Data recovery possible from this disk?

[isternbu]

I have a pool configured the following. Disk1 failed and has been replaced. The pool is now healthy again. My question is, can any of the data that was written to Disk1 be recovered without access to the other disks? The drive is under warranty and I would like to send it in for replacement, but the pool contains sensitive data I do not want shared. Thank you.

Code:

Vdev1 (mirror)
disk1
disk2

Vdev2 (mirror)
disk3
disk4

Vdev3 (mirror)
disk5
disk6

Vdev4 (mirror)
disk7
disk8

Vdev5 (mirror)
disk9
disk10

 

[elvisimprsntr]

If you are concerned, perform a multi-pass random write using DBAN. Obviously, you will need an x86 machine to install the drive and boot the CD

Darik's Boot and Nuke

Download Darik's Boot and Nuke for free. A hard drive disk wipe and data clearing utility. Darik's Boot and Nuke ("DBAN") is a self-contained boot image that securely wipes hard disk drives (HDDs). DBAN is appropriate for personal use, bulk data destruction, or emergency data destruction for...

sourceforge.net

I'm sure there are other open source bootable CDs that will do the same.

 

[c77dk]

I would imagine that some data can be recovered - even though the chances are slim. A suggestion for the future is to encrypt the disks - with modern CPU you hardly notice it.

 

[isternbu]

What about from a failed disk from a RAID Z2 vdev, is that harder to recover data from vs the mirrored example?

 

[AlexGG]

The pool is now healthy again. My question is, can any of the data that was written to Disk1 be recovered without access to the other disks?

Maybe. At least, there is no guarantee that nothing can be recovered. Certainly any file which is below your record size (after compression) can be recovered (in its entirety) if it happens to be stored on that disk. Also, starts of files can be recovered and maybe identified.

What about from a failed disk from a RAID Z2 vdev, is that harder to recover data from vs the mirrored example?

Harder, yes. Mostly because the size limit goes down from record size to sector size (ashift). But still, if you have a file which is smaller than your sector size (after compression), it is possible that the entire file can be recovered. Also, some starting parts of files can be recovered, up to the length of your sector size (after compression).

Usefulness of the above depends on what type of data you are concerned about.

 

[winnielinnie]

A simple pass of dd'ing /dev/zero to the entire disk will suffice.

I would do it on another computer, to avoid accidentally wiping the wrong disk.

 

[HoneyBadger]

It's worth stating that if this data is confidential to the degree where you are concerned about recovery by a vendor during an RMA process (or interception by an adversary along the way) you should probably be running an encrypted pool and/or using self-encrypted drives.

You could always use the evaluation version of Klennet (free to view, costs money to actually restore files) to see if it is able to reconstitute anything if you're concerned.

Klennet ZFS Recovery

Klennet ZFS Recovery software - recover data from damaged or deleted ZFS pools. Fully automatic pool layout, RAID level, and disk order detection.

www.klennet.com

 

[AlexGG]

You could always use the evaluation version of Klennet (free to view, costs money to actually restore files) to see if it is able to reconstitute anything if you're concerned.

It will not be able to produce anything usable, but it is because it is for a different task. The recovery of whatever is on that mirror disk is probably not achievable with any commercially available recovery software. However, a tool custom-developed for a determined attacker can recover enough for some purposes (depending on what the sensitive data is, or, more specifically, what is the format of the data).

 

[isternbu]

Thanks for the info everyone. It is not classified data just things like tax returns and personal photos that I wouldn't want shared with a stranger. I am 2.5 hours into a DBAN wipe so the drive has some life left in it apparently.