Data Recovery for a BIOS Password Encrypted Drive

Business with trusted partners is essential for your assurance.

A client recently came to us with a failed drive, looking for data recovery.  He told us that there was no encryption and that he had taken it to a local shop that said they couldn’t do anything for him unless they referred him to a forensic specialist for an estimated $4,500 in expenses.  When faced with the loss of all your personal photos, files, and all of your work data that’s a stiff price to pay as an individual for recovery.

In the world of digital forensics you’ll find a variety of capabilities and charge rates, as one might expect.  In this case it turns out the client was using BIOS based password protection, which is encryption for the disk.  Even if you pull the drive and mount it on another system the hardware requires the BIOS password before one can access data on the disk.  This prevents someone from stealing the drive and then stealing data off of the disk.  If you don’t use BIOS passwords for your system and hard disks for any mobile solution (if not all solutions) you should, because it works really well and mitigates risk related to data breach when a (mobile) device is stolen.  In this case the local computer shop didn’t realize that this was encryption and probably tried to mount it without success, didn’t know what to do, and then passed the buck to an expensive forensic solution.

4D5A Security mounted the drive with a write-blocker forensic device to confirm it was indeed encrypted and had a large section of sector failures that appeared to be only impacting the operating system files on the hard disk. Working with the client 4D5A Security was able to remove encryption for the drive, mount it, and then image it (using a write blocker to prevent data loss to the client disk).  Once the disk was imaged an extraction of files of interest took place with 100% recovery.  The client received a free cloud backup solution and was also assisted in how to use an external USB drive and backup software to automate daily backups to the drive.  The client got 100% data recovery and two solutions, for redundancy and mitigation of threats like ransomware, to proactively protect their data from loss going forth.  If a drive fails in the future the client will be able to easily recover their own data from the cloud or a local backup solution.  They can also retrieve incrementally backed up files that may have been deleted by the user, in part or whole, as a benefit beyond their immediate needs.  The client received services that were a fraction of what the original store quoted and solutions that actually solved their immediate problem as well as proactively moved them forward beyond this incident.