What is the process that pro data recovery places do at just the analysis stage? I'm guessing that it's to listen to the drive, to gather SMART data about the drive and to see if R-Studio will quickly map out the contents of the drive and then recover the data.
The "pro" process is completely different than what you can do with software alone (which makes recovery more effective and keeps the drive's data much safer).
We definitely use our ears, but that doesn't always tell you much as you'd think. A "clicking" sound, for example, could be caused by several different problems (firmware corruption, ROM corruption, bad heads, bad PCB, bad sectors, etc).
*A screeching + scratching sound however, always means head(s) have crashed onto platter and are scratching it. If this is the case, we stop here.
Checking SMART data is something we never do (besides a quick check to see if SMART has passed or failed), as it's not reliable and a better diagnosis is possible without this data (explained below). Connecting to R-studio would be out of the question, as involving an OS and any data recovery software at this stage would be dangerous (explained below).
Assuming it's not screeching or scratching, we visually inspect the PCB. Assuming the drive gets "ready," we connect every drive to a hardware data recovery tool. If possible, all modules + the PCB's rom information are backed up. Then the drive's firmware is checked to make sure it's healthy. Then individual heads are tested (if possible).
Often times however, the drive isn't "ready" - it's either not spinning at all, stuck in a "busy" state, clicking, or various other issues. The real problem is determined after a thorough diagnosis using the knowledge of each make/model drive gained over the years in conjunction with hardware data recovery tools that communicate with the drive's firmware (think: operating system) directly and/or using multimeters, donor parts, hot air guns, etc.
I assume clean room "pros" may open the drive's cover and assess damage if the drive is making scratching or screeching sounds or if the drive is diagnosed as having multiple bad heads (as if only 1 bad head, the best solution, if possible, would be disabling that head, cloning the drive, then attempt to swap the head stack or platters to recover the sectors from the "bad" head).
After this analysis, we disable certain aspects of the drive's firmware to help facilitate a smoother clone (i.e. clearing smart modules, disabling certain background tasks the drive is running, etc). We also fix any corrupt firmware modules and if necessary disable any bad/dead heads. We turn off smart, auto-relocation of bad sectors, and other features depending on the drive and model (and problem with drive).
Then we clone using hardware cloner. Depending on the drive's condition, we may clone "good" heads first. We may also target specific important folders, files, or file types first, then attempt to clone the remainder (this would be after imaging the MBR if PC formatted or catalog file if Mac formatted). We almost always go after a 100% image of the drive.
At that point should I image or clone the drive? Or should I image or clone the drive before even thinking about using R-Studio?
The latter. Cloning afterwards would defect it's purpose, which is preserving as much of the drive's data as possible. Once you clone as much as possible (ideally 100% or 99.99%), then you use software to scan the drive's partition, find/locate all the data, and transfer the data to a transfer hard drive. We also backup the data (in addition to the separate clone drive) to an encrypted disk image for safe keeping (and hold for ~30 days).
A streamlined outline of our process can be found here:
http://www.300dollardatarecovery.com/ourprocess.html
*2AM post, forgive any spelling & grammatical errors
