- Home
- About Us
- Recovery Services Individual RecoveryEnterprise RecoveryAdditional Recovery
- Software
- Testimonials
- Locations
In this installment we will explore the practical use of XORing within the context of a RAID 5 recovery. Although the use of this math function in and of itself does not constitute RAID recovery, there are attributes of the mathematics that lend itself to data signatures that can then be used to acquire the RAID 5 configuration. In order to apply the XOR operation we must first understand the format of the Master File Table (MFT), the very crux of the Microsoft NTFS file system.
File systems, like most database handlers, use a simple flat file, index method to do look ups and quick displays. The flat file being the MFT, and then INDX record used for fast lookup and displays. Each has its own use within the file system and to a large part are dependent upon each other.
Let us leave it to say that in a more advanced context the INDX record does have its uses when assessing a RAID 5. The MFT however offers the clearest path to drive order and stripe size when using the XOR operation. The figure below (Figure 1) is a generic RAID 5 with three drives. The MFT is exposed using the utility WinHex in order to better illustrate how we use XOR to find the parity block within a RAID 5.
Figure 1
Don’t we all simply disconnect our USB flash drives without ejecting them first? That extra two seconds could be better spent doing something else right? Wrong! Unplugging without warning can cause data corruption. Mac and Linux users be especially aware!
The reason this is a bad idea is all down to ‘write caching’. Essentially your operating system will cache all the files to be written and perform the function in one go. The functionality is designed to improve performance. When a user disconnects a USB flash drive without warning, the cache is cleared out. If a write process is in operation, this inevitably will result in data corruption.