How Did the Techie Get The Data Off the "Dead" Drive?

[tbl]

At work, the PC I had been using "died". BSOD message that
the "Boot Device" couldn't be found. When a tech from
another office came by, he verified the complaint, and then
took the HDD with him, saying that he'd try to get the data
from it onto CDs.

A week later, he came by with the drive and a fist full of
CDs... all data recovered.

Just for grins, I took the drive home, and pulled a slave
from my box and plugged this one in its place. When I
powered up, I could feel/hear the drive spin up and seek
(sounded normal to me), but BIOS diddn't see it, Spinrite
didn't see it, and Windows 2000 didn't see it.

So now I'm curious--what did the tech do? I'd ask him, but
he's extremely busy, and difficult to get in touch with, and
I'm just a temp-seasonal employee without even a phone or
eMail account.

The drive is a Maxtor D740-6L. I'm guessing the box at work
is around 5 years old.

Any clues appreciated, but it's just a back-burner item (not
high-priority for those in lands where "back-burner" isn't a
common term).

 

[Paul Rubin]

Just for grins, I took the drive home, and pulled a slave
from my box and plugged this one in its place. When I
powered up, I could feel/hear the drive spin up and seek
(sounded normal to me), but BIOS diddn't see it, Spinrite
didn't see it, and Windows 2000 didn't see it.

My guess is the partition table got scrogged so the OS doesn't
identify the file system and ignores the drive, and the tech used some
file recovery utility to get the files off.

 

[Rod Speed]

My guess is the partition table got scrogged so the OS
doesn't identify the file system and ignores the drive, and
the tech used some file recovery utility to get the files off.

Guess again. If it was that, the bios would see it.

 

[Rod Speed]

At work, the PC I had been using "died". BSOD message
that the "Boot Device" couldn't be found. When a tech from
another office came by, he verified the complaint, and then
took the HDD with him, saying that he'd try to get the data
from it onto CDs.

A week later, he came by with the drive and a fist full of
CDs... all data recovered.

Just for grins, I took the drive home, and pulled a slave
from my box and plugged this one in its place. When I
powered up, I could feel/hear the drive spin up and seek
(sounded normal to me), but BIOS diddn't see it, Spinrite
didn't see it, and Windows 2000 didn't see it.

So now I'm curious--what did the tech do?

Most likely swapped the logic card. You now have the old bad one again.

I'd ask him, but he's extremely busy, and difficult
to get in touch with, and I'm just a temp-seasonal
employee without even a phone or eMail account.

 

[Folkert Rienstra]

Guess again. If it was that, the bios would see it.

Have fun explaining the BSOD if the BIOS didn't see it.

 

[Aidan Karley]

My guess is the partition table got scrogged so the OS doesn't
identify the file system and ignores the drive, and the tech used some
file recovery utility to get the files off.

Or he guessed that was what happened, used a disk-management
utility to backup the partition table, then started to put in new
partition tables which would be sensible in the computer's context until
he started getting something resembling sense. Then retrieve the data.
*Then* replace the backed-up version of the partition table onto the
drive, to leave the cannon fodder in awe at your wizardly prowess.

(No disrespect to the guy for doing this - nowt wrong with a bit
of showmanship.)

 

[Rod Speed]

Have fun explaining the BSOD if the BIOS didn't see it.

That was before the tech molested it, cretin.

 

[tbl]

Most likely swapped the logic card. You now have the old bad one again.

Pretty close, Rod... After a couple of weeks of "too busy
think about it", I decided to take another look, starting
with page 1 of the manual : check the cables and connectors.
What's that, I see? Pin 1 on the drive data connector
appears to be only half as long as the rest! Gently pulling
with tweezers, it wouldn't budge, but when I let go, it
dissapeared from view, completely!

So I pulled the PCB off, and whaddya know?! *Somebody* has
cut the connector. So out comes the soldering iron, and
every piece of optical magification and lighting I can
scrounge up, And I managed at least a successful, albeit
crappy, solder joint. Probably couldn't sell this to NASA!

Now the BIOS, SpinRite, and Win2k all see the drive, but
Win2k claims it is not formatted.

Here's where I hit the wall: I don't know how Win2k's NTFS
and file/drive security work. Is it likely that taking such
a drive from one machine to another would work (allow the
user to get to the data), or would there be something
machine-specific, or user account-specific that would
prevent this?


The drive is a Maxtor D740-6L. I'm guessing the box at work
is around 5 years old. It was the only hard drive in that
machine, and I actually can't remember if it was
partitioned. If it was, at least the boot partition is
NTFS.

I still have no clue what caused that box to go belly-up,
and don't know if the Tech has set up any further obstacles.

Any clues appreciated, but it's still a back-burner item.

 

[Aidan Karley]

Now the BIOS, SpinRite, and Win2k all see the drive, but
Win2k claims it is not formatted.

That actually means that it;s not formatted with a file system
that Win2K understands. What Win2K understands is pretty limited
(FAT12, FAT16, FAT32, and the first couple of versions of NTFS), so I
wouldn't take it to mean anything other than that.

Is it likely that taking such
a drive from one machine to another would work (allow the
user to get to the data), or would there be something
machine-specific, or user account-specific that would
prevent this?

If it were formatted with something more recent than your
version of Win2K (e.g. it had had XP put onto it since it was built
5-odd years ago, by your estimate), Win2K wouldn't recognise it. It
would likely have a workable system on it, which might have appropriate
security settings, as you say.
Stick the drive in a conservative box (essentially, one with a
simple VGA-quality video card on the PCI bus, not AGP), and see if it
boots. If you can't get into the device then, hook up a CD drive to the
basic machine, drop in a version of Petter's Crowbar CD
(http://home.eunet.no/pnordahl/ntpasswd/ ; the "Crowbar" designation is
a joke between me and my policewoman sister - since "a padlock only
keeps out an honest man, and the fire brigade carry crowbars ..."),
boot and see if there's anything that Petter can find.

I wouldn't trust a repair like that to last more than a couple
of dozen boots. Last time I did it, it worked for about a week. Which
was good enough for recovery.

 

[Rod Speed]

Pretty close, Rod... After a couple of weeks of "too busy
think about it", I decided to take another look, starting
with page 1 of the manual : check the cables and connectors.
What's that, I see? Pin 1 on the drive data connector
appears to be only half as long as the rest! Gently pulling
with tweezers, it wouldn't budge, but when I let go, it
dissapeared from view, completely!

So I pulled the PCB off, and whaddya know?! *Somebody* has
cut the connector. So out comes the soldering iron, and
every piece of optical magification and lighting I can
scrounge up, And I managed at least a successful, albeit
crappy, solder joint. Probably couldn't sell this to NASA!

Now the BIOS, SpinRite, and Win2k all see
the drive, but Win2k claims it is not formatted.

Thats not unusual, 2K will do that if there is some problem
with the basic data structures. The simplest approach is to
boot a knoppix CD and get the data off that way. Its less picky.

Here's where I hit the wall: I don't know how Win2k's NTFS
and file/drive security work. Is it likely that taking such
a drive from one machine to another would work (allow the
user to get to the data), or would there be something
machine-specific, or user account-specific that would
prevent this?

It is possible encrypt an NTFS drive, in which case you
cant just move it from one machine to another, but that
shouldnt see 2K claiming that the drive isnt formatted.

Much more likely it doesnt like the data structures in
the NTFS and thats why its claiming its unformatted.

The drive is a Maxtor D740-6L. I'm guessing the box
at work is around 5 years old. It was the only hard drive
in that machine, and I actually can't remember if it was
partitioned. If it was, at least the boot partition is NTFS.

I still have no clue what caused that box to go belly-up,
and don't know if the Tech has set up any further obstacles.

Any clues appreciated, but it's still a back-burner item.

Not that clear what you are trying to do. You initially said
that he showed up with a pile of CDs with the data on them.
Is that less than complete and you want to try harder ?

 

[tbl]

Thats not unusual, 2K will do that if there is some problem
with the basic data structures. The simplest approach is to
boot a knoppix CD and get the data off that way. Its less picky.


It is possible encrypt an NTFS drive, in which case you
cant just move it from one machine to another, but that
shouldnt see 2K claiming that the drive isnt formatted.

Much more likely it doesnt like the data structures in
the NTFS and thats why its claiming its unformatted.




Not that clear what you are trying to do. You initially said
that he showed up with a pile of CDs with the data on them.
Is that less than complete and you want to try harder ?

Ah, exactly. I had told the Tech that I'd like the data
from one set of directories, and that's what he gave me.
Afterward, I was disappointed that I hadn't told him to grab
off everything except the Windows machinery. The more I
think about it, I'd really like to take a final look at
what's on the drive, before I go for the magnets. There may
be data from previous users that the agency would like to
have, and there's probably stuff the I had on there that
I've long forgotten about.

Thanks for the replies.

If I can squeez in the learning curve, I'll try the Knoppix
route.