storage device, hardware failure, lack of knowledge of the user, virus attack are or any other reason.

In today’s computer world, where data of any organization is the most important part in most of the cases and by any type of disaster in data may cause a lots of financial and business loss and the organization may ruin its reputation too.

It is very commonly heard problem in computer or IT world, that the employee of any company or any general computer user was having the very valuable data in his computer’s hard disk, floppy or in any other storage device and he is not able to access that information or he has lost that information due to any accident, Viral attack, mishandling of storage device or any other type of mistake while handling the data. It may be due to lack of knowledge of saving or protecting the data.

Not only in organizations, but also home users may suffer the same problem. Thus we can imagine a number of possible cases and reasons of data loss. So “Where there is loss of data, there is need of data recovery.”

Understanding Data loss

The IT departments of most of the organizations invest significant resources to develop, implement and maintain a process for backing up important data on their machines. Well managed environments also regularly test backups to ensure that restore operations can be performed quickly and accurately.

It is difficult to categorize the Data loss in case of computers. There may be lots of reasons that may cause the data loss. The loss of data in computers can be seen as, “The data lost last time was a bad case, but worst is yet to come.”

The above messages indicate a serious disk problem. The cause that leads these error messages may be logical or a physical problem. The logical problems can be because either the boot sector/partition table, FAT area or the directory area has gone bad. A detailed introduction of boot sector, partition table FAT area, root directories and data area has been given in the next chapters of this book.

A head crash is caused when the read/write heads of a hard disk come into physical contact with the disk surface that stores the information. Head crashes vary in severity but at their worst, the data on the hard disk can be renered unrecoverable.

The data loss may be due to lots of reasons some of important reasons may be as follows:

System Crash

If the computer is unable to run the boot process and operating system fails to read the stored data and instructions from the disk, due to any software or hardware problem, the disk is said to have crash. It is difficult to recover the data completely from the disk crashed by hardware problem, only by the programming however. In case of a disk crash, following messages are displayed:

“0 hard disks found”
“Drive failure”
“Hard disk failure”
“Sector not found...”
“Data error reading drive X:”
“No boot device available”
“Error loading operating system”
“OS missing or Operating system missing
“Non-System or Disk error,
Replace disk and press any key when ready”
“Invalid partition table”
“Track 0 bad...”

Every time if there is data loss in computer it has any reason of this disaster that leads the crash or even minor loss. There may be a number of possibilities but some most important factors are as follows:

Human Error

Human Error is the single largest contributor of Data loss instances. Generally, most of the cases have been noticed of Data loss are due the mistakes made by the user or employees of the organization in protecting the data or while handling the data. This includes accidental file deletion, incorrect usage or sometimes as serious as a Hard Disk Format.

For example : it is possible that the employee who is not having the proper knowledge of handling the sensitive data or the software that is if used in lack of knowledge may harm the data and lead to data loss.

Causes of Disk Crash

Cause of Disk Crash

Also some personal computer users have a tendency to execute any unknown software to know what it does without studying or without getting the information about its application and if the software has been developed for any task such that if illegally used may destroy the data partially or completely. It is also true for the executable files of virus like programs.

Common human errors include:

Accidental drive format
Erroneous file or folder deletion
Administrator mistakes
Mishandling of storage devices
Trauma caused by drop or fall
Lack of knowledge while using disk partitioning or troubleshooting software etc.
Illogical operating system installation/upgrading
Illegal power management or temperature settings in the setup system of the computer.

Software Corruption

Software corruption is also a big cause of data disaster and leads the loss of data. Most of the software development companies today give a big slice of time of the total development time of their software for adding the debugging codes to the programming of the software and try to make their program bug free. By doing so, the software may show compatibility with most of the hardware configurations and also may not get any corruption with or by any other software application or even by its own application.

Though the software is developed with proper care even then in today’s IT world software corruption is the second big cause of data loss after Human error.

For example : Let’s take an example of software corruption case. Suppose you were having any software ‘A’ in your system that created a system files suppose named ‘yyyyyy.xxx’ during its installation in the system files’ folder of your computer. After some time you installed any other software ‘B’ and it also creates the file with the same file name and in the same directory. But the newly created file may have completely different application than the previous one.

In such case if we execute the software ‘A’ it may call the application of the file ‘yyyyyy.xxx’ but this file is now replaced and will not work as described in software ‘A’ and in this way it may corrupt the software and may harm the data depending upon the corruption occurred in the software.

This is also possible in the uninstallation process of the software that uses any shared file and during the uninstallation process the shared system file has been deleted.

Software Malfunction

Though the data loss rate due to software malfunction has been decreased in previous years even then it is not completely secure. Popular desktop operating systems have also reported to have hung and caused severe damage to disk systems area resulting in data loss.

In the development of the latest operating systems and also in other software the proper care has been taken to list out the most of the possible cases to find out the reasons of data disaster by a sudden or slowly due to any software malfunction. These software now include the recovery program from the loss of data even due to the power cut at a sudden.

Hardware Error

Hardware error includes the physical disorder in the storage devices of the computer due to any reason. In this case the data loss may be due to the misalignment of read/write head, any possible problem in the surface of the platter or media of the disk or due to the burnt in the disk.

It is difficult to recover the lost data due to hardware problem completely even partially in some cases, only by the programming. It takes extra efforts and resources to recover data in such cases.

Virus Crash

Even today the virus is the first biggest fear that comes in one’s mind when data loss takes place in any computer system. Though the antivirus technology in today’s software industry has showed the appreciable results yet widespread instances of severe data loss have been reported when anti-virus software could not stop a virus from causing sever damage or when anti-virus software was not well updated.

Win-CIH (Chernobyl), Marijuana (March 6), Monkey, One-Half, Frodo, Spirit, Wyx, Nimda, Sircam, Klez are some virus that have caused major devastation and losses have been astronomical. Virus menace is still unabated and is continuing to cause data losses.

Sabotage

Cases of sabotage are being reported regularly and are increasing at an alarming rate. A majority of organizations still do not have a security policy. Unauthorized intrusions and damages caused by disgruntled employees and business competitors have resulted in major data loss. Dissatisfied employees have found crashing disks as a ploy to square up against employees.

Not only this, the jealousy of one employee from another is also responsible for the loss of data in this case. The employee who is not satisfied with the working manner or policies of another employee may try to harm the important data of the organization for which the target employee is responsible to protect.

Natural Disaster

This type of data loss is rare and reported the minimum frequency of loss of data. Flood, Fire, Lighting and Earthquake are some unavoidable causes of data loss. These causes can not be avoided by the human yet the manufacturer may have a plan while developing the storage device, to protect data in such condition.

Other types of Data Loss

Programming for data recovery and disk trouble shooting is not waiting the system of any organization or any user to be crashed only. There are also lots of cases that may make a user or organization feel to be in any type of data loss and it is not necessary for the system to be crashed to lead such type of data loss.

This type of data loss may also take place when system is suffering the partial crash of operating system or even in the case when your operating system is completely innocent and working properly and data is lost due to any other reason somehow. Let us try to find out some other main possible cases of data loss:

Loss of one or more partitions

The term partial crash of operating system may take place in such cases where we see that our operating system is working in a proper way. In such type of cases we do not feel any problem during the booting process and other operations of the operating system.

The only mystery that make the user unhappy is that he is not able to access all the logical partitions that he had earlier in his disk.

In such cases, the user may feel one or more partitions hidden of his disk and the operating system does not provide any information about these partitions. It is also a commonly possible case that you lose all the logical partitions except the boot partition of your disk in which you were having your operating system installed.

This type of loss takes place when the partitions information in the master boot sector is partially lost. It may be due to the misuse of FDISK like partitioning program in lack of knowledge or any Virus like attack in partition table entry.

Floppy Read Error

As I think, this is also one of the main reasons of data loss in any organization or for any personal computer user that causes the data loss frequently.

The floppy is one of the most unreliable sources of storage. It is a very common problem that the user was having some important data in a floppy and now the computer is displaying the message indicating floppy read error.

Though the loss of data in such cases is not major and also most of the time another backup of that data is available but in the cases when the backup were not saved or available, the loss of data takes place. The serious problem with the floppy is it frequency to display read error.

Floppy read error may also be very serious thing in some cases. For example, when you install antivirus or any other software in your computer that provides you the facility to make a backup or recovery disk which may help you to recover the system in case of some serious virus attack or due to some corruption of software, usually the backup is made in floppy disks.

In such cases it becomes very important for the floppy not to give any error when used to recover the system. The floppy read error in such case may make you to face a big trouble of data.

Deletion of important data

It is possible for any user to delete any important file by mistake under any confusion or misunderstanding. This type of data loss may be the loss of a single file or multiple files.

Password loss

The loss of password should also be included in the loss of data as it shows all the characteristics of data loss. Data loss takes place if user forgets his password and also like any other type of data loss, password is also needed to be recovered, if lost. However in this book we are not going to discuss any type password recovery.

Types and areas of Data Recovery

Almost in every software related problem it is possible to recover the data completely or partially however accuracy of data may lie in between the range from 100% to as low as 1%.

It depends on the cause of data loss and also the procedure of the cause to take place. The following table gives an idea of areas of data recovery in different types and cases of data loss created by software related problems:

Type or Cause of Data loss	Comments on possible data recovery by software and programming
Recovery of Deleted file(s)	Possible recovery is 100%, if it is tried to recover just after deletion. In case some other information has been written in the disk, the new data may overwrite the information of deleted file. In such cases it decreases the accuracy of recovery of deleted file and it may be as low as 0% depending upon the overwritten file area and deleted file type of course.
Recovery of disk Format	Data may be recovered up to 100% with special efforts, but you will have to suffer the loss of original names of files and folders especially which were in root directory. I still have not come to know about even a single software or programmer who can recover all the data after format of the disk with its original names. Provided that the disk should not be overwritten new data on it.
Recovery of Crashed OS	If the problem is software related and caused by corruption of MBR, it is possible to recover data 100% in most of the cases. However complications go on increasing with the factors DBR, FAT and root directories. As it starts to affect data area, complication goes on increasing rapidly.
Recovery of lost partitions	Possible to recover up to 100%, if caused only by partition table corruption.
Recovery from unreadable floppy	Recovery of data gives accuracy range from 100% to as low as 1 or 0%, depending on the surface of the media of floppy.
After zero filling in the disk or after use of data wipers	Recoveries by software 0%. Only by using the recovery software there is no hope of recovery even partially in such cases. However, magnetic sophisticated technologies are available today that can do recovery, even in such cases, where you have run the zero filling programs in your disk, even six times.

It does not mean that you can not recover data if the problem is hardware related. But it is not possible to recover data only by programming in such cases. It is recommended that you should go to a data recovery lab/canter in such cases.

Analyzing a computer before Data Recovery

When you are planning to recover the data on a large scale or from a complicated case of disaster, you need to analyze the problem and to finalize many important objectives to increase the accuracy of recovery and get the ease of task. This takes your attention towards the problem from many important angles.

In case of complicated disaster of the disk in which recovery of all the files including system files and OS is not possible, if you ask a user whose data has been lost, to tell you which of the file of his disk he want to recover , you just get the reply all of them. It is Ideal too to do so but you can not waste time and efforts on such system files and other files which are the part of OS or any other software that can be installed again later and have no importance for the user.

In this way you need to think according to following steps to prepare for data recovery:

Acceptable recovery period
Understanding various costs
User description
Defining the requirements
Making objectives
Acceptable Recovery Period

The acceptable period for recovery may be different for different type of systems and users. For example, when we have to recover the data of an engineering workstation it has many software development tools and several source codes in their disk.

In such cases, we can not take more than 4 business hours to recover such data as delay in recovery of tools and source codes may cause delay in the project works and loss of source codes may cause significant rework and project delays.

In case of marketing department workstation which has marketing tools and related data stored in it, we can not take more than one business day to recover data. However in case of personal computer users we can take some more time to complete the data recovery operations.

Understanding Various Costs

When dealing with data recovery, it is important to understand the true costs related to these mission-critical operations. Let us take a brief idea of these costs:

Downtime Costs

You can use downtime cost estimates to make better decisions about exactly what level of data recovery is required for different type of data loss. For example the data of any accounting server is critical and need to be recovered as it is.

The delay of even a single day may cause the loss of big amount. Other important costs to be considered are hardware costs, planning costs and other additional costs.

Data Recovery Costs

The data recovery costs are the amount of money required for data recovery process for different type of data loss. This is so important because it is commonly seen behavior of the customers of any data recovery center that the user compares the cost of recovery with the importance of the data.

The user will be interested in data recovery only if the cost of recovery is not so high for him as the importance of his valuable data.

User Description

User description may be very important factor to prepare the road map of data recovery procedure. With the help of this, you can easily find the way in which preferences are to be given to the different data in case of a complicated data recovery process.

It is done so, because in such cases, you can not waste the time and efforts to recover all the files including such unnecessary files and system files etc. that can be created again easily.

Defining the requirements

It is necessary to estimate the requirements before starting the data recovery. Definition of these requirements starts with some general statement of the problem. The basic objective of this step is to understand the problem thoroughly. During the requirement specification, the focus is on clearly specifying capabilities and facilities the system should provide when the entire process is going to take place.

Making objectives

After completing all the steps described earlier, you have to make your objectives depending upon the preferences found by user description, you have to finalize your objectives for which you have to work for recovering the data. These objectives provide a step by step path to recover the lost data or to make programs for special type of problems. By following all these steps you may avoid complexity in procedure as well as you may work with better accuracy in less time consumption.

Some Advices before beginning the Disk troubleshooting or Data recovery procedure

Think Positively and be confident: However it is a little bit difficult to keep you mind cool in such a condition when your important data has become inaccessible, yet you should start any recovery procedure with the positive attitude. You should be confident and should be completely sure of what you have done and what you should do.

Note-down the every step, you perform: It is a better idea to write down the every step and procedure that you follow to recover the data or for disk troubleshooting. By doing this you can get help to know if you have skipped any step or there is any mistake in procedure you used.

Not only this, if unfortunately you are not capable of recovering you data, the information of the steps that you have followed to recover the data, may help a lot to the data recovery center people. By this information they can easily find out the type of data loss and its cure procedure.

Be sure before rebooting the system: There are many problems of computer and operating system which are resolved by a simple reboot. However, although a reboot may solve your disk problem, it can also make things worse. So do not reboot the system carelessly without knowing the status of system and data of the disk.

If any TSR program is causing a system lockup, the simplex fix for the problem is a reboot. Even for other cases, if you have to reboot the system to cure some error, choose safe mode for rebooting.

Prepare a best suitable plan and stick with it: There may be many different recovery and troubleshooting procedures for different problems. But you have to choose such a procedure that is most easy, suitable to your system configuration, performs most stable and appropriate recovery and consumes lesser time.

There are some important steps given below that may be the strong part of you recovery plan:

Double-check that you are not doing something wrong.
Check the connection of hardware.
Check the software.
Back up whatever you can before going any further.
Before running any diagnostic program, you must be sure that it is nondestructive diagnostics program.
Remove the drive and controller, clean all their connectors, push any socketed chips back in their sockets, and reassemble the system.

Some tips to Protect your Data

“The prevention is always better than the cure”. Some important tips have been listed here to protect your data. By following these tips, we can avoid the loss of data and a difficult data recovery procedure.

Make the Backups

Backing up the boot sectors and other Directory information is always a wise procedure of secure your data. The different areas on your disk should be backed up at different intervals. A complete back up program consists of the following measures:

Make an emergency boot floppy for each system.
Make the back of MBR once, after FDISK command of DOS.
Make the back up of DBRs for each logical drive once, after FORMAT command of DOS.
Make the back up of the FAT and root directories regularly.
Make the back up of important user data regularly.

Perform surface scanning monthly

Perform the surface scan monthly to test the media of your device. By doing this you can fix the error in the very initial stage. Even if the scanning program is not capable to fix the disk, it may at least provide the information about the physical and logical status of your storage media. With this information you can get the help to back up your data and to find the solutions for the problem.

De-fragment of data weekly

With the creation of new files and deletion of older files the data of the disk becomes more and more fragmented. The fragmentation makes the accessibility of data slow and complicated. We shall discuss the disk fragmentation and defragmentation in detail, in the next chapters of this book.

The utilities for defragmentation of the data are available in the operating system. By maintaining the defragmented data, you can make the performance of the system better as well as comparatively Defragmented data is easy to recover if there is any disk crash.

Use good antivirus program

The viruses are the very big cause for data loss now days. To avoid the virus infection in your data and to protect your data, you must use a good antivirus program.

If you use the floppy disks and CDs in your computer, perform the scanning by antivirus before opening the disks in your computer or before copying anything from it. If you are using internet, always enable your email protection and internet security from the options of your antivirus settings.

Get into the habit of keeping your floppy write-protected

There are many viruses that have the tendency to spread their self to other computers, with the help of floppy disks by just copying their executable program to the floppy in the hidden mode.

A big proportion of viruses are boot record viruses and they cannot get at your hard disk until you boot your system from an infected floppy. You can read and write data on a floppy with an infected boot record for years and never become infected. But booting from such the floppy, even if it is not a bootable disk, will make your system infected with boot sector virus.

Do not use pirated games and software

The pirated games and software are usually prepared by some cracking or by following any other illegal procedures to run even after pirated. These procedures may not be compatible and suitable for the software and hardware configuration of every computer and may destroy your data.

Also, there is a significant number of such software, especially games which have been used as a medium to spread the viruses. Therefore using the pirated software may infect your system with some serious system virus and may cause a big data loss.

Data Recovery with and without Programming

By Author : Tarun Tyagi

← Prev Chapter

Next Chapter →