+43-1-2360101+49-40-54887560+31 252 621625
Case study: HP PROLIANT ML350 G6
Case study of a data recovery from a RAID 5 in a Hewlett Packard ProLiant ML350 G6 with five SAS hard disks.
DIAGNOSIS REQUEST

Data recovery of HP PROLIANT ML350 G6

The elaborate reconstruction of the RAID 5 array and the recovery of the file server as well as the contained data was performed in our High Priority Service – the case was handled 24x7

04. April 2018 - Sebastian Evers

Initial data loss situation:

Storage media with data loss:

Data specified for recovery:

  • File server / files

The RAID 5 of a customer failed. We were told that the RAID system „crashed“ and went offline. In order to correct the error, the allegedly defect RAID controller was exchanged by the manufacturer. After the replacement of the controller five HDDs of the ProLiant server were not recognized anymore. When the hard disks were finally forced to recognise again, only one of the two logical volumes was visible.

Analysis and conduction of the data rescue:

The german-based system was picked up by a courier and directly transported about 600 kilometres to the Attingo laboratory. The first damage evaluation showed no physical damages of the hard disks. 100% raw data of all five hard disks could be copied. The technicians had to ascertain a heavily damaged logical content of the RAID array. Spot checks of several large and fragmented file types were positive.

Attingo was able to determine the previous RAID-parameters of the array and reconstruct parts of the NTFS file system. Different approaches delivered outcomes of qualitative diversity: The recovery of existing files, the recovery of deleted files, anonymous files with folder structure and the recovery of files without any file system structure. With a mix of all these approaches, a usable result was generated which significantly reduced the data loss of the customer.

Peculiarity:

As diagnosed, the RAID 5 was originally on five hard disks. One of these hard disks was removed, formatted and partially with software-based recovery tries overwritten. Afterwards, a new RAID 5 array was created with the four remaining hard disks and the data was partially overwritten with a new parity. Additionally, new logical volumes were created and recovery software was installed. Because of all of this, several million sectors of users data was overwritten and important file system information was lost.

Dipl. Ing. Nicolas Ehrschwendner
CEO
+43-1-2360101
+49-40-54887560
+31 252 621625
info@attingo.com WhatsApp Live-Chat Online request
24h-Service 98% rescue success
staatliche Auszeichnung Austria A iso 9001 siegel grau https://www.allianz-fuer-cybersicherheit.de

Attingo-Magazin

Exhibition and conference dates
Blog
Keywords
FAQ - Frequently asked Questions
Case Studies: Data Recovery