The document discusses disaster data recovery methods for HDDs. It describes how physical damage from events like floods, earthquakes or head crashes can corrupt HDD components like the PCB, firmware or platters, preventing normal access to data storage areas. The document outlines challenges in recovering data from scratched or dusty platters due to their close proximity to read/write heads. It proposes research into precision surface cleaning and analysis techniques to improve data recovery rates from physically damaged HDDs.

1. Disaster Data Recovery method for HDD
by Dai Shimogaito
January, 17th, 2014
at CODEBLUE in Tokyo

2. What is Disaster Recovery ?
1.To Recover Computer System
which had suffered from natural disaster, like
tsunami, river flood, storm, and earthquake
Platter Surface Damage
2.To Protect Computer System and get Ready
for a large scale crash.
AFTER
Disaster
The most difficult
problem for data
recovery
BEFORE
Disaster
Physical Damage caused by Software
HDD Customization for Platter Damage

3. Three Failures Lead to Data Loss
• Logical Failure
• System failure
• Data corruption
• Deletion of data.
• Electronic Failure
• Printed Circuit Board (PCB)
• On or more of the PCB components
• ROM or the System Area data is damaged.
• Physical Failure
• Sticktion
• Spindle bearing is frozen
• Head crash (dropped hard drive).

4. Features of HDD which suffered from natural disaster
1. Chips on PCB are gone
2. HDD falls down and gets stong shock
3. Dirt comes inside HDD
4. Water comes inside HDD
Severe Damage !
Normal Data Recovery Process is useless, because the damage level is extremely high

5. After a Natural Disaster, HDD can look like this

6. What is Data Recovery ?
Trying to image data from non-accessible HDD sector by sector.
アクセス不能なHDDから、できるだけ多くのデータをクローンコピー取得を試
みる
Copy
Broken
No access to data
（故障でアクセス不能）
Good
Full Access to data
（正常動作するHDD）

7. What is Data Recovery ?
Basically, parts replacement is the way for temporary repair.
基本的には、故障した部品を交換して、一時的にHDDを復活させます。
Fire Accident

8. What is Data Recovery ?
100% clone is always preferrable, but the result depends on the type of damage to HDD
and the data recovery process.
できれば100％クローンコピーの作成が望ましいのですが、故障の種類や損傷の
強弱、そして復旧プロセスの違いによっては、回収率が低くなることがあります
。
←
Low
High →

9. Replaceability with Donor Part （ドナー部品との置換性）
HSA YES [ Head Stack Assembly ]
Head Map, Capacity, Architecture Family, Microjog
SPM YES [ Spindle Motor ]
Seizure Problem, Lubricating oil
PCB YES
[ Printed Circuit Board ]
Serial ROM, NV-RAM, Fuse, Resister, Diode,
Capacitor, Coil, Microchip / Repairment is also useful
FW YES & NO
[ Firmware ]
Unique module, Non-unique module, Regeneratable
module, Essential Module
Disk NO [ Platter ]
Bad Sector, Scratch, particules on surface

10. Replaceability with Donor Part （ドナー部品との置換性）
HSA YES
SPM YES
PCB YES
FW YES & NO
Disk NO

11. Replaceability with Donor Part （ドナー部品との置換性）
HSA YES
SPM YES
PCB YES
FW YES & NO
Disk NO
スラスト軸受
回転方向
ジャーナル軸受
回転方向
潤滑油
溝
ディスク

12. Replaceability with Donor Part （ドナー部品との置換性）
HSA YES
SPM YES
PCB YES
FW YES & NO
Disk NO

13. Replaceability with Donor Part （ドナー部品との置換性）
HSA YES
SPM YES
PCB YES
FW YES & NO
Disk NO
SA
Service Area
UA
User Area
SA
SA
SA
SA
SA SA SA
SA
SA
SA
SA
SA
SA
SA
SA SA
SA
SA
SA
Firmware = Service Modules
SA Modules are located on platters

14. Replaceability with Donor Part （ドナー部品との置換性）
HSA YES
SPM YES
PCB YES
FW YES & NO
Disk NO
Data is recorded into platters.
Replacement means nothing.

15. Replaceability with Donor Part
HSA YES [ Head Stack Assembly ]
Head Map, Capacity, Architecture Family, Microjog
SPM YES [ Spindle Motor ]
If unique parts are corrupt, Seizure Problem, there Lubricating is no way oil
to recover data
PCB YES
[ Printed Circuit Board ]
Serial ROM, NV-RAM, Fuse, Resister, Diode,
Capacitor, Coil, Microchip / Repairment is also useful
FW YES & NO
[ Firmware ]
Unique module, Non-unique module, Regeneratable
module, Essential Module
Disk NO [ Platter ]
Bad Sector, Scratch, particules on surface

16. The Most Difficult problem is Platter Damage
3.5inch PATA

17. The Most Difficult problem is Platter Damage
2.5inch SAS

18. The Most Difficult problem is Platter Damage

19. The Most Difficult problem is Platter Damage

20. The Most Difficult problem is Platter Damage

21. For a long time, DR from scratched disk has been impossible
If the surface is partially damaged, there should be
recoverable data in the areas which were not
damaged.
部分的にしかキズが付いていないなら、
それ以外の部分にはデータは残っている
はず、、、、、、

22. Why is it so difficult to read damaged surface ?
Let’s take an extreme close look at
Disk & Head !

23. Disk Surface & Slider
Flying Height
1-3 nm
Lubricant Layer 1nm
潤滑層Diamond Like Carbon Coating Layer コーティング
層
Magnetic Layer
磁性層
3nm
Disk Rotation Direction →
1 ～3nm
Slider
スライダ
R/W Head

24. The gap between Head and Disk is very small
Slider
Flying
Height
1-3nm
PPaarrttiiccllee SSiizzee ooff
CCiiggaarreettttee SSmmookkee
110000--11000000nnmm

25. How head crash damages the surface
Slider R/W
Lubricant Layer
DLC Layer
Magnetic Layer
Head
Slider R/W
Lubricant Layer
DLC Layer
Magnetic Layer
Head
Slider R/W
Lubricant Layer
DLC Layer
Magnetic Layer
Head

26. Cause of malfunction of HSA when reading damaged surface
1. Scratch is not the main cause of
the bad operation of Head Stack
Assembly
2. Particles on the surface stick to
sliders.
3. Slider’s flying becomes
unstable because of the particles
on the surface of the disk and
the sliders.
So, Let’s clean the surface !

27. Disk Burnishing Process

28. NO DUST
NO PROBLEM

29. The 1st step of the research completed with a good result
94%
UP !
0.02%
Newspaper : Nikkei Business Daily,
26th Septempber 2013

30. Precise surface analyzing is required for better recovery
Optical Surface Analyzer

31. July 2012, research was started by Prof.Hiroshi Tani
Prof. Hiroshi Tani
@ Kansai Univ.

32. What we can do BEFORE disater occurs
Physical Damage caused by Software ???
ソフトウェアがハードウェアを壊す？？？

33. What is the HDD’s Boot Sequence ?
Let’s go to the finish line
together with everyone !
Start Finish

34. HDD’s Boot Sequence
Needs to complete each sequence,
then can reach to “Ready” mode
PowerON Ready

35. User Area & Service Area
SA
Service Area
UA
User Area
SA
SA
SA
SA
SA SA SA
SA
SA
SA
SA
SA
SA
SA
SA SA
SA
SA
SA

36. SA Modules
• P-List : Primary Defect List
• G-List : Growth Defect List
• Translator : LBA access ⇔ PBA access
• S.M.A.R.T.
Self-Monitoring Analysis and Reporting Technology

37. Defects
× ×
×
×
×
×
×
×
Defects info = Position of Bad Sectors in PBA

38. Defects info is Unique to each disk
× ×
×
×
×
×
×
×
×
× × ×
×
×
× ×
×
×
×
×
×
×
× ×
×
×
×
×
×
×
×
×
×
×
×
×

39. Defects info is Unique to each disk
P-List : Primary Defect List
× × × ×
× × × ×
G-List : Growth Defect List
× ×
×
×
×
×
×
×
×
×
×
×××

40. Number of Defects

41. PBA（物理アドレス）とLBA（論理アドレス）
LBA exists logically upon PBA. The following shows good sectors from address 0.
通常、“アドレス”や“セクタ”が指す対象は論理アドレスのこと。
下図は、欠陥セクタが無い正常なセクタが連続している領域の状態を示していま
す。
Physical Block Address 物理アドレス →
0 1 2 3 4 5
Logical Block Address 論理アドレス →
0 1 2 3 4 5

42. Defects Controlling （不良物理セクタの管理）
物理アドレス →
P-List Table
2・・・
0 1 2 3 4 5
論理アドレス →
0 1 2 3 4

43. Translator
Converter function between LBA and PBA
If the translator is broken, no data is accessible. One of the most important module.
論理アドレスと物理アドレスの変換テーブル
このデータが読めなければ、プラッタ上の全ての磁気データを読み出すことができたとしても、ファイル
やフォルダは一切復旧できません。SAモジュールの中でもトップクラスの重要度です。
PBA
物理アドレス
LBA
論理アドレス
0001
0687
1968
3786
9821
0001
0508
3544
9871
0051
Access Request
From Host
ホストからの
Access to the physically アクセス要求
Assigned position
プラッタ上の指定
エリアにアクセス

44. SA Modules are loaded into PCB
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
Complete
(^o^)

45. When SA Modules loading completes fine
PowerON Ready
Wow , I did it !
I have access to all
data !
やった！
LBA全域アクセス
できるぞー！
LBA Zone

46. Damage of SA Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
Error！
Can’t Read
Or
Module is
corrupted
ABORT

47. Damage of SA Module : No LBA Access
PowerON Ready
I can’t access LBA zone,
because there was a SA module
error.
The data should be in LBA Zone,
but I can not access LBA 0
SAモジュールに異常があった
から、LBA領域にアクセスで
きない。HDDにはデータある
はずなのにな。
LBA Zone

48. NO SA
NO DATA

49. If the SA module error was caused intentionally by ,,,,,
もし、誰かがわざとSAモジュールに異常を生じさせたら、、、

50. Intentional Damage to SA module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module

51. Intentional Damage to SA module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module

52. Damage of SA Module : No LBA Access
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
Error！
Can’t Read
Or
Module is
corrupted

53. Intentional Damage to SA module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
Error！
Can’t Read
Or
Module is
corrupted

54. Damage of SA Module : No LBA Access
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
SA
Module
Error！
Can’t Read
Or
Module is
corrupted
ABORT

55. BARUSER
Let’s see what happens to HDD
さあ、実際にやってみましょう

56. BARUSER
BARUSER = BARUSU + ER

57. Main Concept of HiDR ( High Integrity Data Recovery )
SAモジュールは百種以上！
このサンプル事例では、
WD10EADS-22M2B0 を使用。
SAモジュール数は全部で397 種

58. Main Concept of HiDR ( High Integrity Data Recovery )
このサンプル事例では、
WD10EADS-22M2B0 を使用。
SAモジュール数は全部で397 種
必須かつユニークなのは7 種
7 ÷ 397 ≒ 1.76%

59. Main Concept of HiDR ( High Integrity Data Recovery )
Only 1.76%

60. Hot Swap Method ： ホットスワップ手法
通電した状態のまま、PatientにPCBを付け替えます。
通電したまま

61. Main Concept of HiDR ( High Integrity Data Recovery )
未開封、ヘッド交換なしでＩＤ認
識しないＨＤＤでもデータが読め
る
必要最低限のモジュールアクセス
だけで済む
障害部位を確実かつ詳細に把握し
、尚且つデバイスの特徴を予め研
究調査しておくことで、より安全
かつ多くのデータを回収すること
ができる。
クリーンエア環境下とはいえ、開
封時には異物が混入することは避
けられない。クリーンルームが絶
対にキレイとは限らない。
Non-Destructive Method even for
HDD which doesn’t give its device ID.
The least access to the magnetic disk
for its booting is enough for data
recovery.
It is good to know the details of SA
modules because the integrity of data
recovery process becomes very high.
Do not rely too much upon clean
rooms because inside of the clean room
is not always clean.

62. Security or Utility
Hacked Cracked
Good for
Data leakage preventing
ＶＳ Bad for
Future data use

63. HDD customization against Future SA Damage
Head Platter
Head 5
Head 4
Head 3
Head 2
Head 1
Head 0
Head Map

64. HDD customization against Future SA Damage
Head 5
Head 4
Head 3
Head 2
Head 1
Head 0
System Head
Head Platter

65. HDD customization against Future SA Damage
Head 5
Head 4
Head 3
Head 2
Head 1
Head 0
System Disk
Head Platter

66. HDD customization against Future SA Damage
SA exists only on the system disk, h0 and h1
SA Region for h2,h3,h4,h5 are empty
Head Platter
Head 5
Head 4
Head 3
Head 2
Head 1
Head 0

67. HDD customization against Future SA Damage
Utilize the empty zone for SA backup !
Head Platter
Head 5
Head 4
Head 3
Head 2
Head 1
Head 0

68. http://www.disaster-data-recovery.com/
Initial Response Guideline
For Disaster Effected HDD
1. Do NOT Power ON !
電気を入れない！
２．Do NOT Dry before cleaning !
洗浄前に乾燥させない！
３．Sea Water should be removed ASAP !
海水で腐食は待ったなし！
ガイドラインを多言語化（英語・日本語・ロシア語・中国
語）