A friend of mine came to me with the following issue. Her computer was slow and they took it to PC World. All the technicians did was to reinstall Windows from the Recovery partition. No change in performance… Then my friend realised she was missing some important documents!… I told her to stop using it immediately and bring the machine to me.
The way hard drives work is as follows:
- Whenever a file is saved, it is written on the hard drive, sometimes in multiple places (fragmentation). The file name, the folder name and the real location(s) of the file on the hard drive are writen in a ledger, which in windows is called MFT, or Master File Table (https://msdn.microsoft.com/en-us/library/windows/desktop/aa365230(v=vs.85).aspx).
- Whenever a file gets deleted, its entry in the MFT is deleted, but the file still lives on the hard drive, until the operating system decides to save something over it.
- Whenever a drive gets formated, the MFT gets deleted and replaced with a brand new ledger.
- So, files can be rescued even when we think they are lost. Even files from websites we browsed or programs we installed and deleted stay on our hard drive for years. This is why forensic experts can recover data from hard drives even when internet history is cleared, even when the hard drive has been formatted. That’s why it’s not a good idea to sell your old laptop, if your hard drive contained sensitive info at some point of its life!
Here is what I did to save the files:
- I removed the hard drive and used a USB HDD docking station to connect it to my Windows machine. I have an Inateck USB 3.0 station, highly recommended!
- I then used PhotoRec (http://www.cgsecurity.org/wiki/PhotoRec) to find all deleted files. PhotoRec is a fantastic piece of open source software from Christophe Grenier, which basically goes through the entire drive, literally bit by bit, it identifies files that can be rescued and saves them in a different location. PhotoRec works on all operating systems; I installed it on my Windows 10 machine. I used a separate external USB3 drive to save all these files.
- This process took almost 10 hours to transfer 500K files from the original 1TB 2.5mm Samsung drive to the external drive. The files all appeared with code filenames, as the original names were lost with the original MFT. Their file extensions were (mostly) in tact. The files were saved in folders that did not necessarily match the original folders where these files reside.
- I passed the hard drive to friend and suggested that she buys Directory Lister Pro to help her go through all 500k files quickly.
And to speed up the computer:
- I added 8GB of RAM, so now the machine has 12GB in total.
- I upgraded the laptop from Windows8 to Windows10. Apparently the PC World technician thought it wass good enough to keep the machine on Windows 8 and he didn’t even install all the upgrades, not even the security ones…
- I also suggested upgrading the HDD to an SSD, but the cost/size compromise was an issue.
So, the morals of the story:
- Back up your files frequently and spend time to efficiently organise your precious files!
- When you think you have deleted a file, think again! It’s probably still there!
- If your computer is slow, your quick wins are RAM and SSD upgrades. Most old laptops and desktops can get a good performance boost for $50-200.
- There are some great Open Source packages to help you save files. No ral need to invest nto the expensive prorietary solutions.
If you really want to destroy a hard drive, just take a screadriver and take the hard drive apart! 🙂