Data Recovery Digest

Do-It-Yourself Windows File Recovery Software: A Comparison

results »

RAID 1 Data Recovery After a Virus Attack

In terms of fault tolerance, RAID 1 configurations are very robust. This is because a RAID 1 volume consists of independent disks which are mirrors of each other. Unlike RAID 0, which has no fault tolerance, and RAID 5, which as a fault tolerance of one disk, RAID 1 can continue operating and serving data as long as one member disk is functional. For example, if there are three disks in a RAID 1 and two fail, all of the data on the volume will be intact.
With that being said, there are certain situations where a RAID 1 configuration won’t provide any additional protection against data loss. This includes data loss or data corruption caused by a virus infection or a malware attack. There are a few main reasons for this.
Changes to Data on a RAID 1 Volume are Written Across All Drives
Unlike RAID 1, RAID 5 and RAID 6, RAID 1 does not utilize data striping. With striped data, the blocks that comprise any given file or data set are split across multiple disk drives. In this way, each member disk in a striped volume set has unique data on it. With RAID 1, this is not the case. Each disk on a RAID 1 will be a mirror of the other disks. Each write operation is repeated on each disk. This includes both valid data and corrupt or malicious data. So, if a virus starts deleting or overwriting files on the file system, they will be deleted or overwritten on all of the disks. This precludes any attempts at reclaiming data lost from one disk by recovering it from another disk.’
Damage Caused by a Virus is Often Random
Viruses and malware have two main objectives: espionage and havoc. In order to meet the latter goal, the damage caused by a virus will often be unpredictable and random. This makes data recovery much more difficult than if you were attempting to recover data after an accidental reformat or deletion of a particular file. Assessing the damage and identifying the areas that have been corrupted can be the most difficult part.
RAID is Not a Backup
This is true for all RAID levels. A RAID is designed to improve I/O performance and to maximize uptime. A RAID is not designed to take system snapshots, save historical versions of files or allow you to “roll back” to an earlier state. This is the role of a backup system, not a RAID. Even if you are using a RAID configuration, it’s imperative that you properly back up your data to another volume, machine and/or physical location.
Think of it this way: a RAID protects access to your data in the present. A backup allows you to “go back in time” by preserving your data as it was at a certain point in time. If there is damage caused by a virus on your RAID volume, there are no built-in features of the RAID 1 volume that will help you rectify the situation. Instead, you will have to rely on the same virus protection, virus removal and data recovery techniques you would employ on a single independent disk.


No comments yet. Sign in to add the first!