DATA RECOVERY PROCESS
     HARD DRIVE CRASH
Desktop Drives
Laptop Drives
External USB Drives
RAID Arrays
Network Attached Storage
 
Apple/Mac Data Recovery
Linux Data Recovery
 
Electronic Failure
Mechanical Failure
Firmware Corruption
ATA Password Retrieval
Ghosted HD recovery
Data wiping
Forensic Investigations
     REMOVABLE MEDIA
Tapes
Flash Storage
USB "Pen Drives"
All CD & DVD media
ZIP/JAZ products
iPod/iPhone
Untitled Document

Recovering data from hard disks that use ATA password protection


Overview: Data security is a growing concern amongst organizations and individuals. Encryption methods, BIOS passwords and password protected files are becoming more common, in fact practically every device seen by CompuRecovery now has some kind of protection system in place, from easily by-passed Windows User passwords to hard to crack encryption methods. This page looks at the ATA password protection method and how to identify devices protected in this way.
An ATA password (also known as the ATA Security Feature Set) is part of the ATA specification and allows two 32 byte passwords to be set on the drive; a User Password and a Master Password. This protection is normally only implemented on laptop hard disks but as part of the ATA specification can be implemented on any hard disk the behavior is the same regardless of the type of ATA hard drive.
The protection is normally activated by setting the user password with the Security Set Password ATA command (setting of the Master Password allows to override the User Password only and will not lock the device). Once this command has been issued and the power is cycled or the device is otherwise reset the disk is locked. The disk in this state allows no access to its data and accepts only a limited number of commands, such as, for instance, Identify Device, Serial Number etc.
There are two different security levels detailed in the ATA specification, High and Maximum. If the hard drive is protected using the High security level either the Master or the User password can be used to unlock the drive, however if the security level is set to Maximum only the User Password will enable unlocking of the drive.
A drive that is locked using an ATA password will appear in the BIOS normally displaying all the information that you would expect to see such as the drive model and serial numbers but will refuse to boot, dependant on the particular BIOS being used you may or may not be informed that the drive is password protected or provided with a prompt at which to enter a password.
Identifying drives that have an ATA password: There is no simple way of doing this, however if the following points apply to your hard disk it may well be possible that an ATA password is set, should these apply please contact us immediately:

  • Drive identified correctly in the BIOS (Includes displaying of Model Number, Serial Number, LBA etc)
  • All sectors inaccessible (for advanced users giving the ATA status ABRT)
  • Inability to Boot into Operating System (Usually giving an error similar to 'DISK BOOT FAILURE' or 'PRIMARY HARD DISK FAILURE'.)
  • Dependant on the type of BIOS used you may be prompted for the password or even told directly that the hard disk is password protected.
  • Operating System installs disks and DOS bootable floppies will hang when accessing the hard disk and will give error messages when attempting to access the hard disk.

Removal of an ATA password: Removing a forgotten or unknown password from a hard disk is no simple task, whilst all of the data is intact and stored normally on the surface of the platters, the drive's firmware will not allow access to the data. Removal of unknown passwords has to be attempted by professionals with an in-depth understanding of the way the hard drive works and the changes that are necessary to bypass the security settings and access the data. Recovery of data is not being possible by changing the PCB of the hard drive as the password is stored in the firmware zone on the drive's platters.
Certain drives can develop problems that can lead to them behaving like they have an ATA password set, these drive types are known to us and detailed elsewhere on this site. Please always discuss with one of our technicians any case of a suspected ATA password on a drive that contains important data, it may be that a firmware corruption or other problem is giving the impression that the drive is protected, attempts to reset the password in these cases can lead to permanent irreversible damage.
Call CompuRecovery and talk your problem through with us on 866 4245123, or get a quote and we'll call you back
Emergency
Login
      Terms & Conditions | Privacy Statement | Fraud Protection | Print Shipping Label
Confidentiality and non-disclosure agreement
Copyright © 2007-2008 CompuRecovery