Recovering data from hard disks that use ATA password protection
Data security is a growing concern amongst organisations and individuals. Encryption methods, BIOS passwords and password protected files are becoming more common, in fact practically every device seen by Data Clinic now has some kind of protection system in place, from easily by-passed Windows User passwords to hard to crack encryption methods and even steganography.
This page looks at the ATA password protection method and how to identify devices protected in this way.
An ATA password (also known as the ATA Security Feature Set) is part of the ATA specification and allows two 32 byte passwords to be set on the drive; a User Password and a Master Password. This protection is normally only implemented on laptop hard disks but as part of the ATA specification can be implemented on any hard disk the behaviour is the same regardless of the type of ATA hard drive.
The protection is normally activated by setting the user password with the Security Set Password ATA command (setting of the Master Password allows to override the User Password only and will not lock the device). Once this command has been issued and the power is cycled or the device is otherwise reset the disk is locked. The disk in this state allows no access to its data and accepts only a limited number of commands, such as, for instance, Identify Device, Serial Number etc.
There are two different security levels detailed in the ATA specification, High and Maximum. If the hard drive is protected using the High security level either the Master or the User password can be used to unlock the drive, however if the security level is set to Maximum only the User Password will enable unlocking of the drive.
A drive that is locked using an ATA password will appear in the BIOS normally displaying all the information that you would expect to see such as the drive model and serial numbers but will refuse to boot, dependant on the particular BIOS being used you may or may not be informed that the drive is password protected or provided with a prompt at which to enter a password.