+43-1-2360101+49-40-54887560+31 252 621625
Case study: HP PROLIANT ML350 G6
Case study of a data recovery from a RAID 5 in a Hewlett Packard ProLiant ML350 G6 with five SAS hard disks.

Data recovery of HP PROLIANT ML350 G6

The elaborate reconstruction of the RAID 5 array and the recovery of the file server as well as the contained data was performed in our High Priority Service – the case was handled 24x7

4. 1 2018 - Sebastian Evers

Initial data loss situation:

Storage media with data loss:

Data specified for recovery:

  • File server / files

The RAID 5 of a customer failed. We were told that the RAID system „crashed“ and went offline. In order to correct the error, the allegedly defect RAID controller was exchanged by the manufacturer. After the replacement of the controller five HDDs of the ProLiant server were not recognized anymore. When the hard disks were finally forced to recognise again, only one of the two logical volumes was visible.

Analysis and conduction of the data rescue:

The german-based system was picked up by a courier and directly transported about 600 kilometres to the Attingo laboratory. The first damage evaluation showed no physical damages of the hard disks. 100% raw data of all five hard disks could be copied. The technicians had to ascertain a heavily damaged logical content of the RAID array. Spot checks of several large and fragmented file types were positive.

Attingo was able to determine the previous RAID-parameters of the array and reconstruct parts of the NTFS file system. Different approaches delivered outcomes of qualitative diversity: The recovery of existing files, the recovery of deleted files, anonymous files with folder structure and the recovery of files without any file system structure. With a mix of all these approaches, a usable result was generated which significantly reduced the data loss of the customer.


As diagnosed, the RAID 5 was originally on five hard disks. One of these hard disks was removed, formatted and partially with software-based recovery tries overwritten. Afterwards, a new RAID 5 array was created with the four remaining hard disks and the data was partially overwritten with a new parity. Additionally, new logical volumes were created and recovery software was installed. Because of all of this, several million sectors of users data was overwritten and important file system information was lost.

24h-Service 98% rescue success
staatliche Auszeichnung Austria A iso 9001 siegel grau https://www.allianz-fuer-cybersicherheit.de
Maximilian Maurer
Spare Part Manager
+31 252 621625
info@attingo.com WhatsApp Live-Chat Online request


Attingo in the press
Exhibition and conference dates
FAQ - Frequently asked Questions
Case Studies: Data Recovery