Infohub‎ > ‎Lost and found‎ > ‎Found‎ > ‎

Data recovery made even too much simple


Strange world. Again. But perfect for my “Found” section…

I’ve always thought that el cheapo devices like thumb drives were too cheap to repair. They just get trashed, why spend time to disassemble them, un-solder the chips, analyze defective ones, and recycle good ones? Once again, I was wrong.

I bought a set of four colored 4 Gb pen drives from a store in Milan, paying about 25 Euros. Six Euros each. They should be super-cheap to produce to get to the market at such a low price.

By the way, I used a couple of them for a couple of months with no problems, only a little bit slow but hey, they are el cheapo devices!

Today I was playing with Winhex (again) and needed to experiment its recovery capabilities. So I thought to run it on the two sealed pen drives, write some data, delete it in several ways, and scan the drives again to see which data could be recovered.

I never reached the last step, I was stuck at first one. Running the “Particularly thorough file system data structure search” and “File header signature search”
 


resulted in 1951 files found! 

Ok WinHex, you’re giving me lots of false positive, aren’t you? Such programs may have a lot of enthusiasm, random bytes thought to be data files. On an out of the box thumb drive.

The problem is that looking at carved files and recovered directories, file names made sense. And after recovery they did contain data! I found bitmaps, photos taken with a NIKON digital camera, Photoshop half-baked works and mbox files, and a wealth of Mac-centric directories. The bitmaps did not contain geo-location data.

Creation date for the files dated back to about two months before I purchased the drives. Analyzing the other key resulted in uncorrelated files, but even those were plain readable files: again photos from a Digital IXUS and a bunch of files from an Office 2007 setup disk.

As you can probably understand, the problem is not in getting “deleted” data back to life. The problem is getting data you didn’t even have from some recycled chip.

Maybe I found out the one-in-millions case, maybe not. I read of similar behavior in some refurbished or second hand phones, but they cost money and I understand the recycling policy. Recent phones allow user to delete their data in ridiculous ways, so they can be a data mine.

Lesson learned: mechanically trash those pen drives when they are no more usable and seem broken.

I overwrote the whole drives, again using WinHex, and hope not to have some kind of compromising data on my memory devices.
 What if some investigation led to analyze my thumb drives and found such data? Are you *really* sure you have *nothing* to hide?