Data Recovery of Encrypted Western Digital drives.

Did you know that the majority of external hard drives that you can buy today, manufactured by Western Digital (WD), have hardware encryption built into the enclosure?  Seems like a good idea right?  It is a great selling point for Western Digital, right??

We are all for protecting your data. Keeping it safe from those who might use the picture of you dressed up like Little Orphan Annie from last Halloween as blackmail is important.  little orphan annie

But, when data is encrypted at a hardware level you have very little control over your data should something go wrong.  And with they way WD has implemented this encryption, your data isn’t really all that safe just because it is encypted.  Consider this, the data on the drive is only protected if the hard drive is removed from its enclosure.  The enclosure itself has the encryption chip.  So, if your hard drive is stolen from your office anyone could plug it into a computer and see your data.  Not much protection, eh?

Encryption works by running your data through an algorithym that scrambles the data based on an encryption key.  So, saving the word “CAT” in an encrypted format might look like “$r,”.  If you lose that key, there is NO way to decrypt that data.  What happens if your encryption key is actually stored on a computer chip and determined by WD, then that chip stops working.  Cancel Christmas!!data encryption

 

We have recovered data from many, many WD drives that other firms and IT groups have determined that the data is lost because of this encryption.  If you have a WD external drive do not ever throw away the enclosure – it is the key to a successful recovery.

When Data Recovery becomes a more than you bargained for…

The surprising circumstances surrounding the hard drives brought to us never cease to amaze.  “It was stepped on…”, “I knocked it off the desk…”, “My laptop fell off the roof of the car as I drove away” are how some of the more mild stories start.

We received a drive to be recovered the other day that had very little information regarding ownership and exactly what kind of information we might find on the drive.  The customer was “surprised” to find out that the drive’s contents were encrypted (all the bits of data are scrambled to protect against theft).

We contacted our client to obtain the encryption credentials so that we could extract the data he had requested.  He was unable to provide any credentials, hmmm…??  While trying to determine which encryption solution was protecting the data (we thought that might jog his memory), we discovered a splash screen that referenced private data from a state agency could be on the drive.  Now this is getting interesting!

So we have a client with little history about his drive, unclear about what his wants, data that is encrypted, and no encryption credentials from the client.  To me that all adds up to a hard drive that was not “obtained” through standard channels.

Our next step was to contact the state agency.  They couldn’t confirm that they were missing a hard drive since it was delivered to us out of it’s laptop enclosure, but they surely wanted to review the data on it.  So, off the drive goes to this unnamed state agency.

We will have to wait and see what happens with this case.  At least I know this, data recovery is never boring.