FAQ

Ransomware is a type of malware that encrypts the files on a computer system, rendering them inaccessible, and then demands a ransom in exchange for the decryption key. It is one of the most widespread cyber threats: according to the ENISA 2024 report, ransomware attacks increased by 37% in Europe between 2022 and 2023.

A typical attack process unfolds in four stages:

1. Infection — via phishing, unpatched vulnerability, exposed RDP, or compromised account
2. Reconnaissance and propagation — the malware maps the network and spreads laterally (duration: from a few hours to several weeks)
3. Encryption — files are encrypted with an asymmetric algorithm (RSA 2048 or 4096 bits) for which only the attacker possesses the private key
4. Extortion — a ransom note is dropped on the system with payment instructions (usually in Bitcoin)

#ransomware definition #ransomware #RSA encryption #ENISA #cyberattack

An ISO 5 laminar flow (formerly Class 100) is a controlled environment in which the air contains a maximum of 100 particles of 0.5 micrometers per cubic foot. This level of purity is essential for handling the internal components of a hard drive without risking contamination.

#laminar flow #ISO 5 #cleanroom #particles

Forensic data recovery (or digital forensics) is a rigorous technical process that aims not only to recover deleted or hidden data, but also to preserve the chain of custody so that this data is admissible in court.

The main differences with standard data recovery:

#forensics #digital investigation #forensic evidence #chain of custody #write blocker

SDLT (Super DLT) is the high-capacity evolution of DLT, developed by Quantum. It offers native capacities ranging from 110 GB (SDLT 220) to 300 GB (SDLT 600), compared to a maximum of 40 GB for DLT-IV.

#SDLT #DLT #Quantum #capacity #difference

The ISO 14644-1 classification defines air purity by the maximum number of particles per cubic meter. In ISO 5, the air contains a maximum of 3,520 particles of 0.5 µm/m³. In ISO 7 (a common class in the industry), this figure rises to 352,000 particles — 100 times more. For hard drive data recovery, ISO 5 is the minimum requirement because the read head flies over the platters at only 7 nanometers.

#ISO 5 #ISO 7 #ISO 14644-1 #comparison #particles

SLR (Scalable Linear Recording) is the evolution of the QIC (Quarter-Inch Cartridge) format. Both use a quarter-inch tape, but SLR offers higher capacities and transfer rates. We recover data from both formats.

#SLR #QIC #magnetic tape #difference

A logical failure affects the file system or the data itself (accidental deletion, formatting, corruption, virus). The storage device functions normally, but the files are inaccessible. A physical failure affects the hardware components (read/write heads, motor, memory chips, connector). The storage device does not start, makes abnormal noises, or is no longer detected. A physical failure requires intervention in an ISO 5 cleanroom environment.

#software failure #hardware failure #difference #laminar flow

Our forensic procedure follows a strict 5-step protocol:

1. Reception and documentation — recording of the media with photos, serial number, physical condition observed. Issuance of a signed acknowledgment of receipt.
2. Forensic acquisition — bit-by-bit cloning of the original media via a certified hardware write-blocker. Calculation of MD5 and SHA-256 hashes on the acquired image. The original media is never modified.
3. Analysis — investigation on the working copy: recovery of deleted files, analysis of metadata, reconstruction of the activity timeline, identification of artifacts (logs, history, registry).
4. Documentation — each action is recorded in a time-stamped log. Relevant files are extracted and cataloged.
5. Expert report — detailed report including the methodology, tools used, results and conclusions, accompanied by digital attachments.

#forensic procedure #acquisition #write-blocker #expert report #protocol

We are committed to responding to all requests within 2 business hours. Upon physical receipt of your media, the diagnosis is performed within 3 hours, and a detailed quote is sent to you before any work begins. No intervention is carried out without your explicit agreement.

#response time #diagnosis #quote #2 hours

All types of storage media: hard drives (HDD), SSDs, USB sticks, memory cards (SD, microSD, CF), phones, tablets, NAS and RAID servers, magnetic tapes and optical media (CDs, DVDs). The partner ensures packaging suitable for each type of media.

#supported media #HDD #SSD #smartphone #RAID

A broken or stuck magnetic tape in a drive requires immediate professional intervention: any attempt at manual extraction risks aggravating the damage and making data recovery impossible. Our magnetic tape recovery experts have specialized equipment to extract stuck tapes without further data loss, and perform the necessary physical repairs in an ISO-certified cleanroom, a controlled environment eliminating particles that could permanently damage the media.

Steps to take if a tape is stuck or broken

1. Immediately stop the drive – Do not attempt to restart playback or force the tape to eject: each additional attempt increases the risk of irreversible laceration.
2. Do not disassemble the cartridge – Opening a cartridge outside of a cleanroom environment exposes the tape to dust and humidity that can destroy magnetic data.
3. Store the tape at room temperature – Avoid temperature variations (ideally between 18°C and 22°C) and excessive humidity before handling.
4. Contact our experts without delay – We will evaluate the condition of the media free of charge and define the appropriate recovery protocol (mechanical extraction, resplicing, head cleaning, or cleanroom transfer).

#Tape #Magnetic tape

The loss of readability of a tape by your backup software is a situation that can be recovered in most cases thanks to low-level reading, a technique for direct extraction of raw data that bypasses failing software layers.

Even if the software no longer recognizes the tape or the catalog is lost, our experts analyze the raw content of the tape byte by byte. In the vast majority of cases, we can reconstruct the file catalog and allow you to selectively restore your data.

Key takeaway: Do not attempt to rewrite or reformat the tape before attempting recovery. Any write operation may permanently overwrite recoverable data.

#Tape #Magnetic tape

The backup catalog is the index that allows backup software to list and locate files stored on a magnetic tape. Without it, the software can no longer identify the available data or restore it directly.

If the catalog is lost or corrupted, it is often possible to rebuild it by complete sequential reading of the tape: the process involves scanning the entire medium to reconstruct the list of files present, block by block. This operation is longer than a standard restore — allow several hours depending on the capacity of the tape (LTO-8: up to 12 TB native) — but it allows you to recover the data without depending on the original catalog.

Reconstruction is possible even without the original backup software (Veritas NetBackup, Veeam, Arcserve, etc.), thanks to specialized tools capable of reading the proprietary formats of the main solutions on the market.

#Tape #Magnetic tape

The first few hours are crucial to limit the extent of the damage. Here's the emergency procedure:

1. Isolate infected machines — immediately disconnect from the network (Ethernet cable and Wi-Fi) to stop lateral propagation
2. Do not restart systems — some encryption keys remain in RAM and can be extracted while the system is running
3. Preserve traces — do not modify any system files; these elements are essential for forensic analysis
4. Identify the ransomware — upload an encrypted file to ID Ransomware (id-ransomware.malwarehunterteam.com) to identify the family
5. Evaluate your backups — check if your offline or cloud backups are intact
6. Contact a specialist — an incident response expert can intervene in less than 2 hours

#ransomware emergency #what to do #first steps #isolate network

The first few minutes are critical. Here's the procedure to follow in order:

1. Stop using the phone — every action (taking a photo, installing an app) can overwrite the deleted data
2. Switch to airplane mode — to stop automatic synchronizations that could potentially overwrite data
3. Do not attempt data recovery yourself with consumer software if the phone is making abnormal noises or not starting correctly
4. Check your backups — iCloud, Google One, Samsung Cloud — before any intervention
5. Contact a specialized laboratory for a free diagnosis within 3 hours

#emergency #first aid #data loss #procedure