Another problem with Truecrypt...

... well foolishly I have not created a back up disk when I encrypted my drive and now something is wrong with the encrypted OS (I blame AVG.) The trucrypt bootloader (bit where you enter the password) loads correctly and can verify my key, but when XP begins to load it BSODs. BAD MBR I think.
Anyway I need to decrypt this drive and get some of the data off of it.

I can provide the key and encryption method if that helps.
Any information would be useful.

 

Re: Another problem with Trucrypt...

That doesn't sound like the MBR. If the bootloader is working and XP is starting to load, then I don't think it's the MBR.

Edit: I haven't begun using the TrueCrypt WDE feature yet, but I am familiar with WDE in general. Why don't you try booting into safe mode (press F8 at boot) as a first step?

 

Re: Another problem with Trucrypt...

You might need to slave your drive to another system (which has TC installed) and use the "mount without preboot authentication" feature. You should be able to access all of the files on the encrypted volume. Your OS won't be active, of course.

 

Re: Another problem with Trucrypt...

Booting into safe mode still causes a Blue screen, I trying to find a way of mounting without "Pre-boot authentication." I'll report back later.

 

Re: Another problem with Trucrypt...

Another approach would be to completely decrypt the volume using the TC rescue cd (which will be very slow, let me warn you), and then try to repair your OS by booting from the Windows CD and running the appropriate options such as fixboot or fixmbr. If successful then re-encrypt.

 

Re: Another problem with Trucrypt...

I have managed to install another drive with XP on it and can enter the password to the encrypted drive which is accepted. The drive mounts successfully when I mount the drive it says that it is not formatted. I'm not sure if I should format because under usual circumstances formatting would cause me to lose the data on the drive.

By formating would I be reformating the data into a readable form or something? Be advised I'm not using the most recent version of Windows XP.

 

Re: Another problem with Trucrypt...

Wow, your drive really got screwed up somehow. I don't think AVG could have damaged your filesystem that badly. This might even be a hardware issue.

No, definitely DON'T format the drive, that will just reduce your chances of recovering your data. Most data recovery programs first look at the MFT (or whatever's left of it) and use its information to try to recover your data, including the locations of all the file fragments, etc. Formatting would wipe the MFT and write a new one that would not contain any of this vital information. All of your file fragments would be lost and you would probably recover much less data.

I don't think the version of XP will make much difference here, but if it were me I'd probably install all the service packs. Also, you might find that you need to do this in order to run certain utility software.

It looks like you're going to need to use data-recovery software to recover whatever you can. Try GetDataBack for NTFS (you do have an NTFS filesystem, right?) on the mounted drive. Also try File Scavenger, Recuva, PhotoRec, R-Studio. There are also many others, some free, some trialware, some commercial. If you are a hands-on guy then you might also want to try WinHex (a hex editor).

If TrueCrypt's encryption gets in the way of some of these programs then you might want to make an image of the mounted drive and restore the image to another drive (hopefully a blank drive that has been wiped with zeros so as not to further confuse the data-recovery software). The restored image will no longer be encrypted, and this will grant direct access to the various data-recovery and utility programs. Some programs will work that might not have otherwise.

Avoid using a USB interface for this, as that's just one more thing for the recovery software to struggle with. It's best if the target drive is internal.

I suppose you could try running some repair utilities before going the data-recovery route, but I strongly advise you to image your drive first, in case these utilities make things worse. Also, if your hard drive is failing then you will need to make an image right away and save whatever's left of your data before you let all of these programs start digging into things.

I'm afraid you've got your work cut out for you.

edit: (more)
Whoops, I just remembered something. After you mount the drive, make sure that you access it only through the drive letter that you mounted it to, not its original drive letter. Otherwise it will say it's unformatted.

 

Re: Another problem with Trucrypt...

GetDataBack for NTFS seems to be finding some familiar sound directories but mostly it's all hexadecimal (as to be expected) 2 hours until that completes whatever it's doing. I think I'll go and read on wikipedia about sectors and thing because there is a lot of terminology I'm not familiar with.

 

That doesn't sound like a corrupted MBR, sounds more like corrupted system files.

Once you go past the TC passphrase, hit F8 to get to the Windows boot options and try both the "restore to last known good configuration" and a recovery from your original CD.