Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito
-
Upload
code-blue -
Category
Technology
-
view
700 -
download
3
description
Transcript of Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito
![Page 1: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/1.jpg)
Disaster Data Recovery method for HDD
by Dai Shimogaito
January, 17th, 2014
at CODEBLUE in Tokyo
![Page 2: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/2.jpg)
1.To Recover Computer Systemwhich had suffered from natural disaster, like
tsunami, river flood, storm, and earthquake
Platter Surface Damage
2.To Protect Computer System and get Readyfor a large scale crash.
What is Disaster Recovery ?
AFTERDisaster
The most difficult problem for data
recovery
BEFOREDisaster
Physical Damage caused by Software
HDD Customization for Platter Damage
![Page 3: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/3.jpg)
Three Failures Lead to Data Loss
• Logical Failure• System failure• Data corruption• Deletion of data.
• Electronic Failure• Printed Circuit Board (PCB)• On or more of the PCB components• ROM or the System Area data is damaged.
• Physical Failure• Sticktion• Spindle bearing is frozen• Head crash (dropped hard drive).
![Page 4: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/4.jpg)
Features of HDD which suffered from natural disaster
1. Chips on PCB are gone
2. HDD falls down and gets stong shock
3. Dirt comes inside HDD
4. Water comes inside HDD
Severe Damage !Normal Data Recovery Process is useless, because the damage level is extremely high
![Page 5: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/5.jpg)
After a Natural Disaster, HDD can look like this
![Page 6: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/6.jpg)
What is Data Recovery ?
Trying to image data from non-accessible HDD sector by sector.アクセス不能な HDD から、できるだけ多くのデータをクローンコピー取得を試みる
Copy
BrokenNo access to data
(故障でアクセス不能)
GoodFull Access to data
(正常動作する HDD)
![Page 7: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/7.jpg)
What is Data Recovery ?
Basically, parts replacement is the way for temporary repair.基本的には、故障した部品を交換して、一時的に HDD を復活させます。
Fire Accident
![Page 8: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/8.jpg)
What is Data Recovery ?
100% clone is always preferrable, but the result depends on the type of damage to HDD and the data recovery process.
できれば 100 %クローンコピーの作成が望ましいのですが、故障の種類や損傷の強弱、そして復旧プロセスの違いによっては、回収率が低くなることがあります。
← Low
High →
![Page 9: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/9.jpg)
Replaceability with Donor Part (ドナー部品との置換性)
HSA YES [ Head Stack Assembly ]Head Map, Capacity, Architecture Family, Microjog
SPM YES[ Spindle Motor ]Seizure Problem, Lubricating oil
PCB YES[ Printed Circuit Board ]Serial ROM, NV-RAM, Fuse, Resister, Diode, Capacitor, Coil, Microchip / Repairment is also useful
FW YES & NO[ Firmware ]Unique module, Non-unique module, Regeneratable module, Essential Module
Disk NO[ Platter ]Bad Sector, Scratch, particules on surface
![Page 10: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/10.jpg)
Replaceability with Donor Part (ドナー部品との置換性)
HSA YES
SPM YES
PCB YES
FW YES & NO
Disk NO
![Page 11: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/11.jpg)
Replaceability with Donor Part (ドナー部品との置換性)
HSA YES
SPM YES
PCB YES
FW YES & NO
Disk NOスラスト軸受
ジャーナル軸受
回転方向回転方向
潤滑油
溝
ディスク
![Page 12: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/12.jpg)
Replaceability with Donor Part (ドナー部品との置換性)
HSA YES
SPM YES
PCB YES
FW YES & NO
Disk NO
![Page 13: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/13.jpg)
Replaceability with Donor Part (ドナー部品との置換性)
HSA YES
SPM YES
PCB YES
FW YES & NO
Disk NO
SAService Area
UAUser Area
SA
SA
SA
SASA SA SA
SA
SA
SA
SA
SA
SASA
SASASA
SA
SA
Firmware = Service Modules
SA Modules are located on platters
![Page 14: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/14.jpg)
Replaceability with Donor Part (ドナー部品との置換性)
HSA YES
SPM YES
PCB YES
FW YES & NO
Disk NOData is recorded into platters.
Replacement means nothing.
![Page 15: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/15.jpg)
Replaceability with Donor Part
HSA YES [ Head Stack Assembly ]Head Map, Capacity, Architecture Family, Microjog
SPM YES[ Spindle Motor ]Seizure Problem, Lubricating oil
PCB YES[ Printed Circuit Board ]Serial ROM, NV-RAM, Fuse, Resister, Diode, Capacitor, Coil, Microchip / Repairment is also useful
FW YES & NO[ Firmware ]Unique module, Non-unique module, Regeneratable module, Essential Module
Disk NO[ Platter ]Bad Sector, Scratch, particules on surface
If unique parts are corrupt, there is no way to recover data
![Page 16: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/16.jpg)
The Most Difficult problem is Platter Damage
3.5inch PATA
![Page 17: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/17.jpg)
The Most Difficult problem is Platter Damage
2.5inch SAS
![Page 18: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/18.jpg)
The Most Difficult problem is Platter Damage
![Page 19: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/19.jpg)
The Most Difficult problem is Platter Damage
![Page 20: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/20.jpg)
The Most Difficult problem is Platter Damage
![Page 21: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/21.jpg)
For a long time, DR from scratched disk has been impossible
If the surface is partially damaged, there should be recoverable data in the areas which
were not damaged.部分的にしかキズが付いていないなら、
それ以外の部分にはデータは残っているはず、、、、、、
![Page 22: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/22.jpg)
Why is it so difficult to read damaged surface ?
Let’s take an extreme close look at
Disk & Head !
![Page 23: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/23.jpg)
Disk Surface & Slider
Flying Height
1-3 nm
3nm
1nmLubricant Layer 潤滑層Diamond Like Carbon Coating Layer コーティング層
Magnetic Layer 磁性層
Disk Rotation Direction →
1 ~ 3nm
Slider
スライダ
R/W Head
![Page 24: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/24.jpg)
Slider
The gap between Head and Disk is very small
Flying Height1-3nm
Particle Size ofParticle Size ofCigarette SmokeCigarette Smoke
100-1000nm100-1000nm
![Page 25: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/25.jpg)
How head crash damages the surface
Lubricant Layer
DLC Layer
Magnetic Layer
Slider R/W Head
Lubricant Layer
DLC Layer
Magnetic Layer
Slider R/W Head
Lubricant Layer
DLC Layer
Magnetic Layer
Slider R/W Head
![Page 26: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/26.jpg)
Cause of malfunction of HSA when reading damaged surface
1. Scratch is not the main cause of the bad operation of Head Stack Assembly
2. Particles on the surface stick to sliders.
3. Slider’s flying becomes unstable because of the particles on the surface of the disk and the sliders.
So, Let’s clean the surface !
![Page 27: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/27.jpg)
Disk Burnishing Process
![Page 28: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/28.jpg)
NO DUSTNO PROBLEM
![Page 29: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/29.jpg)
The 1st step of the research completed with a good result
0.02%
94%
UP !
Newspaper : Nikkei Business Daily, 26th Septempber 2013
![Page 30: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/30.jpg)
Precise surface analyzing is required for better recovery
Optical Surface Analyzer
![Page 31: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/31.jpg)
July 2012, research was started by Prof.Hiroshi Tani
Prof. Hiroshi Tani@ Kansai Univ.
![Page 32: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/32.jpg)
What we can do BEFORE disater occurs
Physical Damage caused by Software ???ソフトウェアがハードウェアを壊す???
![Page 33: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/33.jpg)
What is the HDD’s Boot Sequence ?
Start Finish
Let’s go to the finish line
together with everyone !
![Page 34: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/34.jpg)
HDD’s Boot Sequence
PowerON Ready
Needs to complete each sequence,then can reach to “Ready” mode
![Page 35: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/35.jpg)
User Area & Service Area
SAService Area
UAUser Area
SA
SA
SA
SASA SA SA
SA
SA
SA
SA
SA
SASA
SASASA
SA
SA
![Page 36: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/36.jpg)
SA Modules
• P-List : Primary Defect List
• G-List : Growth Defect List
• Translator : LBA access ⇔ PBA access
• S.M.A.R.T.
Self-Monitoring Analysis and Reporting Technology
![Page 37: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/37.jpg)
Defects
× ×
×
××
×
×
×
Defects info = Position of Bad Sectors in PBA
![Page 38: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/38.jpg)
Defects info is Unique to each disk
× ×
×
××
×
×
×
×
×
×
× ×
×
×
××
×
×××
×
××
×
×
××
×
×
×
×
××× ×
![Page 39: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/39.jpg)
P-List : Primary Defect List
G-List : Growth Defect List
Defects info is Unique to each disk
× ×
×
××
×
×
×
×
×
×
×××
× × × ×× × × ×
![Page 40: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/40.jpg)
Number of Defects
![Page 41: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/41.jpg)
PBA (物理アドレス)と LBA (論理アドレス)
LBA exists logically upon PBA. The following shows good sectors from address 0.
通常、“アドレス”や“セクタ”が指す対象は論理アドレスのこと。
下図は、欠陥セクタが無い正常なセクタが連続している領域の状態を示しています。
0 1 2 4 53
0 1 2 4 53
Physical Block Address 物理アドレス →
Logical Block Address 論理アドレス →
![Page 42: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/42.jpg)
Defects Controlling (不良物理セクタの管理)
0 1 2 4 53
0 1 3 42
物理アドレス →
論理アドレス →
P-List Table
2・・・
![Page 43: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/43.jpg)
Translator
Converter function between LBA and PBAIf the translator is broken, no data is accessible. One of the most important module.
論理アドレスと物理アドレスの変換テーブルこのデータが読めなければ、プラッタ上の全ての磁気データを読み出すことができたとしても、ファイルやフォルダは一切復旧できません。 SA モジュールの中でもトップクラスの重要度です。
PBA物理アドレス
LBA論理アドレス
0001
0687
1968
3786
9821
0001
0508
3544
9871
0051
Access RequestFrom Hostホストからのアクセス要求Access to the physically
Assigned positionプラッタ上の指定エリアにアクセス
![Page 44: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/44.jpg)
SA Modules are loaded into PCB
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
Complete(^o^)
![Page 45: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/45.jpg)
When SA Modules loading completes fine
PowerON Ready
LBA Zone
Wow , I did it !I have access to all
data !
やった!LBA 全域アクセス
できるぞー!
![Page 46: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/46.jpg)
Damage of SA Module
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
Error !Can’t Read
OrModule is corrupted
ABORT
![Page 47: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/47.jpg)
Damage of SA Module : No LBA Access
PowerON Ready
LBA Zone
I can’t access LBA zone, because there was a SA module
error.
The data should be in LBA Zone, but I can not access LBA 0
SA モジュールに異常があったから、 LBA 領域にアクセスできない。 HDD にはデー
タあるはずなのにな。
![Page 48: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/48.jpg)
NO SANO DATA
![Page 49: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/49.jpg)
If the SA module error was caused intentionally by ,,,,,
もし、誰かがわざと SA モジュールに異常を生じさせたら、、、
![Page 50: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/50.jpg)
Intentional Damage to SA module
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
![Page 51: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/51.jpg)
Intentional Damage to SA module
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
![Page 52: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/52.jpg)
Damage of SA Module : No LBA Access
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
Error !Can’t Read
OrModule is corrupted
![Page 53: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/53.jpg)
Intentional Damage to SA module
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
Error !Can’t Read
OrModule is corrupted
![Page 54: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/54.jpg)
Damage of SA Module : No LBA Access
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
SAModule
Error !Can’t Read
OrModule is corrupted
ABORT
![Page 55: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/55.jpg)
BARUSER
Let’s see what happens to HDDさあ、実際にやってみましょう
![Page 56: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/56.jpg)
BARUSER
BARUSER = BARUSU + ER
![Page 57: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/57.jpg)
Main Concept of HiDR ( High Integrity Data Recovery )
SA モジュールは百種以上!
このサンプル事例では、
WD10EADS-22M2B0 を使用。
SA モジュール数は全部で 397 種
![Page 58: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/58.jpg)
Main Concept of HiDR ( High Integrity Data Recovery )
このサンプル事例では、
WD10EADS-22M2B0 を使用。
SA モジュール数は全部で 397 種
必須かつユニークなのは 7 種
7 ÷ 397 ≒ 1.76%
![Page 59: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/59.jpg)
Main Concept of HiDR ( High Integrity Data Recovery )
Only 1.76%
![Page 60: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/60.jpg)
Hot Swap Method : ホットスワップ手法
通電した状態のまま、 Patient に PCB を付け替えます。
通電したまま
![Page 61: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/61.jpg)
Main Concept of HiDR ( High Integrity Data Recovery )
未開封、ヘッド交換なしでID認識しないHDDでもデータが読める
必要最低限のモジュールアクセスだけで済む
障害部位を確実かつ詳細に把握し、尚且つデバイスの特徴を予め研究調査しておくことで、より安全かつ多くのデータを回収することができる。
クリーンエア環境下とはいえ、開封時には異物が混入することは避けられない。クリーンルームが絶対にキレイとは限らない。
Non-Destructive Method even for HDD which doesn’t give its device ID.
The least access to the magnetic disk for its booting is enough for data recovery.
It is good to know the details of SA modules because the integrity of data recovery process becomes very high.
Do not rely too much upon clean rooms because inside of the clean room is not always clean.
![Page 62: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/62.jpg)
Security or Utility
Hacked Cracked
Good forData leakage preventing
VS Bad forFuture data use
![Page 63: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/63.jpg)
HDD customization against Future SA Damage
Head 0Head 1
Head 2Head 3
Head 4Head 5
PlatterHead
Head Map
![Page 64: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/64.jpg)
HDD customization against Future SA Damage
Head 0Head 1
Head 2Head 3
Head 4Head 5
System Head
PlatterHead
![Page 65: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/65.jpg)
HDD customization against Future SA Damage
Head 0Head 1
Head 2Head 3
Head 4Head 5
System Disk
PlatterHead
![Page 66: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/66.jpg)
HDD customization against Future SA Damage
Head 0Head 1
Head 2Head 3
Head 4Head 5
SA exists only on the system disk, h0 and h1
SA Region for h2,h3,h4,h5 are empty
PlatterHead
![Page 67: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/67.jpg)
HDD customization against Future SA Damage
Head 0Head 1
Head 2Head 3
Head 4Head 5
Utilize the empty zone for SA backup !
PlatterHead
![Page 68: Preventing hard disk firmware manipulation attack and disaster recovery by Dai Shimogaito](https://reader033.fdocuments.in/reader033/viewer/2022042713/5470ff31b4af9f980a8b4934/html5/thumbnails/68.jpg)
http://www.disaster-data-recovery.com/
Initial Response GuidelineFor Disaster Effected HDD
1. Do NOT Power ON !
電気を入れない!
2. Do NOT Dry before cleaning !
洗浄前に乾燥させない!
3. Sea Water should be removed ASAP !海水で腐食は待ったなし!
ガイドラインを多言語化(英語・日本語・ロシア語・中国語)