Two truecrypt partitions corrupted

Discussion in 'encryption problems' started by x57, Nov 12, 2012.

Thread Status:
Not open for further replies.
  1. x57

    x57 Registered Member

    Nov 11, 2012
    Hi everyone!

    I came across this forum because i need some advice on how to rescue a corrupted truecrypt partition and perhaps also identifying the cause of the problem.

    I have a 1.5TB non-system disk with one partition which is Truecrypt encrypted (no hidden volume). After the installation of a new SSD and a few things i did during the setup of the new disk (described in detail below) i was not able to access the truecrypt volume anymore. At first truecrypt showed like "Wrong password or not a truecrypt volume" and after reading in the tc docs i tried to restore the volume header. I did so using the embedded backup header. After that i was able to mount the partition, however up until now it only shows

    T:\ is not accessible. The volume does not contain a recognized file system. Please make sure that all required file system drivers are loaded and the volume is not corrupted.
    So i think the truecrypt part may be working and only the filesystem is corrupt?

    However, at this point i got a little nervous about loosing my data and thought it would be a good idea to backup the whole partition before ruining anything in the further process of trying to recover the files. I first tried to make a sector by sector backup of the partition using Norton Ghost 15, however since it showed my 3TB drive as 2TB i canceled this and used Acronis True Image Home 2011. I made a sector by sector backup (enabling "also copy empty space") to a 3TB drive, which is also tc-encrypted (i mounted it before...). After a restart of the pc (it was already late) i now cannot mount this 3TB partition either (same behaviour, wrong pwd or no tc partition - i did not try to recover the embedded backup header here, nor did i do anything with it yet). Since then i shutdown my pc, disconnected all drives but the unencrypted system disk and decided to get some advice first - hence this post.

    I know this is a long story, but since details may be crucial ... here is what i did in the first place before the problem came up (please stick with me a little longer):

    Installation procedure causing the problem at first:
    (1) some time ago i had installed a Microsoft AHCI-patch to switch IDE->AHCI but because of some problems with an old IDE disk i had switched BIOS back to IDE; for the SSD installation i removed the old IDE disk, switched the BIOS to AHCI and test-booted windows - all functional
    (2) Shut down, plug in SSD into a free SATA 2 port on my Asus P6T deluxe board, booting ... didn't boot (no system disk)
    (3) switching back and forth some bios boot-priority settings before understanding the somewhat unusually designed settings in the BIOS (for me at least) and in the process also disconnecting and reconnecting some of my drives (perhaps to different sata ports) - with no success
    (4) during this process i also once booted into Win7 recovery console using the win7 cd and set the active partition to the boot partition using diskpart
    (5) once windows booted again the tc partition could not be mounted anymore; also i am unsure if the partition / hardisk layout didnt change, i.e. if there also was a "Harddisk 0" and a "Partition 1" entry in the tc-devices list before although i am 80% sure that i made an encrypted partition and not whole disk
    (6) CHKDSK in read only mode reports

    Checking the file system on the TrueCrypt volume mounted as T:...
    The type of the file system is NTFS.
    The first NTFS boot sector is unreadable or corrupt.
    Reading second NTFS boot sector instead.
    Volume label is Daten 1500GB.
    WARNING!  F parameter not specified.
    Running CHKDSK in read-only mode.
    Critical master file table (MFT) files are corrupt.
    CHKDSK is verifying files (stage 1 of 3)...
     0 percent complete. (0 of 248064 file records processed)
    Attribute record (128, "") from file record segment 1
    is corrupt.
      248064 file records processed.
    File verification completed.
    File record segment 4 is an orphan.
    File record segment 5 is an orphan.
    File record segment 6 is an orphan.
    File record segment 9 is an orphan.
    File record segment 123 is an orphan.
    File record segment 124 is an orphan.
      130 large file records processed.
    Errors found.  CHKDSK cannot continue in read-only mode.
    (a) In general i think i have to get some file system recovery programs to check out the drive. Which one is the best/safest?
    (b) Do they operate in read only mode or am i in danger of ruining anything even more?
    (c) What is the best way to safely backup the partition(s) before file system recovery attempts?
    (d) What caused the original problem? I dont trust my whole system anymore ... could it be Acronis or Norton Ghost overwriting the partition headers / file system tables unquestioned?
    (e) I thus think for recovery purposes i should maybe switch to my work-computer also running Win 7 64 and Truecrypt stable up until now... or is this a bad idea for some reason?

    Additionally to be noted, i also have external tc-header backups which i did not use until now - do they have any advantages over embedded copy?

    If you've made it up to here thank you very much for reading already.

    I really hope someone can help me with this ... of course i need not all questions answered, restoring my files would make me perfectly happy :doubt:
  2. x57

    x57 Registered Member

    Nov 11, 2012
    No one? Too much scary text or am i lost?

    In the meantime i made a 1:1 copy of my drive with ddrescue and tried "chkdsk /f" -> it deleted all of my files except 17 (according to chkdsk report), but i cannot access the mounted tc-volume anyway due to an "Access Violation" error... seems i lost all data in that attempt - luckily it was only a copy.
Thread Status:
Not open for further replies.