Help with quick formatted truecryoted drive

Discussion in 'privacy technology' started by SebastianK, Feb 18, 2010.

Thread Status:
Not open for further replies.
  1. SebastianK

    SebastianK Registered Member

    Joined:
    Feb 18, 2010
    Posts:
    1
    Hello,
    can you help me with the following problem ?

    I have encrypted a hard drive and quick formatted it under windows server2003. When I noticed i deleted the partition and was able to restore the header information from truecrypt. Now the drive is corrupt .
    Any ideas ?

    thanks a lot
     
  2. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    Need more details. Are you able to mount the TrueCrypt volume? That is, is your password accepted and does the drive letter appear in Window Explorer?
     
    Last edited: Feb 18, 2010
  3. jcholly

    jcholly Registered Member

    Joined:
    Mar 29, 2010
    Posts:
    2
    i did the same thing with an external hard drive
    i get error "incorrect password or not a truecrypt volume"
    i have spent hours researching forums and it seems a hex editor is needed.
    i have NO expertise with any of this.
    Can anyone recommend someone who I can mail my hard drive to to see if the data can be recovered?
     
  4. KookyMan

    KookyMan Registered Member

    Joined:
    Feb 2, 2008
    Posts:
    367
    Location:
    Michigan, USA

    Don't mail your drive anywhere. If its important enough to be encrypted, do you really just want to hand it over to whoever says they can do it?

    Couple of quick questions:

    What version of TrueCrypt are you using? v5.x or sooner, or v6.x or later? If v5.x did you make a backup of the header? If you did not, and the header is damaged, your data is lost, pure and simple. If v6.x or later, have you tried to open the container using the backup headers? If I recall correctly, TrueCrypt will automatically try to use the built-in backup if it can't access using the primary header. Try to force it to use the backup. If you have a manual header backup try to restore and use it.

    If your headers have been damaged (Primary and if they exist backups) then your data is lost, hex-editing isn't going to work.

    If you have simply lost your password, you can make a copy of your headers and give those to someone to try and play with BUT don't expect someone to brute force your password if you used a good one. If the headers are damaged, brute forcing isn't an option.
     
  5. jcholly

    jcholly Registered Member

    Joined:
    Mar 29, 2010
    Posts:
    2
    i have the password
    i am not sure which version i used to create the volume, it was after august 2008. I upgrade it whenever a new version is available.
    I did not make any backups.

    i am not worried about mailing my harddrive. I do not know how to make a mirror image of the drive.

    unfortunately i have tried several methods to recover the data including scandisk, testdisk, Truecrypt restore headings.

    with windows explorer it now shows a directory tree and a bunch of files and folders but it is all in chinese symbols.

    i am not able to mount Truecrypt, keep getting "incorrect password or not a TC volume".

    i have the password if the header can be restored

    thanks

    is there anyplace i can send this to? i do not understand mirror image or hex or finding bytes.
     
  6. KookyMan

    KookyMan Registered Member

    Joined:
    Feb 2, 2008
    Posts:
    367
    Location:
    Michigan, USA
    You can't reconstruct the header. If the header has been overwritten, which it sounds like it has (Since you know the password is correct, and it tells you its not, the header has been corrupted. If you've dropped an entire filesystem on the drive (encrypted the entire drive, then quick-formatted the same drive) not only did you corrupt the header, you've damaged the container itself, meaning if you ever do get the container mounted, you're still going to have to do standard reconstruction to recover any data.

    If you started in Aug 08, then you should be on a v6.x container, which has an internal backup. Try and mount the container with the option to use the backup headers. If it still fails to mount the volume, your data is lost as you don't have an external backup of the header.
     
Loading...
Thread Status:
Not open for further replies.