Kroll Ontrack: The company that can recover data from anything

Barry Collins April 19, 2016

It’s fair to say the staff at Kroll Ontrack like a challenge. Whether it’s the vital but grim task of recovering data from the black-box recorders on the Space Shuttle Columbia, or the recent retrieval of data from a Polish customer’s 20-year-old Amiga 600, the clean rooms at Kroll Ontrack’s premises see a huge variety of hardware – much of it in an appalling state.

See related 
FBI director calls encryption a “vicious guard dog” in Apple hearing
Data Encryption: Why your business should be using encryption
Cloud storage: How secure are Dropbox, OneDrive, Google Drive and iCloud?

However, it’s not the fire-damaged or fractured hard disks that seem to give Phil Bridge, the managing director of Kroll Ontrack UK, cause for concern. In fact, you rather suspect Bridge and his engineers enjoy the task of piecing together smashed hard disk platters. “We always say ‘don’t assume it’s irrecoverable’,” Bridge told us.

Indeed, it’s often not the physical recovery of the data that poses the biggest problem, but the format in which it’s stored: the increasing use of encryption makes the recovery of data that bit harder for Bridge’s team. But, as we discovered from our time with Bridge, Kroll Ontrack is a company that’s used to working out ways of achieving the improbable.

Changing shape of storage

kroll_ontrack_broken_iphone

Kroll is renowned among the IT press for its regular media challenges. The company sends journalists new hard disks, invites them to fill the disks with their data, and then encourages said hacks to do their worst: drop the disks out of a third-floor window, dunk them in Coca-Cola or reverse over them in a Land Rover. The disks are returned to Kroll in sealed bags and, weeks later, the journalists are invited to its European headquarters in Epsom, Surrey and sit gobsmacked as staff pull up the photos and documents that were once stored on their seemingly obliterated drives.

If Kroll was to run the challenge again, it’s as likely to send out an SSD or a phone as it is a hard disk, such is the evolving nature of the company’s recovery business. Computer hard disk recovery is still a big part of Kroll’s workload, but Bridge admits that more widespread use of cheap backup drives, and cloud backup in particular, is trimming demand for traditional types of data recovery.

“Ultimately, the cloud is still a storage device, it’s just somewhere else.”

Nevertheless, the shift to the cloud has opened new opportunities. “We’re seeing much more data stored in the cloud, both for consumer and big-business data,” said Bridge. “Ultimately, the cloud is still a storage device, it’s just somewhere else.”

Bridge says Kroll has good relationships with many of the cloud storage providers, which enables the company to recover data on their clients’ behalf, either by remotely accessing the provider’s servers or by physically getting their hands on the storage media. “It might be a question of the cloud provider ripping out a load of hard drives for us to work on locally,” said Bridge, although in virtualised environments where multiple customers’ data is stored on the same drives, that might not always be possible.

Moreover, Kroll works on behalf of the cloud providers themselves – even if some aren’t always willing to accept the help. “We had a cloud company call us recently who had a serious data loss at their back-end,” said Bridge. “They’d lost something like 3,000 customers’ worth of data. We were able to recover the data for them, but it was going to be a massive job. The company actually decided to lean on its Ts&Cs and go back to its customers and say: ‘your cloud storage is not a backup, it’s just storage. If you haven’t backed up your backup, that’s your lookout’. They basically refused to recover their customers’ data for them, and I suspect they’re out of business now.”


Encryption and the obstacles to recovery

Kroll can retrieve data from devices in the most destitute state. The laptop pictured in this article, for example, wasn’t only melted by the office fire it was trapped in, but also doused by the sprinkler system. Kroll still managed to retrieve 100% of the data. Yet, even if every last 1 and 0 is rescued from a barbecued hard drive, there are still other obstacles to full recovery.

See related 
FBI director calls encryption a “vicious guard dog” in Apple hearing
Data Encryption: Why your business should be using encryption
Cloud storage: How secure are Dropbox, OneDrive, Google Drive and iCloud?

Data encryption is pervasive in business and now even on consumer devices. The

iPhone encrypts user data and Apple claims it doesn’t store the keys to decrypt it. Bridge says accessing encrypted data is “always a challenge”, but not one that’s insurmountable. “In some cases we need the manufacturers’ assistance to get past some of this stuff,” said Bridge. “In some cases, we’ve got tools that can do it themselves. In other cases, we just need to lean on the customer to provide us with decryption passwords and the like.”

“We don’t like to go in via the backdoor and reverse-engineer anyone’s stuff.”

Is Bridge suggesting Kroll can circumvent encryption? “We don’t like to go in via the backdoor and reverse-engineer anyone’s stuff – we like to do it the correct way,” Bridge insisted. “But it depends on a case-by-case basis.”

A bigger problem is have-a-go heroes in the IT department. “So many devices come in to us after the world and his wife has had a crack at it. They’ve downloaded some software, they’ve tried to recover it themselves, it’s gone to some back-street shop maybe. Sometimes they render what would have been recoverable irrecoverable.”

Bridge claims that these botched rescue attempts are often a case of IT staff trying to cover up a mistake, such as botched backups. “It’s not just embarrassing, it’s their jobs on the line sometimes,” he said. “It’s not uncommon for us to speak to John from IT in the morning and call back in the afternoon and John no longer works there.”

It’s unclear if Kroll Ontrack could recover data from a blended product

Inquisitive minds

Solving these, often unique, data-recovery problems requires a special type of character. “I think that’s one of the reasons why we have such a low [staff] turnover,” said Bridge. “It’s really enjoyable to solve those problems that everyone thinks are impossible.” But there’s no ready-made pool of trained graduates waiting to be picked up at careers fairs. “I don’t believe there’s a university degree in data-recovery techniques,” said Bridge with a smile.

That means Kroll searches for “technical minds” that the company can train in-house. “We send our new recruits around the world. We’ve got 27 offices and varying degrees of engineering skillsets in each. And then it’s on-the-job [training] as you go. We have various different bands of engineer. They work their way through the different skillsets and operating systems and pretty much learn on the job from their colleagues.”

“When Kroll’s clients include the government, police and corporations, any leak of sensitive data could be catastrophic.”

It’s not only technical ability that Kroll demands of its staff, but absolute discretion. It doesn’t just recover highly sensitive data, it also offers to securely wipe data for clients. When those clients include the government, police and major corporations, any leak of sensitive data could be catastrophic for both the client and Kroll.

With recovery jobs often running to a tight deadline, the company’s UK staff may be required to securely patch into data stored in a clean room in another country and complete a recovery started by their foreign colleagues. “We have a really good footprint across the globe that enables us to effectively follow the sun and offer a 24/7, 365 service, minimising the time delays and the security concerns of any data crossing borders,” said Bridge.

That requires Kroll to demonstrate to clients that its staff are trustworthy. “We have government-security- cleared engineers working on equipment, we’re routinely audited by various different bodies, and we adhere to various different accreditations,” said Bridge. “More than anything, we’re a big international business and we’ve got our reputation on the line. We have to take it seriously because the reputational damage of a leak is incredibly high and something to be avoided at all costs.”

That can involve drives being chaperoned to Kroll Ontrack’s offices, where a dedicated, secure room is set up with no networked devices “so that anything we do in that room stays in that room”. Any storage devices used in the recovery are also taken away, ensuring nothing gets left behind. “I’ve been here 20 years and I haven’t found a situation yet that we couldn’t accommodate,” said Bridge.

Needless to say, these secure rooms don’t form part of the tour, when journalists see how their hard disks have been reassembled. More’s the pity…

READ NEXT: The company that could make your phone battery last a week

Related Posts

Why Can’t I Move Anything on my Figma Design? Here’s How To Fix How to Recover Deleted App Data on iPad How to Recover Deleted App Data on iPhone How to Add a Logo to Your Company in LinkedIn How to Add Multiple Positions at the Same Company in LinkedIn How to Recover Deleted Messages from a Snapchat Account [iPhone & Android] How to Recover Deleted History in Google Chrome How To Recover Deleted Messages in Facebook Messenger How To Recover Deleted Messages in Facebook
Send Email

Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.

You may also like
Send a Video on iPhone
How to Send a Large Video From Your iPhone

Paras Rastogi March 15, 2024

Adding image to a Layer in Procreate
Procreate: How to Add Image to Layer

Lee Stanton March 4, 2024

How to Turn Off CarPlay
How To Turn Off CarPlay on Your iPhone

Paras Rastogi March 3, 2024

Send To Someone

Missing Device