Tweet
Blue Hephaestus - Hard Drives and How to Resurrect Them: Data Recovery 101
Latest details, requirements, description, cost: https://defcontrainings.myshopify.co...a-recovery-101
Training description:
Hello! This class will cover everything relating to hard drives (and a good bit on SSDs and other storage media) and data recovery in general. This class is intended to provide a very wide audience and build from minimal foreknowledge, so all levels of expertise are encouraged to sign up! All you'll need is a PC with linux on it and an open mind!
This is applicable for those wanting to pursue a career in data recovery or even data forensics, as the knowledge it provides is heavily tied into the later process of forensics on recovered data. Not only this, it's also simply helpful for those wanting to understand the storage devices that underly all of modern computing and how they can fix problems on their own rather than relying on expensive data recovery companies or sorting through time consuming and confusing other resources.
If you want to learn how to fix just about any hard drive you'll find, and hack it like there's no tomorrow, then regardless of your experience this is the course for you!
Course overview:
HARD DRIVES AND HOW TO RESURRECT THEM: DATA RECOVERY 101
(We don't have markdown or anything so sorry for the ASCII formatting)
__________________________________________________ _________________________
**PART 1 - GETTING STARTED** - ETA 30 minutes
__________________________________________________ _________________________
OBLIGATORY INTRODUCTION - I'm Blue, etc.
WHAT YOU'LL GET OUT OF THIS:
* Learn How It works
* -- Hard Drives
* -- Solid State Drives
* How to Diagnose Hard Drives
* DIY Data Recovery - Up to Advanced
* Answers and Understanding of modern storage architectures and issues that plague them
WHY
* Don't pay stupid money for data recovery
* Learn what you can do for yourself and others without fancy equipment
* Understand storage systems and how to better use them
* Train to become a data recovery specialist or data forensicist
WHAT YOU CAN DO WITH DATA RECOVERY
* More than 95% of problems
* Know when it's the 5%
* Broken PCB/Head/Motor
* SOMETIMES the platter
* Broken everything-other-than-the-platter
WHAT YOU CAN'T DO WITH DATA RECOVERY
* Encryption, Overwrites, Broken Platters
* SSD Related
* Discussion of Multiple wipes
INTENTIONALLY DESTROYED DRIVES EXAMPLE
* How they were fixed
* Some of the treasure found
* Other treasures found on other drives
DIAGNOSTIC PROCESS - HOW WE WILL PREPARE YOU FROM THE GROUND UP
__________________________________________________ _________________________
**PART 2 - HOW HARD DRIVES WORK** - ETA 4 HOURS
Will have physical drives passed around to help with examples and hands-on understanding
__________________________________________________ _________________________
PLATTERS
* Platter Composition
* -- Various Layers
ENCODING AND DECODING INFORMATION
* Electricity and Magnetic Fields Polarity - Demo
* Understanding of writing mechanisms
* Magnetic Grains
* Recording Mechanisms
* Magnetic Polarity
* Reading mechanisms
ACTUATOR HEAD + ARM
* Distance to platter - 5 nanometers
* -- Air Bearing
* Speed of arm
* Speed of platter
ACTUATOR AXIS + VOICE COIL
* Electricity and Magnetic Fields - Again!
* Very strong, contained magnetic field
* Fast precise movement
FILTER + AIR CHANNELS
* Two Filters
* -- Barometric / Hidden - Pressure
* -- Recirculating / Visible - Debris
* "DO NOT COVER THIS HOLE"
* Air Channels / Air Flow
* Helium / Pressurized Drives
REMAINING SPACE / "SECRET COMPARTMENT"
* Actually for airflow
* Joke about putting thermite in it here :)
SPINDLE / MOTOR
* Normal Motor
* Spins all platters at constant speed - usually 7200 rpm
* -- Brief note on plastic blocker to ensure speed
* Built into case
PCB - THE BOARD / "CHIP"
* Connection to motor and arm
* Firmware
* Geography of the Platter
* Bad Blocks List
* Metadata and other info on PCB
* Brief exercise on identifying strange behavior from PCB swapping
__________________________________________________ _________________________
**PART 3 - HOW EVERYTHING GOES WRONG - AND HOW TO FIX IT** - ETA 4 HOURS
For each component, students give ideas for possible failure modes and possible solutions
Discussion and exercises with samples
We work from easier to harder here, hence the reverse order.
__________________________________________________ _________________________
PCB - THE BOARD / "CHIP"
* Damaged Connections * -- Repair broken connections
* Rusted / Obstructed Connections
* -- Clean surfaces
* Broken Parts
* -- Spare replacement parts
* Firmware Failures
* -- Possible RE or debugging?
* -- Otherwise wipe / swap
* Short Circuits - Magic Smoke
* -- Despair
*
* Or... PCB Swapping
PCB SWAPPING
* Ton of possible problems
* Identifying PCB
* Power of Ebay
SPINDLE / MOTOR
* Broken Connections, Severed Wires
* -- Repair Connections / Resolder
* Not enough power / speed
* -- Otherwise likely need a new motor, which means new enclosure.
* “Wobble” from loose bearing
* -- Platter Swapping! ... But we’ll cover that later.
REMAINING SPACE / "SECRET COMPARTMENT"
* Not have thermite
* -- Add thermite (joke)
FILTER + AIR CHANNELS
* Debris Accumulation
* -- Possibly* Replace Filters
* Heat
* -- Change environment
* Debris
* -- May need platter swap
* High Altitude
* -- Discussion of why this may not work
* Change in Altitude
* -- Time to adjust
* Dislodged?
* -- Resecure?
ACTUATOR AXIS + VOICE COIL
* Damaged Connections
* -- Repair Connections
* Very unlikely to be damaged
ACTUATOR HEAD + ARM
* Head Crashes / Head Damage - everyone’s favorite and very common
* Click of death
* Scratches
* Dislodged
* Misaligned
* Damaged head
*
* Discussion of multi-platter doom cases
* Can take functioning heads from another drive, if same model
* Or move the entire platter(s) to another drive of same model.
* Almost platter swap time
PLATTERS
* Bit Rot
* -- Monitor and Prevent / Data Recovery
* Scratches / Damage
* -- Possible Swap, otherwise despair
* Encrypted
* -- Despair unless you can remember, get, or crack the password
* Wiped
* -- Despair
* Magnetic Exposure
* -- Probably Despair
* Curie Point
* -- Definitely Despair
* Magnetic Damage, Intentional Destruction, and more discussion
* If there's enough damage you need to be a three-letter organization with a scanning electron microscope
* Even then that may not work
PLATTER SWAPPING
* Requirements, discussion
* Demo / hands-on pseudo-practice ( I don't have a lot of gloveboxes )
STORAGE INTERFACES
* Discussion of these vs. form factors and how they can relate to our work / HDDs and speeds
SSDs - May discuss for much longer if time permits
* How they work
* -- Paint can example and further examples
* Wear Leveling
* Data Recovery Impact
* Bit Rot / Lifespan
* Data Recovery Solutions
* -- Software Solutions
* -- Resoldering
* -- Currently under R&D
__________________________________________________ _________________________
**PART 4 - SOFTWARE** - ETA 2 HOURS
Makes use of library metaphor to help explain throughout this, and demos.
__________________________________________________ _________________________
PLATTER LAYOUT
* Cylinders
* Tracks
* Sectors
* Track Sector
BAD BLOCKS
* What are they, how do they occur
* Prevalence of them / Caution
WHERE TO BEGIN - IMAGING
* dd, ddrescue, safecopy
* Advanced Reading and Imaging
* Storage Requirements
FILESYSTEMS
* Example differences
* Needed info
* Partitions
* -- File Tables
* -- Types
INSPECTING FILESYSTEMS AND PARTITIONS / FIXING
* The Sleuth Kit
* kpartx / fdisk / gparted
* Demo
FILESYSTEM RECOVERY - TESTDISK
* Demo
* Info on disk
* Partition searching
* Advanced Options
DELETED FILES
* How this works
* Secure deletes
* Multiple Writes
* Using this info
UNDELETION
* File Carving
* -- Headers
* -- Footers
* -- Magic Numbers
* -- File Specific Identifiers
* Building on previous info
* Example and breakdown of JPEG
* Exercise / Demo
SCALPEL
* Customising File Carving
* Example with keyfiles
* Exercise with JPEG
PHOTOREC - RECOVERING ALL EXTENSIONS
* Writing all of our own sucks
* How to use this / Demo
* Example output
* Advanced Options
__________________________________________________ _________________________
**PART 5 - POST RECOVERY** - ETA 1.5 HOURS
Usecases and what you can do to make your life easier here.
And how to search through and sort through tons of files.
__________________________________________________ _________________________
INDEXING
* Possible usecases
* Library catalog example
* Why?
* How?
* Hashing!
HASHING - A QUICK OVERVIEW
* One - Way Functions
* Properties
* MD5
* Optimizations / Filesystem Usage
* Examples
HASHSETS
* System Files, Usual Programs
* Using hashing here
* NIST NIRL
* Examples
* Pitfalls discussion and exercise
FILE CLASSIFICATION / SORTING
* Extensions
* -- Methods / Subclasses
* Content / Magic Number Classification
* -- File Command / libmagic
* -- Methods
* Entropy
* -- Methods
* -- Pitfalls
ALTERNATIVES / IMPROVEMENTS / ADDITIONS
* Blacklisting / Whitelisting
* Rebuild a better filesystem!
* -- Discussion, ideas, exercise
CLIENT DATA DRIVES
* Usual method
* Copying / Imaging to second drive
__________________________________________________ _________________________
**PART 6 - PUT IT TO USE** - ETA 4 hours
Labs, Review, and exclusively focusing on doing it hands-on!
Then finally the test for certificate of completion!
__________________________________________________ _________________________
LABS
* Downloads / Resource sheets provided
* Software links and instructions
* Hardware provisions and tool provisions
REVIEW
* Any topics to review
* Areas of confusion
* Questions
* Comments
* Concerns
TEST - on topics up to this point for certificate of completion
* Diagnosis, Understanding, Employing what you've learned
__________________________________________________ _________________________
END
__________________________________________________ _________________________
Thank you for reading!
If you have any questions about my class, feel free to email me at
bluehephaestus@gmail.com
I'd be glad to chat!
Student skill level:
Beginner - intended to be "101", so anyone who likes computers and ideally can use linux could do it, e.g. a CS major freshman.
Skills needed: Basic Bash and Linux Usage, basic computer and programming knowledge.
Helpful Skills: Hashing, Hard Drives, Bash, Digital Forensics, Python.
What should students bring to the Training?:
- laptop computer with Linux installed.
Bio:
I am a machine learning and software engineer, as well as data recovery specialist, with seven years of industry and research experience, and I most enjoy working on meaningful, challenging projects that can legitimately make the world a better place with their impact. This usually means I enjoy working in biotech and making software for biological and medical research, as I see considerable demand and availability for improved software there, and it can directly help combat disease and improve medicine. You'll also find me working on creating more generalized artificial intelligence algorithms, as I believe working towards more intelligent and independent systems is a gateway to solving many more advanced and pressing issues in the world today. I also enjoy helping people get back data they've lost through data recovery work.
I am the cofounder of Viden Technologies - now known as Elytra Labs, a consulting and contracting startup I run with my cofounder Bryce Asay to develop software for microbiological research and education, and am currently working on this while also pursuing my own projects, freelance opportunities, and generally remaining open to recruiting options.
Alongside this, i'm working on my own side business working to extend affordable and easy data recovery to clients in the bay area, as well as a range of other recovery services including crypto asset recovery.
Trainer's Social Media:
https://www.linkedin.com/in/bluehephaestus/
https://twitter.com/BlueHephaestus
DATE:Aug 15th to 16th 2022
TIME:9am to 5pm PDT
VENUE:Caesars Forum Ballroom
TRAINER:Blue Hephaestus
CERTIFICATE TEST AVAILABLE (after class) Please purchase Certificate test
- 16 hours of training with a certificate of completion for some classes
- COVID safety: Masks required for indoor training
- Note: Classes that do not meet their minimum class size by July 15 will be canceled, please register early
- Note: Food is NOT included