Data recovery and encryption, a cautionary tale with a happy ending

Drive recovery isn't just about files any more: howabout recovering a Bitcoin wallet from a formatted Surface Pro?

If you don't trust the encrypted Bitcoin wallet cloud services, that promise to store your Bitcoin wallet online and not take any coins out, you can always keep your wallet on your PC - encrypted for safety.

There is a potential downside, of course. One Surface Pro user was doing that; they had their first generation Surface Pro 64GB dual booting with Windows 8.1 and Ubuntu, with the only copy of their Bitcoin wallet.

But when they decided to take Ubuntu off the system (the kind of spring cleaning the Christmas break is handy for) and managed to accidentally format the Windows partition as well in the process (which is easier to do in a partition management tool than you might expect), they also lost the only copy of the wallet.

Getting it back was a little more complicated than most of the drive recoveries, Chris Bross, senior enterprise recovery engineer at DriveSavers told me at the Storage Visions conference.

The engineers had to develop their own custom boot kernel to work with the files. It's worth noting that it  was lucky that the owner had set up dual boot in the first place, because that meant they had disabled the TPM secure boot option - which would have stopped a custom kernel loading at all.

It was also important to get the wallet back quickly. For one thing, the TRIM and garbage collection that SSDs do to handle deleted files mean the longer you wait, the harder it is to recover data because it expires.

And then there's how volatile Bitcoin exchange rates are: the value of the coins in the wallet doubled while the engineers were working on the recovery - and the owner wanted the coins back before the exchange rate went back down.

Bross says Drivesavers recovered the wallet and all the other critical data on the system and the owner has their Bitcoins back.

It used to be that if your drive crashed or you formatted it by accident, recovery was a matter of copying the data off to reconstruct it. Now the difficult part is getting access to the data. Surface Pro and Windows 8.1 don't turn on BitLocker encryption by default; Surface and Windows RT do (and so do Atom-based Windows tablets with connected standby), using the hardware in the self-encrypting SSD.

More enterprise drives and even tapes are encrypted these days (although that's still not as widespread as it should be, given that companies don't have to notify consumers about data breaches if the data was encrypted). Data recovery companies won't be able to get round your encryption, but they don't have to; they can just copy the files onto another drive and give them back to you to decrypt.

"Recovering encrypted devices is not breaking encryption," says Bross; we use your credentials."

Encryption protects you from other people getting at your information. But whether it's your Bitcoin wallet or the self-encrypting drive you're using for backup, spare a thought for how you're going to get that encrypted data back if anything goes wrong.

Further reading