Why do I need to worry about data loss?
If you need to ask yourself this question, then you must be one of the lucky few who have never experienced data loss. Unfortunately, most of us have been through these hard times more than once.
Imagine spending an entire day typing a document – and then there is a sudden reset, followed by an "oh no!" from you. Another common scenario might be when you bring the final version of a project to your manager on a floppy disk (worst case scenario: the file exists only on that floppy disk) and it just won't open when the crucial moment comes. These things have a tendency to make you feel incredibly lost and helpless.
The goal of this document is to help you avoid these nightmare situations, and provide your business with a fail-safe data loss prevention mechanism that will not let you down.
Why does data loss happen?
It is beyond the scope of this tutorial to describe all possible accidents in detail and classify them by type, which is why only the basic cases of data loss will be covered.
Data loss caused by software
While you are editing a document, the program crashes. When you open the file again, all the changes are lost. In the worst case scenario, you cannot open the document at all. There could be multiple reasons behind the crash, such as:
- faulty device drivers
- faulty hardware
- corrupt program files
- conflict between some of the running applications
Data loss caused by hardware
Usually hardware failure is more serious, and the chances of being able to recover data are much smaller. The problem is that unlike in the case of software failure, you can't actually access the data at all (think of a hard disk that doesn't turn on, or of a flash drive with a LED that doesn't blink anymore).
- faulty hardware (you were one of the"lucky" few customers who purchased
a damaged unit)
- sudden power surges
- unstable power source with a great noise level
- incorrect unit transportation
- negligent use of the device
Even if hardware can be replaced or fixed, while software can be updated or reinstalled – one problem remains – the lost data cannot be automagically recovered. This leaves you with a single possible approach – data protection achieved via efficient preventive measures.
How data loss occurs: problems vs solutions
Unsafely removed USB flash drive (applies to other types of removable media too)
This is the most common disaster-scenario. The risk is smaller on Windows XP computers, but it still exists. The problem happens because read/write operations are performed with the disk, and if it is removed by force – some files (or certain parts of certain files) are not written and will not be readable. Note that if this is a particularly unlucky day and your disk uses the FAT16 or the FAT32 file system, this crash can take the entire drive with it(!), not only the faulty file.
- Use the Safely remove hardware option.
- If you cannot follow the previous guideline (e.g. time critical
tasks), make sure there are no write operations in progress. While
this does not nullify the risk, it does minimize it.
possible, switch to the NTFS file system – it's a fault tolerant
solution, being a much more reliable backend for your important data
than FAT16 or FAT32.
Corruption of a remotely stored encrypted image (i.e. used via network)
This scenario is common in corporate environments, where network storage is a popular approach. Problems occur if the encryption-key area of the image is being updated at the moment of a connection failure (ex: an unplugged network cable, malfunctioning routers, etc).
- Make sure you have a reliable network: carefully arranged
cabling, stable power sources for both computers and networking equipment.
- Go for an optimal topology – the more nodes are between the server and the desktop, the greater is the chance of failure.
- Mount the image on the server (locally) and share the virtual drive
instead of sharing the folder which contains the encrypted image
(and mounting it on another PC). In such a case, the image will
be intact even if the network fails,
while Windows caching mechanisms will make sure the data is written
to the disk when the connection is restored. For convenience, the
server can be remotely controlled using special software, such
as VNC or Remote Desktop.
- Backup the disk encryption key.
Corruption during image transfers
Although this is not a common problem, it can happen to anyone. The image is copied to a different folder (drive, partition, or network location), then the original is deleted. When trying to open the copy of the image, the operation fails. This happens because the image has been altered during the copy process, or because it was written on a hard disk with corrupt sectors.
- Check the copy of the image, and if everything is ok, you can delete
the original. Otherwise, it is a reason to check the integrity of your media.
- Backup the disk encryption key.
Corrupt file system
Although this is a rare problem; it is the most critical one. Describing the factors which lead to this a condition is beyond the scope of this tutorial.
- Switch to NTFS, it is much more reliable than FAT16 or FAT32.
- If you are in a Windows 9x/ME environment, choose FAT32 instead of FAT16, the latter being less consistent.
- Do not 'play' with your partitions using third-party tools unless you know what you're doing.
These problems are simple and self-explanatory; therefore they will only be enumerated:
- Encrypted image written to a scratched CD/DVD or,
- A hard disk known to have many bad sectors.
- Handing important information to irresponsible persons.
- Using advanced tools without knowing what they do or not reading their error messages attentively.
Which risks do I face as a Private Disk user?
As a Private Disk user, you are exposed to the same risks, but due to the fact that strong encryption algorithms are used, additional problems can arise:
- if the encryption password is forgotten, the data is physically available, but it cannot be decrypted;
- if the encrypted image is corrupt, you will not be able to decrypt it correctly, even if the right password is known.
Conclusion – never forget your password, and make sure that the integrity of your encrypted data is preserved.
Preventive measures = best data protection
The best way to solve a problem is to avoid it. This section will list some data loss prevention steps. They have to be performed in order to minimize the chance of data loss and maximize the chance to recover data if things go wrong.
Backup the disk encryption key
Private Disk has a feature that allows you to backup the encryption key. By using this option, you ensure that you won't have any problems caused by the inability to decrypt the image. Some of the problems that will be avoided are:
- Image corruption after network failure
- An incorrectly copied image file
- Image copied from defective media
- A forgotten password
How to create a backup encryption key for your image:
1. Run Private Disk.
2. Switch to the Recovery tab.
3. Press Copy and choose your image file.
4. After entering your password, choose a file in which the backup will be stored and provide a password for the backup.
Backup solutions for advanced data loss prevention
The technique described above is a huge step forward, but it cannot prevent the most serious problems that might occur. Among them are:
- Permanent physical damage to the media (CD/DVD scratched beyond recognition, a hard disk that will not spin up, etc).
- A corrupt file system (often a consequence of bad hardware, but it could be caused by viruses or other malicious software).
- Stolen or lost media.
Regular data backup procedures will eliminate these risks. This process can be configured once and then automated, requiring little or no attention from you in the future. Moreover, you will not need any additional tools, as all the required mechanisms are either included in Windows, or are provided by Dekart for free.
Basically, you have to make a copy of your image once a week, or once a month (depending on how often you update it), ensuring that it is physically located on a different storage device and that the copying was successful.
By storing the image on a different device, you get reliability via redundancy. Understand that storing the image on the same hard disk will be useless if the hard disk is permanently damaged. In contrast, if you store your data on different media, or on another computer on the network, the chance of losing both copies of the image is extremely small.
Checking the integrity of the backup copy is also crucial. Even if the data backup is on a different hard disk or computer, it becomes useless if it was altered in some way during the copy process. An efficient way of checking the integrity of a file is to compute its hash and compare it to the hash of the original.
For this purpose, Dekart has developed a small data backup tool called HashCopy that can be used in conjunction with Windows' Task Scheduler. Below is a practical example:
Assume that your image is located here: c:\windows\sys.ext, you want to copy it at the end of each week to another computer's shared folder, available as I:\backup. Here is how HashCopy helps you do that:
1. Create bat file with the following contents:
HashCopy.exe "c:/windows/sys.ext" "i:/backup/sys.ext"
This will tell the utility to copy sys.ext to i:/backup/sys.ext.
2. Start the Control Panel and go to Scheduled Tasks.
3. Create a new task, choosing the bat file you have created at the first step.
4. Set the name of the task, and choose the additional parameters, such as the time and day of execution. You will also have to type in the password for your Windows user.
5. You can then edit the advanced settings.
If you did everything correctly, you will see the new task in the list. It will be executed at the specified time. From this moment on, if something happens to your data, you can always go to i:/backup and get an older version of the encrypted image. Of course, the latest changes will be lost, but you can still access all your precious files.
You can get some extra-reliability by adding the /queue parameter when running HashCopy, ex:
HashCopy.exe "c:/windows/sys.ext" "i:/backup/sys.ext" /queue
In this case, the utility will keep two data backups, a current copy and an old one. Each time the scheduled task is executed, the old copy is deleted, current becomes old, and a new current backup is made from the original image. In other words, you will always have two backups at hand, being able to revert your data to the state they were in one week or two weeks ago (depending on the selected backup interval).
Note: Double quotation marks are only necessary when you are dealing with paths that contain spaces, ex: C:/Program Files, but using them with simple paths is also possible. Therefore you can always use the double quotation marks and be sure that things will always work.
Note: A slash '/' is used as a folder separator, not a backslash '\'.
Note: If you are backing up your encrypted image at regular intervals, you have to keep in mind that enough free space is needed. If you use the /queue parameter, then you will need an amount of space that is twice as big the size of the image.
Tip: Another username and password can be used. This is helpful for system administrators, they can backup other users' data without their having to interfere.
Tip: You can minimize the loss of recent changes by backing up your data more often.
Tip: HashCopy has other functions too. You can learn more about them by reading the included manual.
- To prevent data loss, keep your system clean and tuned. Make sure
you use official software, an up-to-date antivirus solution,
stable device drivers and quality hardware – this guarantees
that your system will not crash out of the blue.
- Use your system with care, always take your time to shut down the
computer properly, or use the safe hardware removal option.
your data with care by keeping your CDs cased and your hard disks away
from magnets. Make sure the cups of coffee are at a safe distance when
your media lies on the desk.
- Always backup the disk encryption key if you use Private Disk.
- If your infrastructure allows it, make regular data backups (preferably on a different physical storage device).
- Private Disk: 256-bit encryption – full-featured, user-friendly and reliable disk encryption software