My company has a Western Digital HD that makes clicking noises. It won't boot, and in another computer it is not in device manager. The HD has many customer credit card numbers and legal documents on it, so confidentiality is very important to us.

Is there a professional and reputable recovery company that not only guarantees confidentiality, but also has a written guarantee not to view the contents of the HD whatsoever? We need a company that has a cleanroom, and doesn't outsource HDs that need a cleanroom.

if your data is that much series, i suggest to ask about Mobile Recovery Service or On-Site Recovery Service.

_________________
Kuwait Data Recovery - UNIX GTC
The only reason for time is so that everything doesn't happen at once. By: Albert Einstein

@einstein9
Makes clicking noises needs physicall work not possible on mobile recovery .

You need to check your own security policy. Broadcasting that you require data recovery from a drive that contains "many customer credit card numbers and legal documents " is a little unbelievable in itself.

_________________
All went well until I plugged the drive in.

heheh PM Sent...

_________________
Kuwait Data Recovery - UNIX GTC
The only reason for time is so that everything doesn't happen at once. By: Albert Einstein

I gave no details about myself or my company nor did i provide any details that can be tracked back to me.

Most DR firms I know of have some sort of confidentiality agreement. If you are sure you do not want anybody viewing the contents of your disk I am sure that would be OK, but then the technician would not be able to ensure there are no problems with the data. For example if a Hot-Swap was used to gain data access some problems with adaptives could cause 'shifting' of data. Similar scenario if the HDD translator cannot be restored. If the surface has errors the quality of recovered data could be affected etc

The only situation where somebody would view the content of your data is to verify its integrity, which ultimately benefits only you.

It is worth mentioning that many firms have recovered sensitive data for banks and other high profile companies whose data consists of client information including credit card information.

If they are willing to pay enough I can move myself and all the equipment to their office , it depends if they pay anyway even if disk turns to be unrecoverable and regardless of the outcome i.e. they want a single file and there is media damage right on that area , but who knows if this is another case where a cow that lay eggs, makes chocolate milk and cachemire wool and can be ridden is wanted, for 10$

Just look for companies that have registered terms of confidentiality, a company that has the whim of this detail is probably not a company backyard.

Would you mind explain or was an automatic translation ?

After the explanation, would you mind ALSO explain what are "REGISTERED TERMS OF CONFIDENTIALITY" as there is NO implicit or explicit guarantee that even, let's say, an ISOxxxx certified companies CANNOT POTENTIALLY infringe a NDA/CA in a ISO certified manner , I mean that problems occurred almost at everywhere - the responsibility is just on WHO does the job, regardless or records, "pedigree" and so on. Nevertheless there are people that are trustable more than other but this doesn't invalidate the potential problem.
This is why many companies have / are planning to have / are building up internal TS/ITS depts.
In Italian : "LE CHIACCHERE STANNO A ZERO" (translate yourself) as the law by itself covers all these aspects in an excellent way. PERIOD

Just some (surely off topic) quick comments about ISO certifications:

A company being ISO certified just means they have documented their processes (how they do things). The company is then obligated to work according to their documented processes. Any piece work has to be auditable, and signed check lists are most often the tools for this. Routines for improving processes by reviewing historical data from processes should also be in place.

That's all. You tell what you are going to do, and then do it. So if your ISO routines state that you are to smash every incoming HDD with a hammer, you are on safe ground as long as you do it (and document you having done so).

On the other hand: As any ISO certification is costly both initially and on-going, it is a sign of the company being not too small, and probably having some financial backing. Which again might imply physical security being in place. E.g client HDDs stored in fireproof safes, and premises frequently visited by watchmen.

While signed check lists might enable a larger company to trace whom did what, this is a moot point for a small company. I am siding with BlackST on this issue. It is all about trusting the person who does the job. In a small company you know who to trust as responsibilities are carried by few persons. This is not the case in larger companies, and ISO certifications are tools aiming to mend that.

Reading the first post, I immediately asked myself: if you don't trust anyone to look at your data, why would you hand over your data to them in the first place?

In fact, Eleg.

My reply was an extremization but things are exactly like that.

Data recovery engineers come across sensitive data on a hourly basis, from social security numbers to personal and commercial bank/credit card account numbers and their associated passwords. At a busy company, they do not have time to go through files by opening each one of them to see their content. Nobody really cares. They want to recover your data, charge you and move on to the next case.

Reputable companies have non-disclosure agreements as well as third party data security certifications in place. I think the latest such certifications are SAS 70, or newest SOC 3. All reputable companies have performed recoveries for the government. Some are on the GSA schedule, therefore some very strict expectations must be met.

If for whatever reason you would like something more than what they offer as far as confidentility, then you can always demand special arrangements. Depending on what these are, they may cost you extra.

If you were able to tell what would satisfy your expectations for this WD drive recovery, what exactly would that be?

_________________
Hard Disk Drive (HDD), Solid State Drive (SSD, SATA, NVMe, etc), USB Flash Drive and RAID Data Recovery Specialist in Massachusetts

We are WD authorized and a confidentiality agreement is standard fare for us.

We typically look at the streams of data as a drive is being imaged and directory structures as it's being recovered, but it's not essential if we use one particular process. We don't need to look inside the directories at the individual files if that is what a client specifies. The problem with that we lose the ability to gauge quality control of the final product.

My chief concern as an owner / operator is that we don't want the exposure of being an unwitting party to propagating illegal content, e.g. child pornography. So our requirement would be to vet the customer as best as we can before we would take on a project like this.

I imagine other DR pros might have similar concerns.

Jon

_________________
http://www.datasaversllc.com