Canada | English Locations

855.558.3856 Start Your Data Recovery
855.558.3856
855.558.3856
Start Your Data Recovery

Amazon EC2 Cloud Recovery

Written By: Ontrack

Date Published: September 18, 2024

Amazon EC2 Cloud Recovery

Arrow Left Back to listing

The Customer

A data hosting solution provider for media companies needed access to deleted ElasticSearch data files from an Amazon EC2 environment. 

The Situation 

The client was hosting a 3-node virtual cluster in Amazon EC2 for ElasticSearch.  Amazon Elastic Compute Cloud (EC2) is a web service that provides scalable computing capacity in the cloud. It's part of Amazon Web Services (AWS) and allows users to create and run virtual machines, or "instances", in the cloud.  During a routine data clean-up, a script that was used to remove old data was modified in such a manner as to cause the accidental deletion by the client of all the data on 2 of the 3  ElasticSearch nodes.   

The Client attempted to restore the data from backup but found during the restoration that critical data was missing from the backup.  

Unable to restore all of the deleted data, the client, upon advice and recommendation of counsel, was left no choice but to seek professional data recovery services. 

The Solution 

The client contacted Ontrack Data Recovery, a KLDiscovery company, and after consultation with the Ontrack engineering team, it was determined that the best path forward was a remote data recovery attempt.  Ontrack® Remote Data Recovery™ (RDR™) is a patented proprietary technology for the fast, safe and convenient data recovery from working devices which are correctly recognized by the system. Thanks to RDR, the recovery can be performed remotely through a secured connection between the client's computer and Ontrack's systems. 

With assistance from Ontrack, the client stopped the application, cloned the virtual disks to a new data volume, and presented the new clones to the production environment so they could continue working in production.  

 The original virtual disks were then attached to a new virtual machine.  The new virtual machine was connected to the Ontrack servers via RDR and Ontrack engineers uploaded their tools and started the evaluation.  During the evaluation, the active data on the volumes was virtually masked out and the volumes were scanned for original file system metadata.  Once the scan was complete, the original file system was virtually rebuilt, and reports were generated detailing the files available for recovery.  Ontrack engineers also investigated the unallocated or slack space on the volumes for ElasticSearch file headers (raw data) and reports detailing the results were presented to the client. 

The Resolution 

The Ontrack team was able to use fragments of the original file system metadata along with raw file data signatures to recover over 300,000 deleted files across the 2 nodes where the deleted data originally resided. 

 

If you have a Cloud Data Recovery incident, please Contact Us.

Subscribe

Related Topics

Merge files of damaged backup with corresponding virtual files

Onsite Forensic Backup tape restore for internal investigation

Cyberattack on VMware Datastore and Virtual Backups
Services
Products
Resources
About

KLDiscovery Ontrack Canada Co, 155 Gordon Baker Rd Suite 100, North York, M2H 3N7, Canada (see all locations)

© 2024 KLDiscovery Ontrack - All Rights Reserved.