Artem Makarov aka Robin
The information disappeared from the removed disc being used as a communicator hard disk. The client tried to recover data with the help of various programs, but everything was in vain. At last he came to me.
At the analysis of the removed disc logic structure it was found out, that all files were in their places. None of them had a zero size. No file was deleted. But the situation was very bad and very sad. All files looked like that: file_extension.9263243e.menc Structure of all files was similar: first there was a heading,
a file heading .menc
then a file.
a file body .menc
It did nor resemble the usual *.jpeg structure at all. What was the reason of such a change of files? The matter was that a removed disc was installed at the communicator. The communicator OS is Windows mobile 6. This OS has a built-in option of file encryption. The sense of encryption is in making the disc content confidential and accessible only for the device owner. In case of the disc loss, files without the device are inaccessible.
In my opinion, the approach is slightly strange as basically the entire device is usually lost (forgotten) together with a card. It can be stolen as well. And if a removed disc was installed in the communicator, it would be possible to look through all the files perfectly.
For data encryption DPAPI with AES-128 is applied by default. DPAPI master key is stored in the communicator internal memory flash card, decoding is done by means of operational system and is quite clear for the user.
What happened in this case and why did the user lose an opportunity of data access? The matter was that the communicator OS had been reinstalled. Accordingly all keys were irrevocably lost. Data recovery in this case was rather uneasy, and expensive. The data decoding method was found as a result of large, the recovery process had to take much time and labour, therefore if a cliend had to get files with expansion .menc in their original form, he had to get ready for essential financial charges.