Recoverable data is very often lost by users attempting to repair or recover data themselves, resulting in permanent data loss. It can be tempting to ask a Windows prompt to attempt to repair a file system or a file, but this can actually do more harm than good.
The thousands of cases we hear about this every month gave us the idea to put together a simple acronym to help everyday computer and mobile device users retain their data, or the ability to recover their data, when something goes wrong. SCAN: Stop, Check (for danger), Ascertain, Notify is designed to be simple to remember and to execute, especially when stress levels are running high.
Stop
This is the most critical of all of the steps. As soon as you suspect data loss, you should stop what you are doing as it is extremely likely that any further action can cause data loss.
The risk is very real. For example, data may often appear to be ‘deleted’ but still exists, only the index to the data is broken. Think of it like this: if you delete a library book from a library catalogue the library book is still on the shelf. In the case of digital storage, when a file is deleted from a computer’s index, the system thinks the space that file occupied is now available to house new data and the original file is overwritten.
This is why it is critical to stop using the device as any new data written to storage – and this can be as simple as the log files from a file search or history of an internet search – could be written over the ‘deleted’ data you are trying to recover.
In these situations data recovery software would most likely be the solution. However, it’s important not to install it to the affected media. Instead it should be installed onto another drive and used to scan the original device from there.
Check (for danger)
When a data loss occurs, there may be times when there will be a physical risk to yourself, others or the data itself if it is accessed. This is especially true in the case of damage such as a fire or flood.
Obviously, you don’t want to put yourself or other people at risk when trying to access where data is stored. It’s common sense to get clearance from emergency services if necessary when accessing damaged storage devices.
Ascertain
Once you have secured your data storage device, or even beforehand, you should record as many details as possible about the storage device and the data loss situation.
For example:
- What happened before the data loss?
- Did you see any alerts or notifications?
- Did you hear, see or smell anything unusual?
- What is the make and model of the device?
- What type of data was stored on the device?
- How critical is the data stored on the device?
- How many people does it affect?
Notify
Once your data storage system has been safely secured and removed from use, and you have collected details about the device and the data loss you are ready to notify an expert. Your expert may be different to others, but generally it will be one of the following:
- Your IT department or IT support provider
- A friend or relative who works with, or takes a significant interest in computers and technology
- A reputable data recovery company
By Paul Le Messurier, Programme and Operations Manager at Kroll Ontrack
