Data migration project

Posted on 2013-02-06
Last Modified: 2013-11-22
I have been tasked with migrating data from one network into another. The former network has been riddled with successful attacks. The data must undergo a quarantine process but I am not sure what the best strategy might be.

As of right now an aresenal of antivirus software seems to be the best alternative along with OS independent transfer using a "dumb" box. I was wondering if someone has a suggestion to minimize the risk of transfering a potentially corrupted data into the new network.
Question by:paulycrackerhead
  • 2
  • 2

Expert Comment

ID: 38860089
how much data are we talking about?

if it's less than 2 Tb i'd suggest to copy it on an external drive and scan it with all sorts of live cds and malwarescanners / cloud scanners
connect it to a pc which is separated from the LAN/Intranet (but has access to the internet)


Author Comment

ID: 38864373
It should be no more than 5 tb's at most, if not less than 3Tb. We are making sure that the process is air gapped and the current solution is to run them through all sorts of malwares. What I am seeking is a specific strategic; a way to statistically eliminate any possibility of corrupted data passing by us (i.e. botnet, zero day threats). Is there any publication that you can refer me to that show the best theoretical way or an historical incident that has been quarantined successfully using a specific process.

Or am I being too paranoid and an arsenal of antivirus software is in fact the best option?

Accepted Solution

wshty earned 500 total points
ID: 38867206

well if you want to absolutely make sure that no data is being passed by the scanner - delete all data and start over (this is the most effective process ever known ;-)

yes of course this is a joke and by no means any option for you.

i am no anti malware expert to say this at first but then again i'd be working for an AV company instead of posting here :-)

there is absolutely NO guaranteed success in this - even if you scan the data with 20+ anti malware scanners.
the malware could still reside on the drive and not be detected.
there is enough malware out there which is currently is not being detected by any scanner.
BUT it still is the best way to get rid of it short of starting over or recovering from backup (a recovery point where you can definitely say that data from this backup is not corrupted, which you may very well not know).

zero day threats which may have corrupted your data now are no zero day threats anymore so the possibility that AV companies release new AV patterns for this is very probable.

so, if you want to migrate the data i suppose that you set up a new server(or comparative) which is in a completely separated network for this.

in most cases that means the following:
copying all necessary data to an external drive (or sth.) separates it from the OS meaning that the data on the ext. drive is simply data which may contain harmful software but there is no OS that could be utilized by it.

if you then boot a standard pc (or server) with a live cd (see this link for a list of AV Live-CDs: )
the potentially infected drive has no means to "jump" over to the new pc (autoplay, index, etc..).

if you want to keep your data you have either this option or recover your data from backup.

there is no real best practice for this kind of situation.
or at least i don't know of any.
it is either scan the hell out of that data or jeopardize the datas' integritiy
and when it comes to infected data you can never be too paranoid.
and being paranoid means that you do not trust the OS the data resides on unless it is a live cd :-)

speaking of paranoid: did you already check (CHECK!) the client pcs for malware, since they connect to the server?
a very essential piece to mind if you want to rid your network of malware


Author Comment

ID: 38867987
Thank you for the detailed suggestions. These are methodolgies that we have planned and in place already. The quarantine process will involve OS independent transfer using a dumb box and 3 servers are involved that are dedicated specifically just for the process. Everything is air gapped so no network will come in contact with each other at any point in time.

The major issue is how do we set up a new network and still allow the client access to their old data on their new drive when the data comes from an old network ridden with custom build malware hidden in pdf files and God knows what else. Its a mess, but I guess from the last two suggestions all we can do is put it through a random AV wash cycle, make it OS independent and dump it in the new network and hope for the best. thanks guys!

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Read about achieving the basic levels of HRIS security in the workplace.
OfficeMate Freezes on login or does not load after login credentials are input.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now