Recover from information loss

Table of Contents

...Loading Table of Contents...

    Each new method of storing or transferring digital information tends to introduce several new ways in which the information in question can be lost, taken or destroyed. Years of work can disappear in an instant, as a result of theft, momentary carelessness, the confiscation of computer hardware, or simply because digital storage technology is inherently fragile. There is a common saying among computer support professionals: "it's not a question of if you will lose your data; it's a question of when." So, when this happens to you, it is extremely important that you already have an up-to-date backup and a well-tested means of restoring it. The day you are reminded about the importance of a backup system is generally the day after you needed to have one in place.

    Although it is one of the most basic elements of secure computing, formulating an effective backup policy is not as simple as it sounds. It can be a significant planning hurdle for a number of reasons: the need to store original data and backups in different physical locations, the importance of keeping backups confidential the challenge of coordinating among different people who share information with one another using their own portable storage devices. In addition to backup and file-recovery tactics, this guide addresses two specific tools, Cobian Backup and Recuva.

    What you can learn from this guide

    • How to organise and back up your information
    • Where you should store your backups
    • How you can manage your backups securely
    • How to recover files that have been deleted accidentally

    Introduction to file recovery

    Background Scenario

    Elena is an environmentalist in a Russian-speaking country, where she has begun to create a website that will rely on creative presentation of images, videos, maps and stories to highlight the extent of illegal deforestation in the region. She has been collecting documents, media files and geographic information about logging for years, and most of it is stored on an old Windows computer in the office of the NGO where she works. While designing a website around this information, she has come to realize its importance and to worry about preserving it in the event that her computer should be damaged, especially if it should happen before she gets everything copied up to the website. Other members of her organization sometimes use the computer, so she also wants to learn how to restore her files if someone accidentally deletes the folder containing her work. She asks her nephew Nikolai to help her develop a backup strategy.

    Identifying and organising your information

    While it is clearly important that you take steps to prevent disaster, by making sure that your information is physically safe, free of malware and protected by a good firewall and strong passwords, on their own these steps are not enough. There are simply too many things that can go wrong, including virus attacks, hackers, electrical short circuits, power spikes, water spills, theft, confiscation, demagnetisation, operating system crashes and hardware failure, to name just a few. Preparing for disaster is just as important as defending against it.

    Elena: I know backup is important, Nikolai, but doesn't that mean I should have someone else set it up for me? I mean, am I really going to have the time, resources and expertise to do this on my own?

    Nikolai: You'll be fine. Coming up with a good backup plan takes a bit of thought, but it doesn't take all that much time or money. And, compared with losing all of your information, you can hardly call it inconvenient, right? Besides, backup is definitely one of those things that you should manage yourself. Unless the people who normally help you out with tech support are extremely reliable and extremely well-informed about where you keep your digital information, you're better off setting things up on your own.

    The first step to formulating a backup policy is to picture where your personal and work information is currently located. Your email, for example, may be stored on the provider's mail server, on your own computer, or in both places at once. And, of course, you might have several email accounts. Then, there are important documents on the computers you use, which may be in the office or at home. There are address books, chat histories and personal program settings. It is also possible that some information is stored on removable media as well, including USB memory sticks, portable hard drives, CDs, DVDs, and old floppy disks. Your mobile phone contains a list of contacts and may have important text messages stored in it. If you have a website, it may contain a large collection of articles built up over years of work. And, finally, don't forget your non-digital information, such as paper notebooks, diaries and letters.

    Next, you need to define which of these files are 'master copies,' and which are duplicates. The master copy is generally the most up-to-date version of a particular file or collection of files, and corresponds to copy that you would actually edit if you needed to update the content. Obviously, this distinction does not apply to files of which you have only one copy, but it is extremely important for certain types of information. One common disaster scenario occurs when only duplicates of an important document are backed up, and the master copy itself gets lost or destroyed before those duplicates can be updated. Imagine, for example, that you have been travelling for a week while updating the copy of a particular spreadsheet that you keep on your USB memory stick. At this point, you should begin thinking of that copy as your master copy, because the periodic, automated backups of the outdated version on your office computer are no longer useful.

    Try to write down the physical location of all master and duplicate copies of the information identified above. This will help you clarify your needs and begin to define an appropriate backup policy. The table below is a very basic example. Of course, you will probably find that your list is much longer, and contains some 'storage devices' with more than one 'data type' and some data types that are present on multiple devices.

    Data typeMaster / DuplicateStorage deviceLocation
    Electronic documentsMasterComputer hard driveOffice
    A few important electronic documentsDuplicateUSB memory stickWith me
    Program databases (photos, address book, calendar, etc.)MasterComputer hard driveOffice
    A few electronic documentsDuplicateCDsHome
    Email & email contactsMasterGmail accountInternet
    Text messages & phone contactsMasterMobile phoneWith me
    Printed documents (contracts, invoices, etc.)MasterDesk drawerOffice

    In the table above, you can see that:

    • The only documents that will survive if your office computer's hard drive crashes are the duplicates on your USB memory stick and the CD copies at home.
    • You have no offline copy of your email messages or your address book, so if you forget your password (or if someone manages to change it maliciously), you will lose access to them.
    • You have no copies of any data from your mobile phone.
    • You have no duplicate copies, digital or physical, of printed documents such as contracts and invoices.

    Defining your backup strategy

    To back up all of the data types listed above, you will need a combination of software and process solutions. Essentially, you need to make sure that each data type is stored in at least two separate locations.

    Electronic documents - Create a full backup of the documents on your computer using a program like Cobian Backup, which is described in more detail below. Store the backup on something portable so that you can take it home or to some other safe location. External hard drives, CD/DVDs or USB memory sticks are possible choices. Some people use CDs or DVDs for this, since the risk of overwriting and losing your backup is lower. Blank CDs may be cheap enough to allow you to use a new one every time you make a backup.

    Because this category of data often contains the most sensitive information, it is particularly important that you protect your electronic document backups using encryption. You can learn how to do this in How to protect the sensitive files on your computer and in the VeraCrypt Guide.

    Program databases - Once you have determined the location of your program databases, you can back them up in the same way as electronic documents.

    Email - Rather than accessing your email only through a web browser, install an email client like Thunderbird and configure it to work with your account. The Thunderbird Guide explains in detail how to do this. Also most webmail services will provide instructions on how to use such programs and, often, how to import your email addresses into them. You can learn more about this in the Further Reading section, below. If you choose to move your old email messages to your computer so they are not stored on the server (e.g. for security reasons), make sure that you include them in the backup of electronic documents described above.

    Mobile phone contents - To back up the phone numbers and text messages on your mobile phone, you can connect it to your computer using the appropriate software, which is generally available from the website of the company that manufactured your phone. You may need to buy a special USB cable to do this.

    Printed documents - Where possible, you should scan all of your important papers, then back them up along with your other electronic documents, as discussed above.

    In the end, you should have rearranged your storage devices, data types and backups in a way that makes your information much more resistant to disaster:

    Data TypeMaster/DuplicateStorage DeviceLocation
    Electronic documentsMasterComputer hard driveOffice
    Electronic documentsDuplicateCDsHome
    A few important electronic documentsDuplicateUSB memory stickWith me
    Program databasesMasterComputer hard driveOffice
    Program databasesDuplicateCDsHome
    Email & email contactsMasterGmail accountInternet
    Email & email contactsDuplicateThunderbird on office computerOffice
    Text messages & mobile phone contactsMasterMobile phoneWith me
    Text messages & mobile phone contactsDuplicateComputer hard driveOffice
    Text messages & mobile phone contactsDuplicateBackup SIM cardHome
    Printed documentsMasterDesk drawerOffice
    Scanned documentsDuplicateCDsHome

    Elena: I know some people who keep all of their important documents on Gmail, by attaching them to 'draft' messages or emails to themselves. Would that count as a 'second physical location' for my files?

    Nikolai: It might help you recover if you lose one or two very important documents, but it's pretty awkward. Honestly, how many documents per week would you be willing to back up like that? Plus, you need to consider whether or not those attachments are safe, especially if you're at all worried about your email being monitored. Unless you're connecting to Gmail securely, this is a bit like handing over your sensitive information on a silver platter. Using an HTTPS connection to Gmail in order to back up small VeraCrypt volumes or KeePass database files would be pretty safe, because they're encrypted, but I really wouldn't recommend this as a general-purpose backup strategy.

    Creating a digital backup

    Of the various data types discussed here, it is the 'electronic documents' that people tend to worry about most when establishing a backup policy. This term is somewhat ambiguous, but generally refers to files that you keep track of yourself and that you open manually, either by double-clicking on them or by using a particular application's File menu. Specifically, it includes text files, word processing documents, presentations, PDFs and spreadsheets, among other examples. Unlike email messages, for example, electronic documents are generally not synchronised with remote copies over the Internet.

    When backing up your electronic documents, you should remember to back up your program databases, as well. If you use a calendar application or an electronic address book, for example, you will need to find the folder in which these programs store their data. Hopefully, these databases will be in the same location as your electronic documents, as they are often kept inside your My Documents folder on a Windows computer. If that is not the case, however, you should add the appropriate folders to your regular backup.

    Email stored by an application such as Thunderbird is a special example of a program database. If you use an email program, especially if you are unable or unwilling to store a copy of your messages on the server, then you must ensure that this email database is included in your regular backup. You may consider image and video files to be electronic documents or items within a program database, depending on how you interact with them. Applications like Windows Media player and iTunes, for example, work like databases. If you use programs like this, you might have to search your hard drive to learn where they store the actual media files that they help manage.

    Storage devices

    Before you can back up your electronic documents, you must decide what kind of storage device you will use.

    USB disk or memory sticks - USB disk or memory sticks can be quite inexpensive, and offer large capacity. They are easy to erase or overwrite numerous times. USB disk or memory sticks have a limited lifetime, which greatly depends on ways and frequency of usage but is generally estimated to be around 10 years.

    Compact Discs (CDs) CDs store around 700 Megabytes (MB) of data. You will need a CD burner and blank discs in order to create a CD backup. If you want to erase a CD and update the files stored on it, you will need to have a CD-RW burner and rewritable CDs. All major operating systems, including Windows XP, now include built-in software that can write CDs and CD-RWs. Keep in mind that the information written on these discs may begin to deteriorate after five or ten years. If you need to store a backup for longer than that, you will have to recreate the CDs occasionally, buy special 'long life' discs or use a different backup method.

    Digital Video Discs (DVDs) - DVDs store up to 4.7 Gigabytes (GB) of data. They work much like CDs but require slightly more expensive equipment. You will need a DVD or DVD-RW burner, and appropriate discs. As with a CD, the data written on a normal DVD will eventually begin to fade.

    Remote server - A well-maintained network backup server may have almost unlimited capacity, but the speed and stability of your own Internet connection will determine whether or not this is a realistic option. Keep in mind that running a backup server in your own office, while faster than copying information over the Internet, violates the requirement that you keep a copy of your important data in two different physical locations. There are free storage services on the Internet, as well, but you should very carefully consider the risks of putting your information online and you should always encrypt your backups before uploading them to servers run by organisations or individuals whom you do not know and trust. See the Further reading section for a few examples.

    Backup software

    Cobian Backup is a user-friendly tool that can be set to run automatically, at regularly scheduled times, and to include only files that have changed since your last backup. It can also compress backups to make them smaller.

    Hands-on: get started with Cobian Backup for Windows

    As always, it is a good idea to encrypt your backup files using a tool such as VeraCrypt. More information about about data encryption can be found in How to protect the sensitive files on your computer.

    Hands-on: get started with VeraCrypt for Windows - Secure File Storage

    When using these backup tools, there are a few things you can do to help your backup system work smoothly:

    • Organise the files on your computer. Try to move all of the folders that contain electronic documents you intend to back up into a single location, such as inside the My Documents folder.
    • If you use software that stores its data in an application database, you should first determine the location of that database. If it is not in a convenient location, see if the program will allow you to choose a new location for its database. If it does, you can put it in the same folder as your electronic documents.
    • Create a regular schedule to perform your backup.
    • Try to establish procedures for all of the staff in your office who do not already have a reliable, secure backup policy. Help your coworkers understand the importance of this issue.
    • Make sure to test the process of recovering data from your backup. Remember that, in the end, it is the restore procedure, not the backup procedure, that you really care about!

    Elena: Alright, so I made an encrypted backup while I was at work, and I put it on a CD. Cobian is scheduled to update my backup in a few days. My desk at work has a drawer that locks, and I'm planning to keep these backup CDs in there so they won't get lost or broken.

    Nikolai: But what if your office burns down? Computer, desk, backup CDs and all? Or, what if your website forum gets used to plan some giant environmental demonstration, the authorities crack down, things get out of hand, and the organisation is raided? I doubt your little desk lock will keep the police from confiscating those CDs. What about keeping them at home, or asking a friend to store them for you?

    Recovering from accidental file deletion

    When you delete a file in Windows, it disappears from view, but its contents remain on the computer. Even after you empty the Recycle Bin, information from the files you deleted can usually still be found on the hard drive. See How to destroy sensitive information to learn more about this. Occasionally, if you accidentally delete an important file or folder, this security vulnerability can work to your advantage. There are several programs that can restore access to recently-deleted files, including a tool called Recuva.

    These tools do not always work, because Windows may have written new data over your deleted information. Therefore, it is important that you do as little as possible with your computer between deleting a file and attempting to restore it with a tool like Recuva. The longer you use your computer before attempting to restore the file, the less likely it is that you will succeed. This also means that you should use the portable version of Recuva instead of installing it after deleting an important file. Installing the software requires writing new information to the file system, which may coincidentally overwrite the critical data that you are trying to recover.

    While it might sound like a lot of work to implement the policies and learn the tools described in this guide, maintaining your backup strategy, once you have a system in place, is much easier than setting it up for the first time. And, given that backup may be the single most important aspect of data security, you can rest assured that going through this process is well worth the effort.

    Further reading

    • More information on backup and data recovery can be found in the 2.3 Information Backup, Destruction and Recovery chapter of the Digital Security and Privacy for Human Rights Defenders book.
    • Note that online backup brings new risks. At minimum, remember to encrypt your sensitive information separately yourself before you upload it to the server. Assuming you do the step above, there are free online data storage services as a convenient way to back up your information. Some options include: SpiderOak, Google Drive, tahoe-lafs.
    • There is an excellent article on data recovery in Wikipedia.