Data Recovery Ethics & Standards (Best Practice)

Jared

Administrator
Staff member
So, I'm thinking about starting a co-op project to develop best practice standards for "ethical data recovery" procedures. Obviously no one could develop an exhaustive how to manual for how to do the work, but what I'm picturing is more of a standard of what should and shouldn't be done in the course of data recovery work. For example a first coule rules of ethics that I would present would be:

  • To the extent possible, logical data recovery operations shall be performed only against a copy of the data rather than against original media.
  • A first objective in data recovery should always be to obtain a copy of the data containing sectors regardless of the assumed condition of the media.
    • Exception 1: If media is determined to be fully functional by obtaining a full sector by sector copy of the data, logical operations may be performed against original media so long as a copy is set aside for the sole purpose of backup.
  • Data Recovery equipment and software shall be configured such that no modification of the original media's data shall occur. If imaging/cloning is performed using software only methods, a hardware write block device shall be used. If a hardware imaging tools are used, channels for source & destination drives shall be clearly labeled and/or numbered to avoid confusion which may result in data being copied from destination to source media.

I think that with enough feedback from all of you professionals out there, we can develop (and probably debate about) a set of standards that should be followed. I think this may come in handy when we see people giving bad advice on forums, or describing the blunders they are making on their client's data. We can then just direct them to the data recovery ethics page, and tell them which rule they are breaking.

Ideas? Standards? I know that as we add to this list we'll need to come up with an overall structure to it so it's an easier reference.
 

jol

Member
* it goes into the same rule: never mess around with the SA or issue a command before backing it up

* never issue a command if you don't know what you doing (example m0,6,2,,,,,22)

and there is the usual we all ran into it every...

* never open a drive outside of a clean enviroment
* don't power on a clicking HDD
* if data is valuable to you seek proffesional help
* a computer technician has nothing to do with data recovery
 

LarrySabo

Member
I support the idea and am adamant about treating customers honestly, fairly and ethically. I'll give some thought about putting into words what I think could be added.

In the meantime, with all due respect, I take exception to Jol's "a computer technician has nothing to do with data recovery." They usually make data recovery prospects worse if not impossible but that doesn't mean they all do--yours truly in particular. Perhaps they are (should be) the target for this code of ethics.
 
I totally agree with Larry, the computer technicians needs it more.

In addition, every Part (PCB, ROM AND LABEL) of Patient's Drive should be intact, either way, should Data Recovery be successful or Not.
 
*Dont start imaging on destination Drive before make sure its wiped out completely to eliminate chance of other customer data pop up
 

Jared

Administrator
Staff member
Great feedback guys! Keep it coming and I'll keep adding/organizing these points into the original post.

Sent from my SM-N900V using Tapatalk
 

LarrySabo

Member
Okay, here's some more stuff to consider including:

Computer Repair Technician
· Never remove the cover of a drive except in a Class 100 or better clean room environment
· Never physically impact (“percussive maintenance”) or aggressively twist a drive to remedy stiction
· Never place a drive in a freezer or refrigerator, even if sealed in a plastic bag
· Always image/clone the drive and work on the image/clone—never the patient drive
· Return the drive in the same or better condition as received if your quote is rejected
· Never apply firmware changes to a drive without having first backed-up the drive’s FW resources and having the skills and equipment to restore them from the back-up
· Diagnose the drive and determine the cause of failure before applying repairs or trying to recover data
· Know the difference between hardware, firmware and logical failures and apply the tools and repairs appropriate to the diagnosed failure type (i.e., don't try to use a software tool to remedy a hardware failure)
· Identity mark the patient drive, it’s PCB and ROM to prevent confusion or mismatches with respective donor parts
· Catalogue and label all drives received to minimize their loss or return to the wrong customer
· Only return data and drives to the owner/customer; zero or destroy the media of drives before their disposal
· Never power on a drive that has been dropped, without first inspecting the heads for damage
· Never image/clone a drive without double-checking the source and destination drive identities; if there is any doubt at all, do not proceed
· Zero destination drives before use to prevent cross-contamination of data
· Respect and protect the privacy and confidentiality of the data; don’t explore the data beyond what’s required to provide the service; don’t share the data with others having no right to access it
· Be truthful when dealing with people and about what’s needed to repair the drive or recover the data, e.g., that heads need to be changed in a clean room when the problem is logical, or charging for a donor that’s not really required

I'll add whatever comes to mind as I think about it some more. Feels free to edit/redact as you please.

Edit: a couple more:
· Don’t place customer data at risk; if you don’t have the skills, experience or equipment to successfully deal with a recovery problem, refer it to someone who has
· Never use a customer’s drive to learn a recovery procedure—use your own drives
 

jol

Member
@Larry I apologize to you, I didn't meant computer techs like you who invested all the time and tools needed to be a real DR pro

I meant the 99% + computer techs who doesn't have the slightest idea what it takes to be a real DR pro, started advertising them self everywhere, and put a big sign in front of their store saying "HAVE YOU LOST YOUR DATA, THE HARD DRIVE IS CLICKING (+the other nice and shiny words), YOU CAME TO RIGHT PLACE", thinking that buying a few DR soft existing on the market makes them a DR pro.
the problem with those guys is when a HDD with a few bad sectors - for example - arrived, and they succeed to recover the data, makes them think that they are a real deal.
Those computer techs making the data recovery more difficult to impossible sometimes for the real pros, (not to mention more expensive).

Apologizing again
 
LarrySabo":iq1l6id4 said:
[post]5408[/post] · Be truthful when dealing with people and about what’s needed to repair the drive or recover the data, e.g., that heads need to be changed in a clean room when the problem is logical, or charging for a donor that’s not really required


this point liked most

thanks larry
 

LarrySabo

Member
@Jol,

Awk! I just lost my perfectly composed, well-thought-out reply by accidentally hitting a wrong key! LOL. Anyway, it said no need to apologize, as I never took your comment personally, plus it was spot on. Thanks for your kindness, though.

It also said, it's hard to make a go of the DR part of my business when a major source of referrals is my competition, and when most DR forums tell people not to take their DR needs to a computer repair shop. I should really separate the DR part of the business and have started developing a "Sabo Data Recovery" website but WP takes more dedication, effort and brain cells than I can muster just now. In the meantime, I have a growing list of satisfied DR customers and that part of the business is growing--just not as fast as it could if it were independent from the computer repair part.

Now, back to discussing ethics. :)
 
Top