We just updated our hard drive inventory so if you are looking for a hard to find drive, check out our website link at

http://www.diskman.com/html/product_hard_drive.htm

Thanks

There are many factors you must consider when choosing a data recovery
company. Downtime and cost are probably among the most important factors driving your decision.  You should however make sure you pay attention to other important factors that could save you time and money.

First and foremost, make sure the data recovery company you are dealing with has experience.  It is also important is to make sure they have the capacity to recover data from drives with hardware problems.  There are
many data recovery companies in the industry offering low prices but are only experts at non-invasive (logical) recovery.

Before you choose a data recovery company, you should find out if they are a company that is dedicated only to data recovery. Data recovery is a complicated and complex process.  Therefore, make sure you are dealing with a company who specializes in recovery and not primarily computer repair.

A good recovery company also has the capacity to work on any operating system. Don’t make a mistake by sending your Mac drive to a recovery company who only specializes in Windows
data recovery.

Many data recovery companies offer emergency data recovery service which allows your job to be placed higher in the recovery queue which can reduce downtime.

Another factor to be considered is upfront costs.  Some recovery companies offer a free estimate while others charge a flat fee to evaluate your media- even if the recovery is not successful.

Also consider how the data recovery company calculates their final price for the recovery and make sure you get an idea of this price upfront.  Data recovery can be very expensive.  It is a good idea to get the cost upfront instead of being shocked at the final price in the end.

Also keep in mind that recovery companies offering prices that seem considerably lower than the norm often lack necessary experience to perform invasive hardware recovery requiring parts.

Remember, in most cases you only get one shot to recover data.

By using vigilance and the tips above, you can hopefully be on the road to a successful recovery of your data.

]]> http://diskman.wordpress.com/2009/05/06/how-to-find-a-data-recovery-company/feed/ 0 phoenixtechnology http://diskman.wordpress.com/2009/04/30/the-conficter-virus-is-real-please-protect-yourself/ http://diskman.wordpress.com/2009/04/30/the-conficter-virus-is-real-please-protect-yourself/#comments Thu, 30 Apr 2009 16:47:34 +0000 phoenixtechnology http://diskman.wordpress.com/?p=72 ]]>

A malicious software program known as Conficker that many feared would wreak havoc on April 1 is slowly being activated, weeks after being dismissed as a false alarm, security experts said. Conficker, also known as Downadup or Kido, is quietly turning thousands of personal computers into servers of e-mail spam and installing spyware, they said. The worm started spreading late last year, infecting millions of computers and turning them into “slaves” that respond to commands sent from a remote server that effectively controls an army of computers known as a botnet.

• Is my computer infected with the Conficker worm? Probably not. Microsoft released a security update in October 2008 (MS 08-067) to protect against Conficker. If your computer is up-to-date with the latest security updates and your antivirus software is also up-to-date, you probably don’t have the Conficker worm. If you are still worried about Conficker, follow these steps:
• 1. Go to http://update.microsoft.com/microsoftupdate to verify your settings and check for updates.
• 2. If you can’t access http://update.microsoft.com/microsoftupdate, go to http://safety.live.com and scan your system.
• 3. If you can’t go to http://safety.live.com, contact support at 1-866-PCSafety or 1-866-727-2338. This phone number is for virus and other security-related support. It is available 24 hours a day for the U.S. and Canada. For support in other countries, visit the Worldwide computer security information page.
• What does the Conficker worm do? To date, security researchers have discovered the following variants of the worm in the wild.
• Win32/Conficker.A was reported to Microsoft on November 21, 2008.
• Win32/Conficker.B was reported to Microsoft on December 29, 2008.
• Win32/Conficker.C was reported to Microsoft on February 20, 2009.
• Win32/Conficker.D was reported to Microsoft on March 4, 2009.
• Win32/Conficker.E was reported to Microsoft on April 8, 2009.
• Win32/Conficker.B might spread through file sharing and via removable drives, such as USB drives (also known as thumb drives).
• The worm adds a file to the removable drive so that when the drive is used, the AutoPlay dialog box will show one additional option. The Conficker worm can also disable important services on your computer. In the screenshot of the Autoplay dialog box below, the option Open folder to view files — Publisher not specified was added by the worm.
• The highlighted option — Open folder to view files — using Windows Explorer is the option that Windows provides and the option you should use. How does the Conficker worm work? Here’s an illustration of how the Conficker worm works. How do I remove the Conficker worm? If your computer is infected with the Conficker worm, you may be unable to download certain security products, such as the Microsoft Malicious Software Removal Tool or you may be unable to access certain Web sites, such as Microsoft Update. If you can’t access those tools, try using the Windows Live safety scanner.
• Where can I find more technical information about the Conficker worm and how can I stay up to date on the Conficker worm?
• • For additional information, see Centralized Information About the Conficker Worm.
• • For more technical information about the Conficker worm, see the Microsoft Malware Protection Center Virus Encyclopedia.
• • Bookmark the Microsoft Malware Protection Center portal and the Microsoft Malware Protection Center blog for updated information.
• • For symptoms and detailed information about how to remove the Conficker worm, see Help and Support: Virus alert about the Conficker Worm.
• • To continue to get updated information on security, sign up for the Microsoft Security for Home Computer Users newsletter. For more information, see How to prevent computer worms and How to remove computer worms. Its unidentified creators started using those machines for criminal purposes in recent weeks by loading more malicious software onto a small percentage of computers under their control, said Vincent Weafer, a vice president with Symantec Security Response, the research arm of the world’s largest security software maker, Symantec Corp. He said that while he believes the number of infected machines that have become active is relatively small, he expects a consistent stream of attacks to follow, with other types of malware distributed by Conficker’s authors. “Expect this to be long-term, slowly changing,” Weafer said of the worm. “It’s not going to be fast, aggressive.” Conficker installs a second virus, known as Waledac, that sends out e-mail spam without knowledge of the PC’s owner, along with a fake anti-spyware program, Weafer said. Related Stories • Conficker Worm Hits University of Utah Computers
• • Conficker Reportedly Updates Itself • Feared PC Virus Activates Harmlessly — So Far
• • How to Protect Yourself From the Conficker Virus • PC Virus ‘Time Bomb’ Set to Go Off at Any Moment • Computer Virus ‘Time Bomb’ Could Go Off April 1 The Waledac virus recruits the PCs into a second botnet that has existed for several years and specializes in distributing e-mail spam. Conficker also carries a third virus that warns users their PCs are infected and offers them a fake anti-virus program, Spyware Protect 2009 for $49.95, according to Russian-based security researcher Kaspersky Lab. If they buy it, their credit card information is stolen and the virus downloads even more malicious software. “This is probably one of the most sophisticated botnets on the planet. The guys behind this are very professional. They absolutely know what they are doing,” said Paul Ferguson, a senior researcher with Trend Micro Inc, the world’s third-largest security software maker. He said Conficker’s authors likely installed a spam engine and another malicious software program on tens of thousands of computers since April 7. He said the worm will stop distributing the software on infected PCs on May 3 but more attacks will likely follow. “We expect to see a different component or a whole new twist to the way this botnet does business,” said Ferguson, a member of The Conficker Working Group, an international alliance of companies fighting the worm. Researchers had feared the network controlled by the Conficker worm might be deployed on April 1 since the worm surfaced last year because it was programed to increase communication attempts from that date. The security industry formed the task force to fight the worm, bringing widespread attention that experts said probably scared off the criminals who command the slave computers. The task force initially thwarted the worm using the Internet’s traffic control system to block access to servers that control the slave computers. Viruses that turn PCs into slaves exploit weaknesses in Microsoft’s Windows operating system. The Conficker worm is especially tricky because it can evade corporate firewalls by passing from an infected machine onto a USB memory stick, then onto another PC. The Conficker botnet is one of many such networks controlled by syndicates that authorities believe are based in eastern Europe, Southeast Asia, China and Latin America.

This article is  from Foxnews.com April 27, 2009

Microsoft information was also obtained from the foxnews.com article

April Fools Virus, a virus that has infected thousands of computers and is continuing to spread to countless computers across the Internet.
The reason this virus is so frightening is that it is being spread automatically, without any human interaction and it has started to mutate – changing as it goes.
As a small business, protecting your desktops and laptops from online attacks is critical.
Cbeyond’s Secure Desktop helps detect and isolate viruses like the Conficker worm, before they can infect and damage your computer and destroy mission critical data.

Visit our website to find out more and contact a Phoenix Technology representative to find out if CBeyond is the right fit for YOUR company.

www.diskman.com

April 1 –Was D-Day for Conficker, as whatever nasty payload it’s packing is currently set to activate. What happened at midnight is a mystery: Will it turn the millions of infected computers into spam-sending zombie robots? Or will it start capturing everything you type — passwords, credit card numbers, etc. — and send that information back to its masters?
No one knows, but we’ll probably find out soon.
Or not. As Slate notes, Conficker is scheduled to go “live” on April 1, but whoever’s controlling it could choose not to wreak havoc but instead do absolutely nothing, waiting for a time when there’s less heat. They can do this because the way Conficker is designed is extremely clever: Rather than containing a list of specific, static instructions, Conficker reaches out to the web to receive updated marching orders via a huge list of websites it creates. Conficker.C — the latest bad boy — will start checking 50,000 different semi-randomly-generated sites a day looking for instructions, so there’s no way to shut down all of them. If just one of those sites goes live with legitimate instructions, Conficker keeps on trucking.
Conficker’s a nasty little worm that takes serious efforts to bypass your security defenses, but you aren’t without some tools in your arsenal to protect yourself.
Your first step should be the tools you already have: Windows Update, to make sure your computer is fully patched, and your current antivirus software, to make sure anything that slips through the cracks is caught.
But if Conficker’s already on your machine, it may bypass certain subsystems and updating Windows and your antivirus at this point may not work. If you are worried about anything being amiss — try booting into Safe Mode, which Conficker prevents, to check –

you should run a specialized tool to get rid of Conficker.
Microsoft offers a web-based scanner (note that some users have reported it crashed their machines; I had no trouble with it), so you might try one of these downloadable options instead: Symantec’s Conficker (aka Downadup) tool, Trend Micro’s Cleanup Engine, or Malwarebytes. Conficker may prevent your machine from accessing any of these websites, so you may have to download these tools from a known non-infected computer if you need them. Follow the instructions given on each site to run them successfully. (Also note: None of these tools should harm your computer if you don’t have Conficker.)
As a final safety note, all users — whether they’re worried about an infection or know for sure they’re clean — are also wise to make a full data backup today.
What won’t work? Turning your PC off tonight and back on on April 2 will not protect you from the worm (sorry to the dozens of people who wrote me asking if this would do the trick). Temporarily disconnecting your computer from the web won’t help if the malware is already on your machine — it will simply activate once you connect again. Changing the date on your PC will likely have no helpful effect, either. And yes, Macs are immune this time out. Follow the above instructions to detect and remove the worm.

Don DeBolt, Director of Threat Research, CA, has warned that a fresh variant of the Conficker virus is set to attack computers on 1st April, the April Fools Day as well as generate 50,000 URLs on a daily basis, as reported by SCMagazine on March 16, 2009.

CA said that by generating numerous URLs, the virus would disguise to summon users to download instructions online. However, according to the company, it doesn’t know the specificity of these instructions, but it assumes these could relate to downloading more malware or deleting files.

Meanwhile, with two Conficker variants unleashed in the past to infect computers, malware creators are focusing on proliferating the virus to build their botnet. However, with the release of the most recent variant called W32.Downadup.C, its creators are set to strengthen their control over the infected PCs.

This would be possible as version C of the worm typically halts certain security systems and prevents the computers from accessing the security software websites. Various security systems the variant attacks include the widely used tools like Procmon, Wireshark, RegMon and TCPView.

The security researchers state that Conficker has been highly effective for several years, infecting some 9 Million systems around the world, but the threat is yet to make its full impact.

Moreover, the computer security industry succeeded in blocking the expansion of Conficker.B when it effectively reverse-engineered the worm as well as figured out the domains used to register it. Reportedly, when Conficker.A and B variants proliferated, the virus had contacted 32 addresses from a possible 250 each time.

But now with the breakdown of their algorithm, the malware creators have gone beyond revising their selection or randomization code. They have greatly raised both the total domain count the virus would generate and also the number of domains it would randomly choose.

The objective behind this is to prevent the URLs from being shut down at the time of the domain generation and to minimize the non-availability of the computer servers it requires accessing and transmitting data. The threat would also render direct URL blocking and/or filtering processes useless, the experts said.

SPAMfighter News – 19-03-2009

Recovering data after physical damage

• Recovery techniques

Recovering data from physically-damaged hardware can involve multiple techniques. Some damage can be repaired by replacing parts in the hard disk. This alone may make the disk usable, but there may still be logical damage. A specialized disk-imaging procedure is used to recover every readable bit from the surface. Once this image is acquired and saved on a reliable medium, the image can be safely analyzed for logical damage and will possibly allow for much of the original file system to be reconstructed.

• Hardware repair

Media that has suffered a catastrophic electronic failure will require data recovery in order to salvage its contents.

Examples of physical recovery procedures are: removing a damaged PCB (printed circuit board) and replacing it with a matching PCB from a healthy drive, performing a live PCB swap (in which the System Area of the HDD is damaged on the target drive which is then instead read from the donor drive, the PCB then disconnected while still under power and transferred to the target drive), read/write head assembly with matching parts from a healthy drive, removing the hard disk platters from the original damaged drive and installing them into a healthy drive, and often a combination of all of these procedures. Some data recovery companies have procedures that are highly technical in nature and are not recommended for an untrained individual. Any of them will almost certainly void the manufacturer’s warranty.

• Disk imaging

Result of a failed data recovery from a Hard disk drive.

The extracted raw image can be used to reconstruct usable data after any logical damage has been repaired. Once that is complete, the files may be in usable form although recovery is often incomplete.

A 2007 Defense Cyber Crime Institute study shows that the DCFLdd v1.3.4-1 installed on a Linux 2.4 Kernel system produces extra “bad sectors”, resulting in the loss of information that is actually available. The study states that when installed on a FreeBSD Kernel system, only the bad sectors are lost. Another tool that can correctly image damaged media is ILook IXImager, a tool available only to government and Law Enforcement.[1]

Typically, Hard Disk Drive data recovery imaging have the following abilities[2]: (1) Communicating with the hard drive bypassing the BIOS and operating system that are very limited in their abilities to deal with drives that have “bad sectors” or take a long time to read. (2) Reading data from “bad sectors” rather than skipping them (using various read commands and ECC to recreate damaged data). (3) Handling issues of unstable drives, such as resetting/repowering the drive when it stops responding or skipping sectors that take too long time to read (read instability can be caused by minute mechanical wear and other issues). and (4) Pre-configuring drives by disabling certain features, such a SMART and G-List re-mapping, to minimize imaging time and the possibility of further drive degradation.

• Recovering data after logical damage

Logical damage is primarily caused by power outages that prevent file system structures from being completely written to the storage medium, but problems with hardware (especially RAID controllers) and drivers, as well as system crashes, can have the same effect. The result is that the file system is left in an inconsistent state. This can cause a variety of problems, such as strange behavior (e.g., infinitely recursing directories, drives reporting negative amounts of free space), system crashes, or an actual loss of data. Various programs exist to correct these inconsistencies, and most operating systems come with at least a rudimentary repair tool for their native file systems. Linux, for instance, comes with the fsck utility, Mac OS X has Disk Utility and Microsoft Windows provides chkdsk.

Some kinds of logical damage can be mistakenly attributed to physical damage. For instance, when a hard drive’s read/write head begins to click, most end-users will associate this with internal physical damage. This is not always the case, however. Another possibility is that the firmware of the drive or its controller needs to be rebuilt in order to make the data accessible again.

• Preventing logical damage

The increased use of journaling file systems, such as NTFS 5.0, ext3, and XFS, is likely to reduce the incidence of logical damage. These file systems can always be “rolled back” to a consistent state, which means that the only data likely to be lost is what was in the drive’s cache at the time of the system failure. However, regular system maintenance should still include the use of a consistency checker. This can protect both against bugs in the file system software and latent incompatibilities in the design of the storage hardware. One such incompatibility is the result of the disk controller reporting that file system structures have been saved to the disk when it has not actually occurred. This can often occur if the drive stores data in its write cache, then claims it has been written to the disk. If power is lost, and this data contains file system structures, the file system may be left in an inconsistent state such that the journal itself is damaged or incomplete. One solution to this problem is to use hardware that does not report data as written until it actually is written. Another is using disk controllers equipped with a battery backup so that the waiting data can be written when power is restored. Finally, the entire system can be equipped with a battery backup that may make it possible to keep the system on in such situations, or at least to give enough time to shut down properly.

Phoenix Technology has over 20 years of data recovery experience and can help you with any recovery from any type of media. We recover data for home users to corporate clients, no job is too big or too small. visit us at www.diskmandatarecovery.com

Downandup/Conficker worm infects 9 million PCs

• Judging from the complaints and questions filling my inbox, Windows security looks like it’s already on track for its worst year this decade. The latest attack is a worm called Downandup, Downadup, Kido!, or Conficker (all the same thing), and it primarily seems to be being delivered via infected USB drives.

• How’s it work? By tricking you into running the virus by modifying the way “autorun” works when you plug in a drive. Look closely at the screenshot above and you’ll see two entries for “Open folder to view files.” The one at the top is a phony entry that actually installs the virus on your machine… but of course it’s the default selection that pops up when you plug in a drive. Once installed, the virus spreads like crazy via a separate flaw in Windows networking system (now patched, so be sure to run Windows Update if you haven’t lately) and can quickly infect a whole office. F-Secure has more analysis on the clever way it tricks you into installing the malware yourself.

• How bad has it gotten? Estimates range from 3.5 million infected in the first four days after it bean spreading to 9 million impacted… and gettng worse. By now I figure the numbers could top 15 or 20 million.

• From an antivirus standpoint, fixing Downandup isn’t easy. The worm is particularly problematic because of the tricky way it involves the user in installing the software, bypassing auto-installation safeguards, plus its sophisticated way of avoiding detection, as it morphs its code constantly (using randomized elements) to make traditional, signature-based detection almost impossible.

• Your best strategy for avoiding Downandup? Turn off AutoPlay/AutoRun on your computer (with Windows XP, TweakUI is the easiest way to do it). If you do see an AutoPlay dialog box like the one above, just close it and eject the disc or thumbdrive; browsing the drive manually for individual files should keep you uninfected, but you’re best off not using the drive at all. And of course, make sure your system is fully patched via Windows Update.

• What if you already have Downandup infecting your machine? Try your standard antivirus utility as a fix. If that doesn’t work, F-Secure has a removal tool that should get rid of it. Good luck out there.
• You can Call us at (714) 550-4600 or visit our website and we can arrange to help you get your PC cleaned of all it’s virus and spyware issues. www.diskman.com

What is the difference between DSL and T1 (besides the price?)

• There are several factors creating a premium price for the T1 over DSL, but the most significant factor is the quality of the portal through which each connects to the internet. In the case of a T1, a local access line connects the premise of installation to that of the Internet service provider being used. The local access line on their end will interface with a dedicated portal (also called a port) which is measured at 1.5 Mbps. This creates the most efficient and true delivery of 1.5 Mbps speed.

• This method of delivery contrasts greatly with that of a DSL line, most notably because with DSL, the access line doesn’t connect to a 1.5 Mbps port like the T1 does. Instead, it connects to a DSLAM. This creates a bottle-neck effect in which the subscribers compete for the throughput available on the port.

• Thus, the most common difference between a 1.5 Mbps DSL and a 1.5 Mbps T1 is that a T1 delivers consistent, uninhibited throughput via a dedicated 1.5 Mbps port. DSL may give you a speed of 1.5 Mbps over the access loop, but actual throughput onto the Internet backbone will vary based on how much traffic there is on the DSLAM. As general rule of thumb, the cheaper the price of the DSL, the more traffic will probably be experienced on the DSLAM. DSL providers drive cost down by putting more and more subscribers on a single DSLAM connecting to a single port. This is called oversubscription and it is a widespread practice among low-cost ISPs boasting cheap and fast DSL.

• In addition to the price difference and type of delivery, a T-1 comes with a stronger commitment to deliver service. Almost all carriers provide a SLA (service level agreement) that guarantees uptime of your T-1. The SLA generally outlines a credit structure for any time that your T-1 is down. While some carriers provide an SLA for DSL as well, it is often not as assuring as a T-1 SLA. For example, if you were a customer with “Carrier A” and both your DSL and T-1 service were down, you would most likely get a higher level and faster response from tech support for your T-1.

• Finally, keep in mind that DSL is a distance-sensitive service. There’s a saying, “not as the crow flies, but how the copper lies,” which conveys that the distance for DSL is measured in cable length to a carrier’s Central Office. There are different limitations, depending on the ADSL and SDSL, but in general it is 15,000-18000 feet with some variation. T-1, on the other hand is readily available in almost all areas, business or residential where there is a telco or phone box. In the small percentage of remote areas of the country, it may be increasingly difficult to deliver a T-1 without incurring a cost for the build out of the proper facilities. But in general, T-1 is available whether it is 10, 20, 30, 60 plus miles, whereas you will have little luck beyond 3 miles with DSL.

DSLAM

• DSLAM is short for Digital Subscriber Line Access Multiplexer, a mechanism at a phone company’s central location that links many customer DSL connections to a single high-speed ATM line.

• When the phone company receives a DSL signal, an ADSL modem with a POTS splitter detects voice calls and data. Voice calls are sent to the PSTN, and data are sent to the DSLAM, where it passes through the ATM to the Internet, then back through the DSLAM and ADSL modem before returning to the customer’s PC.

ADSL

• ADSL is short for asymmetric digital subscriber line, a new technology that allows more data to be sent over existing copper telephone lines (POTS). ADSL supports data rates of from 1.5 to 9 Mbps when receiving data (known as the downstream rate) and from 16 to 640 Kbps when sending data (known as the upstream rate).

• ADSL requires a special ADSL modem.

• ADSL is growing in popularity as more areas around the world gain access.

SDSL

• SDSL is short for symmetric digital subscriber line, a technology that allows more data to be sent over existing copper telephone lines (POTS). SDSL supports data rates up to 3 Mbps.

• SDSL works by sending digital pulses in the high-frequency area of telephone wires and can not operate simultaneously with voice connections over the same wires.

• SDSL requires a special SDSL modem. SDSL is called symmetric because it supports the same data rates for upstream and downstream traffic. A similar technology that supports different data rates for upstream and downstream data is called asymmetric digital subscriber line (ADSL). ADSL is more popular in North America, whereas SDSL is being developed primarily in Europe.

Premastering

• All CDs are pressed from a digital data source, with the most common sources being low error-rate CD-R’s or files from an attached computer hard drive containing the finished data (e. g., music or computer data). Some CD pressing systems can use digital master tapes, either in Digital Audio Tape, Exabyte or Umatic formats. However such sources are suitable only for production of audio CDs due to error detection and correction issues. If the source is not a CD, the table of contents for the CD to be pressed must also be prepared and stored on the tape or hard drive. In all cases except CD-R sources, the tape must be uploaded to a media mastering system to create the TOC (Table of Contents) for the CD.

Mastering

Glass mastering

• Glass mastering is performed in a class 100 or better clean room or a self-enclosed clean environment within the mastering system. Contaminants introduced during critical stages of manufacturing (e.g., dust, pollen, hair, or smoke) can cause sufficient errors to make a master unusable. Once successfully completed, a CD master will be less susceptible to the effects of these contaminants.

• During glass mastering, glass is used as a substrate to hold the CD master image while it is created and processed; hence the name. Glass substrates, noticeably larger than a CD, are round plates of glass approximately 240 mm in diameter and 6 mm thick. They often also have a small, steel hub on one side to facilitate handling. The substrates are created specially for CD mastering and one side is polished until it is extremely smooth. Even microscopic scratches in the glass will affect the quality of CDs pressed from the master image. The extra area on the substrate allows for easier handling of the glass master and reduces risk of damage to the pit and land structure when the “father” stamper is removed from the glass substrate.

• Once the glass substrate is cleaned using detergents and ultrasonic baths, the glass is placed in a spin coater. The spin coater rinses the glass black with a solvent and then applies either photoresist or dye-polymer depending on the mastering process. Rotation spreads the photoresist or dye-polymer coating evenly across the surface of the glass. The substrate is removed and baked to dry the coating and the glass substrate is ready for mastering.

• Mastering is performed by a Laser Beam Recorder (LBR) machine. These use one of two recording techniques; photo resist and non-photoresist mastering. Photoresist also comes in two variations; positive photoresist and negative photoresist.

• While nearly all mastering to glass is done at multiple speeds for sake of plant efficiency (8X or higher is common), single speed glass mastering (also referred to as 1X glass cutting or 1x glass mastering) is offered by a few CD replication plants as a higher quality process. A large number of audiophiles believe this results in truer reproduction although this has remained a matter of controversy for many years.

Photoresist mastering

• Photoresist mastering uses a light-sensitive material (a photoresist) to create the pits and lands on the CD master blank.

• The laser beam recorder uses a deep blue or ultraviolet laser to write the master. When exposed to the laser light, the photoresist undergoes a chemical reaction which hardens it. The exposed area is then soaked in a developer solution which removes the exposed positive photoresist or the unexposed negative photoresist.

• Once the mastering is complete, the glass master is removed from the LBR and chemically ‘developed’.

• Once developing is finished, the glass master is metalized to provide a surface for the stamper to be formed onto.

Non-photoresist (NPR) or Dye-Polymer mastering

• Once the glass is ready for mastering, it is placed in a Laser Beam Recorder (LBR). Most LBRs are capable of mastering at greater than x1 speed, but due to the weight of the glass substrate and the requirements of a CD master they are typically mastered at no greater than 8X playback speed. The LBR uses a laser to write the information, with a wavelength and final lens NA (numerical aperture) chosen to produce the required pit size on the master blank. For example, DVD pits are smaller than CD pits, so a shorter wavelength or higher NA (or both) is needed for DVD mastering.

• When a laser is used to record on the dye-polymer used in NPR mastering, the dye-polymer absorbs laser energy focused in a precise spot; this vaporizes and forms a pit in the surface of the dye-polymer. This pit can be scanned by a red laser beam that follows the cutting beam, and the quality of the recording can be directly and immediately assessed; for instance, audio signals being recorded can also be played straight from the glass master in real time. The pit geometry and quality of the playback can all be adjusted while the CD is being mastered, as the blue writing laser and the red read laser are typically connected via a feedback system to optimize the recording. This allows the dye-polymer LBR to produce very consistent pits even if there are variations in the dye-polymer layer. Another advantage of this method is that pit depth variation can be programmed during recording to compensate for downstream characteristics of the local production process (e.g., marginal molding performance). This cannot be done with photoresist mastering because the pit depth is set by the PR coating thickness, whereas dye-polymer pits are cut into a coating thicker than the intended pits.

• This type of mastering is called Direct Read After Write or DRAW and is the main advantage of some non-photoresist recording systems. Problems with the quality of the glass blank master, such as scratches, or an uneven dye-polymer coating, can be immediately detected. If required the mastering can be halted, saving time and increasing throughput.

Post-mastering

• After mastering, the glass master is baked to harden the developed surface material to prepare it for metallization. Metallization is a critical step prior to electrogalvanic manufacture (electroplating).

• The developed glass master is placed in a vapor deposition metalize which uses a combination of mechanical vacuum pumps and cryopumps to lower the total vapor pressure inside a chamber to a hard vacuum. A piece of nickel wire is then heated in a tungsten boat to white hot temperature and the nickel vapor deposited onto the rotating glass master. The glass master is coated with the nickel vapor up to a typical thickness of around 400nm.

• The finished glass masters are inspected for stains, pinholes or incomplete coverage of the nickel coating and passed to the next step in the mastering process.

Electroforming

• Electroforming occurs in “Matrix”, the name used for the electroforming process area in many plants; it is also a class 100 cleanroom. The data (music, computer data, etc) on the metalized glass master is extremely easy to damage and must be transferred to a tougher form for use in the injection molding equipment which actually produces the end-procut optical disks.

• The metalized master is clamped in a conductive plating frame with the data side facing outwards and lowered into a plating tank. The tank contains a nickel salt solution (usually nickel sulfamate) at a particular concentration which may be adjusted slightly in different plants depending on the characteristics of the prior steps. The solution is carefully buffered to maintain its pH, and detergents are added to maintain a specific surface tension. If the surface tension is too high, the solution cannot flow around the very small features (i.e., the pits and lands) on the surface of the glass master sufficiently well to deposit metal properly. The bath is heated to approximately 40 °C.

• The glass master is rotated in the plating tank while a pump circulates the plating solution over the surface of the master. As the electroforming progresses, nickel is galvanically drawn out of the solution and must be replenished to maintain a constant concentration in the plating bath. This is achieved using high purity nickel pellets (99.99% pure) suspended in the solution in non-conductive polypropylene bags called anode bags. The plating solution flows through the bag and over the glass master. The anode bags stop sediment formed during the nickel decomposition from reaching the solution and perhaps being plated onto to a master’s surface. The nickel is packed firmly into the bag and forms part of the electric circuit.

• A DC current applied to the glass master is the source of the galvanic potential which forces nickel from the anode pellets in the bags into solution as ions and ultimately onto the master’s surface as an electrically neutral metallic layer. The electrons flow in the opposite direction to the current, from the cathode to the anode via the solution. Electrons are stripped from the nickel in the anode bag, travel through the external circuit before combining with nickel ions in the solution at the cathode end thus forming metallic nickel on the surface of the glass master.

• The current must start off quite low and be increased slowly and evenly to prevent the metalized surface from overheating damage. As the thickness of the nickel on the glass master increases, the current can be increased. The electroplating step is finished after approximately 1 hour. Typical stampers are 0.300 mm thick. The part is removed from the tank and the metal layer peeled off the glass substrate. The metal part, now called a “father”, has the desired data as a series of bumps rather than pits; it is a negative master. The father is washed with deionised water and other chemicals such as sodium hydroxide or acetone to remove all trace of resist or other contaminants. The glass master can be sent for reclamation, cleaning and checking before reuse. If defects are detected, it will be discarded or recycled.

• Once cleaned of any loose nickel and resist, the father is electrolyzed, washed and clamped back into a frame and returned to the plating tank. This time the metal part that is grown is the mirror image of the father and is called a “mother”; this is a ‘positive’ master. All the stampers used to manufacture the CDs are made from a mother. Mothers can sometimes be regrown from fathers if they become damaged, however if handled correctly, 10 – 20 stampers can be grown from a single mother before the quality of the stamper is reduced unacceptably. Mothers are regrown from the father if it still exists; otherwise a new glass master is made.

• If the CD is to be part of a long production run, the father may be archived, however it is generally cut down with a hyper-accurate hydraulic punch and used as a stamper for molding runs. Stampers and fathers are the same (negative) “polarity”; the information surface is made up of a series of bumps. Mothers are the reverse and have pits on their surfaces.

• A father, mother, and a collection of stampers (sometimes called “sons”) are known collectively as a “family”. Fathers and mothers are the same size as a glass substrate, typically 300 μm in thickness. Stampers do not require the extra space around the outside of the program area and they are punched to remove the excess nickel from outside and inside the information area in order to fit the mould of the injection molding machine (IMM). The physical dimensions of the mould vary somewhat from machine to machine.

Replication

• CD molding machines are specifically designed high temperature polycarbonate injection molders. They have an average throughput of 550-900 discs per hour, per molding line. Clear polycarbonate pellets are first dried at around 130 degrees Celsius for three hours (nominal; this depends on which optical grade resin is in use) and are fed via vacuum transport into one end of the injection molder’s barrel (i.e., the feed throat) and are moved to the injection chamber via a large screw inside the barrel. The barrel, wrapped with heater bands ranging in temperature from ca 210 to 320 degrees Celsius melts the polycarbonate. When the mould is closed the screw moves forward to inject molten plastic into the mould cavity. When the mould is full, cool water running through mould halves, outside the cavity, cools the plastic so it somewhat solidifies. The entire process from the mould closing, injection and opening again takes approximately 3 to 5 seconds.

• The molded “disc” (referred to as a ‘green’ disc, lacking final processing) is removed from the mould by vacuum handling; high-speed robot arms with vacuum suction caps. They are moved onto the finishing line infeed conveyor, or cooling station, in preparation for metallization. At this point the discs are clear and contain all the digital information desired; however they cannot be played because there is no reflective layer.

• The discs pass, one at a time, into the metalize, a small chamber at approximately 10E-3 Torr vacuum. The process is called ’sputtering’. The metalize contains a metal “target” — almost always an alloy of (mostly) aluminum and small amounts of other metals. There is a load-lock system (similar to an airlock) so the process chamber can be kept at high vacuum as the discs are exchanged. When the disc is rotated into the processing position by a swivel arm in the vacuum chamber, a small dose of argon gas is injected into the process chamber and a 700 Volt DC electrical current at up to 20 kW is applied to the target. This produces a plasma from the target, and the plasma vapor is deposited onto the disc; it is an anode – cathode transfer. The metal coats the data side of the disc (upper surface), covering the pit and lands. This metal layer is the reflective surface which can be seen on the reverse (non label side) of a CD. This thin layer of metal is subject to corrosion from various contaminants and so is protected by a thin layer of lacquer.

• After metallization, the discs pass on to a spin-coater, where UV curable lacquer is dispensed onto the newly metalized layer. By rapid spinning, the lacquer coats the entire disc with a very thin layer (circa 70 nm). After the lacquer is applied, the disks pass under a high intensity UV lamp which cures the lacquer rapidly. The lacquer also provides a surface for a label, generally screen printed or offset printed. The printing ink(s) must be chemically compatible with the lacquer used. Markers used by consumers to write on blank surfaces are not always, which can lead to breaks in the protective lacquer layer, to corrosion of the reflective layer, and failure of the CD.

Testing

• For quality control, both the stamper and the molded discs are tested before a production run. Samples of the disc (test pressings) are taken during long production runs and tested for quality consistency. Pressed discs are analyzed on a signal analysis machine. The metal stamper can also be tested on a signal analysis machine which has been specially adapted (larger diameter, more fragile, …). The machine will “play” the disc or stamper and measure various physical and electrical parameters. Errors can be introduced at every step of production, but the molding process is the least subject to adjustment. Error sources of errors are more readily identified and compensated for during mastering. If the errors are too severe then the stamper is rejected and a replacement installed. An experienced machine operator can interpret the report from the analysis system and optimize the molding process to make a disc that meets the required Rainbow Book specification (e.g. Red Book for Audio from the Rainbow Books series).

• If no defects are found, the CD continues to printing so a label can be screen or offset printed on the top surface of the disc. Thereafter, disks are counted, packaged, and shipped