DataClinic - Data Recovery Services
  • Email
  • Facebook
  • Google+
  • Twitter
Call Now: 0871 977 2525
  • Home
  • Data Recovery Services
    • How Do Hard Drives Fail ?
    • RAID / Server Recovery
    • NAS
    • External & USB Drives
    • SSD
    • SCSI
    • Mobile Phones & Tablets
      • iPhone Data Recovery
      • Samsung Data Recovery
      • Android Data Recovery
      • Sony Xperia Data Recovery
      • Nokia / Windows Data Recovery
    • CCTV & DVR
    • Macs
    • Windows Computers
    • Lost & Deleted Files
    • Forensic Investigation
    • Advanced Recovery Service
    • Spare Parts & Donor Drives
    • Disk Manufacturers
      • Seagate Hard Drive Data Recovery
      • Western Digital Hard Drive Data Recovery
      • Toshiba Hard Drive Data Recovery
    • Tape Recovery
    • Tape Conversion
    • SQL Recovery
  • Locations
    • Birmingham
    • Glasgow
    • Leeds
    • Liverpool
    • London – Chiswick
    • London – City
    • Manchester
    • Northampton
    • Sheffield
  • Hard Drive Help & Advice
  • News
  • About Us / Contact

Recovering Deleted CCTV From A Samsung SRD-1670D

October 19, 2015 / Chris Seeley / Data Clinic Ltd, News

A Case Study

A Samsung SRD1670D CCTV systemAs part of a computer forensics legal case, Data Clinic were recently asked by a solicitor to attempt to recover the footage from a CCTV system. The system had been with Cleveland police for several months, who during that time had been unable to recover any footage. We pick up the story from where we were first contacted by the solicitor.

  1. Contact from the solicitor regarding the CCTV system, Cleveland Police were unable to recover anything and were unable to get through the password protection.

  2. CCTV system arrived with us containing 2 x 2TB Western Digital hard drives, this system was a Samsung SRD-1670D

  3. Each internal hard drive was tested with each displaying symptoms of media degradation, one quite badly degraded. (What is media degradation ? Go here: https://www.dataclinic.co.uk/recovery-hard-disk-drive-bad-sectors/)

  4. Each drive was cloned on to another 2TB WD drive, one a perfect clone the other with approx. 9000 bad sectors from 1.9 billion, both clones were considered more than acceptable for the purposes of CCTV image recovery.

  5. Examination of the drives showed each had an EXT3 partition of around 20GB and a larger XFS partition occupying the rest of the drive.

  6. Both drives were returned to the CCTV system and powered on.

  7. The system was security locked and neither the provided password nor the default would provide access.

  8. The correct username and password was then hacked from a file located in the 20GB partition at the beginning of one of the drives.

  9. We now had access to the system but no footage could be viewed, the system simply detailed each of the drives as empty.

  10. We then accessed the drives once again to see if we could play any of the stored files using various video player and codecs. Each of the files had an extension of .SSF

  11. Example CCTV footageThe files could not be played using any of the software we found nor would our carving methods work.

  12. We then discovered that the drive with the most content had partition damage due to the bad sectors and a lot of the files in the 20GB partition were in accessible. Attaching the drive to a Ubuntu system and running the command xfs_repair -L /dev/sda1 we were able to repair this enough to access and recover the missing files.

  13. It was here we discovered that each of the video files had 3 associated files probably used by the system for metadata or playback purposes.

  14. A new drive was introduced into the system and formatted using the CCTV device itself to provide use with a new undamaged volume.

  15. All of the associated metadata files were then copied over to the 20GB volume and all of the video footage files were copied over to the larger XFS volume.

  16. This newly created and populated drive was then introduced to the system.

  17. Once again the system displayed the volume as empty, no video footage was displayed.

  18. Further scans of the XFS partition revealed some older footage files, the interesting thing here was that these older deleted files were not prefixed with the letter D as with all the current present files.

  19. It was here we discovered that the prefix of D must indicate to the system that these were deleted files and the CCTV recorder was disregarding them.

  20. We then renamed quite a few of these files without the prefixed D and placed back into the system.

  21. Once again the CCTV system showed no video data.

  22. Looking at the volume again in Ubuntu each of the video files we modified had once again been given the D prefix.

  23. It was here we discovered that the system was setup to delete video footage which was older than 40 days, and so much later, when the Police powered on the system, each of the video files were automatically given the D prefix and were disregarded by the system.

  24. We then changed the CCTV systems date setting from sync and manually input the time back to the approx. date of the event in question.

  25. Before re-introducing the disk again, we then renamed all of the video files by again deleted in the prefix.

  26. Once introduced the system now allowed access to all the video footage which was before not viewable.

  27. The footage from the event in question was located and the appropriate time period was extracted from the CCTV system using the back facility and output using the .AVI file type.

  28. Data recovered.

Do You Need To Recover CCTV ?

This case study is just one example of the CCTV recovery work we do. For more information, please contact us.

Links
> Go to our CCTV and DVR Recovery Page
> Go to our Computer Forensics Page

cctv, computer, data, forensics, recovery

Comments are closed.

Data Clinic Reviews

Data Clinic Ltd
Data Clinic Ltd
4.5
powered by Google
Jacob Greenwood
Jacob Greenwood
14:38 30 Mar 18
5* customer service! Recovered my father's book from an old drive, also retrieved some long forgotten about photos. Simply cant put a price on something like that.
Jarek Roover
Jarek Roover
12:21 30 Jul 18
Go there if you lost your data
Tony Cowgill
Tony Cowgill
15:56 10 Apr 13
We've used Data Clinic twice now - once for my son's laptop which held all his University work and suddenly seemed to just die, that was recovered with ease. And then secondly in connection with work when our office computer system backups were somehow corrupted. These people really know their stuff - they are very helpful and professional and quick! Thanks so much for everything.
Rob Deighton
Rob Deighton
11:33 09 Dec 16
Happy to recommend Data Clinic to anybody that suffered Data Loss on storage Media. The guys were extremely helpful and knowledgeable and made the recovery of our valuable data a stress free experience.
George Thorpe
George Thorpe
12:19 20 Feb 14
My company provides IT support to approximately 60 Yorkshire based companies ranging from small 10-15 users up to Enterprise sized organizations. Due to disk failure a client recently lost their entire database. We contacted Data Clinic and within hours a representative was onsite, several hours later the drive was returned, again in person by Data Clinic Manchester. I would not hesitate contacting them again, outstanding service in a market that can mean life or death to a business. 10 stars if there was an option!
Kieran Collins
Kieran Collins
21:02 25 Oct 18
Fantastic. Could not fault them at all, Brilliant, 10 year old iMac full of data and they had the data back to me in 72 hours. Communication via e-mail was fast, clear and superb.
David Tett
David Tett
14:36 24 Aug 18
Sent them a 4tb WD Red hard drive to recover. They quoted me £588 incl VAT and recovery media. I was a bit sceptical so I asked for it to be returned. First they sent me the wrong hard drive (a 500GB WD Blue). Not too careful about data protection then. When I eventually got the drive back it had been totally stripped and outer casing binned (would have been nice to know about this beforehand). I decided to send it to Curry's PC World. They quoted £90 + recovery media. All data recovered and both hard drives returned within a week. What more is there to say.
Elle Sweet
Elle Sweet
22:12 20 Aug 18
Awful communication, I was constantly chasing them for updates on my device. My device was with them days before work was started on it. The data this company couldn’t retrieve was later retrieve by Apple. Waste of a £110.
Next Reviews

DataClinic on Twitter

  • The Definitive Guide To Common Problems on Android Devices https://t.co/l5htr3y6lr https://t.co/T2YL0BxLur,

Recent New Site Content

  • London Data Recovery December 5, 2018
  • Data recovery examples – UK lab locations October 3, 2018

Why We Are Number 1

Our unique data recovery agreement with Seagate means we recover more data from more hard drives from more types of failure than any other UK data recovery company. More...

Data Clinic Ltd on Social Media

  • 0871 977 2525
  • customerservices@dataclinic.co.uk
    • Facebook
    • Twitter
    • Google+
(c) 2017 DataClinic - Data Recovery Services