Data recovery and encryption, a cautionary tale with a happy ending

Data recovery and encryption, a cautionary tale with a happy ending

Summary: Drive recovery isn't just about files any more: howabout recovering a Bitcoin wallet from a formatted Surface Pro?

SHARE:

If you don't trust the encrypted Bitcoin wallet cloud services, that promise to store your Bitcoin wallet online and not take any coins out, you can always keep your wallet on your PC - encrypted for safety.

There is a potential downside, of course. One Surface Pro user was doing that; they had their first generation Surface Pro 64GB dual booting with Windows 8.1 and Ubuntu, with the only copy of their Bitcoin wallet.

But when they decided to take Ubuntu off the system (the kind of spring cleaning the Christmas break is handy for) and managed to accidentally format the Windows partition as well in the process (which is easier to do in a partition management tool than you might expect), they also lost the only copy of the wallet.

Getting it back was a little more complicated than most of the drive recoveries, Chris Bross, senior enterprise recovery engineer at DriveSavers told me at the Storage Visions conference.

The engineers had to develop their own custom boot kernel to work with the files. It's worth noting that it  was lucky that the owner had set up dual boot in the first place, because that meant they had disabled the TPM secure boot option - which would have stopped a custom kernel loading at all.

It was also important to get the wallet back quickly. For one thing, the TRIM and garbage collection that SSDs do to handle deleted files mean the longer you wait, the harder it is to recover data because it expires.

And then there's how volatile Bitcoin exchange rates are: the value of the coins in the wallet doubled while the engineers were working on the recovery - and the owner wanted the coins back before the exchange rate went back down.

Bross says Drivesavers recovered the wallet and all the other critical data on the system and the owner has their Bitcoins back.

It used to be that if your drive crashed or you formatted it by accident, recovery was a matter of copying the data off to reconstruct it. Now the difficult part is getting access to the data. Surface Pro and Windows 8.1 don't turn on BitLocker encryption by default; Surface and Windows RT do (and so do Atom-based Windows tablets with connected standby), using the hardware in the self-encrypting SSD.

More enterprise drives and even tapes are encrypted these days (although that's still not as widespread as it should be, given that companies don't have to notify consumers about data breaches if the data was encrypted). Data recovery companies won't be able to get round your encryption, but they don't have to; they can just copy the files onto another drive and give them back to you to decrypt.

"Recovering encrypted devices is not breaking encryption," says Bross; we use your credentials."

Encryption protects you from other people getting at your information. But whether it's your Bitcoin wallet or the self-encrypting drive you're using for backup, spare a thought for how you're going to get that encrypted data back if anything goes wrong.

Further reading

Topics: Storage, Disaster Recovery, Microsoft Surface

Mary Branscombe

About Mary Branscombe

Mary Branscombe is a freelance tech journalist. Mary has been a technology writer for nearly two decades, covering everything from early versions of Windows and Office to the first smartphones, the arrival of the web and most things inbetween.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Backups!

    Seriously, if your data is worth tens of thousands of dollars (or more) then you should never, ever find yourself uttering the phrase "my only copy was on..."
    dsf3g
  • So, basically, this guy spent

    Hundreds of dollars the recover something you can't even exchange for cash at a bank. Not surprised he did a bunch of othe stupid stuff, too.
    baggins_z
  • How could someone run Ubuntu on a 64gig Surface pro?

    There's barely enough space for that, I would think. If it were your only app beyond Office, perhaps.
    Mac_PC_FenceSitter
  • I run ubuntu on a 4gb netbook

    That's 4gb drive not RAM.
    RAM is only 512mb.
    warboat
  • Bitcoin is in the hype curve

    What percentage of people are even trading in bitcoin, even in the US? Some percent of a percent? Then how many of them keep their coins on a local hard drive?

    Enough with the bitcoin stories, yet its interesting to some extent but right now its hype is through the roof and affects so so few people. There is so much more interesting things going on.
    Rann Xeroxx
  • Lost Fortune

    Good advice about the perils of encrypting without a well thought-out back-up/recovery plan. This reminds me of that story from a few months ago where a guy threw out an old hard drive without backing up (supposedly there is $4 million in bitcoins somewhere in a Wales landfill).
    EricKronthal1