And it is interesting because we successfully restored data from a completely zeroed USB flash drive. If you're interested in how? Welcome to the cat…
Windows issues a suggestion to format the drive when it can't determine the file structure on the device, so it suggests creating a new one by formatting it.
In our case, we need data and cannot format it. We use the disk editor to see what happened to the file structure.
WinHex:
Everything! All 32 gigabytes are "flooded" with zeros... there is no data! Chief, it's all gone.
We immediately ask the client if he gave it to anyone. and did that evil friend launch any repair utilities? Answer: No, directly to you.
If no one "flashed" the flash drive and did not record it with a pattern, then it could not be reset in an instant, it takes time and action.
OK, the Russians don't give up. We solder the chip and view the contents of the memory directly, bypassing the controller. In this case, there are two crystals in one case, together with the service information, two 18GB dumps are obtained.
There are no zeros in the dump, but this does not mean anything, since on modern flash drives the controller writes data not explicitly, but through an XOR operation.
If all the blocks are the same, then yes, the drive is filled with the same content. But we were lucky they are different, and this is data!
You need to pick up the CRRF, and collect the blocks in the desired sequence according to the controller's algorithm.
Rostov complex
And 26 gigabytes of data, 9000 files, 900 of them broken. Unfortunately, we don't have the right to post a picture with the data, as privacy is above all else in our office.
At the end of this mini-story with a happy ending (the client was initially upset that there were only zeros), you need to write why not all files were restored correctly.
The quality of modern memory chips is very sad, and despite the loud statements of manufacturers that we have made a huge number of write cycles ... statistics show the opposite. Wear and tear occurs very quickly, compared to flash drives that were measured in megabytes. Well, let's not talk about it here and now.
Regarding this case, the flash drive died and" signaled " this indirectly, namely: a disk check was started, the result of the check disk is the FOUND folder, and the recovered data is present. These were already the first signs that it was "pouring out".
The controller saw that the number of bad memory cells was already huge and made such a "feint with his ears" as returning zeros to the interface.
We also had to read out broken sectors by repeated reading, some of them were read or restored from ECC. As a result, the client is satisfied. And it all started from scratch…
habrastorage.org
Windows issues a suggestion to format the drive when it can't determine the file structure on the device, so it suggests creating a new one by formatting it.
In our case, we need data and cannot format it. We use the disk editor to see what happened to the file structure.
WinHex:
Everything! All 32 gigabytes are "flooded" with zeros... there is no data! Chief, it's all gone.
We immediately ask the client if he gave it to anyone. and did that evil friend launch any repair utilities? Answer: No, directly to you.
If no one "flashed" the flash drive and did not record it with a pattern, then it could not be reset in an instant, it takes time and action.
OK, the Russians don't give up. We solder the chip and view the contents of the memory directly, bypassing the controller. In this case, there are two crystals in one case, together with the service information, two 18GB dumps are obtained.
There are no zeros in the dump, but this does not mean anything, since on modern flash drives the controller writes data not explicitly, but through an XOR operation.
If all the blocks are the same, then yes, the drive is filled with the same content. But we were lucky they are different, and this is data!
You need to pick up the CRRF, and collect the blocks in the desired sequence according to the controller's algorithm.
Rostov complex
And 26 gigabytes of data, 9000 files, 900 of them broken. Unfortunately, we don't have the right to post a picture with the data, as privacy is above all else in our office.
At the end of this mini-story with a happy ending (the client was initially upset that there were only zeros), you need to write why not all files were restored correctly.
The quality of modern memory chips is very sad, and despite the loud statements of manufacturers that we have made a huge number of write cycles ... statistics show the opposite. Wear and tear occurs very quickly, compared to flash drives that were measured in megabytes. Well, let's not talk about it here and now.
Regarding this case, the flash drive died and" signaled " this indirectly, namely: a disk check was started, the result of the check disk is the FOUND folder, and the recovered data is present. These were already the first signs that it was "pouring out".
The controller saw that the number of bad memory cells was already huge and made such a "feint with his ears" as returning zeros to the interface.
We also had to read out broken sectors by repeated reading, some of them were read or restored from ECC. As a result, the client is satisfied. And it all started from scratch…
habrastorage.org
