How to recover content from a TrueCrypt encrypted drive when windows won’t load?

Discussion in 'encryption problems' started by dmountains, Jan 7, 2015.

  1. dmountains

    dmountains Registered Member

    Joined:
    Jan 7, 2015
    Posts:
    3
    Hello,

    I have a Dell notebook computer that has a TrueCrypt encrypted drive. The Windows 7 OS has failed and it is not possible to get to the Windows desktop. The TrueCrypt password appears to work okay and the system will attempt to boot after entering the password, but ultimately it shuts down and then reboots. The user reports that he can get the computer to a safe mode with command prompt but I haven’t tried that as I thought to check in here before trying anything.

    Is there a procedure to recover data files from this machine or is the command prompt the only avenue open at this point? IIRC long file names are not accessible if the safe mode with command prompt is used, but I could be wrong about that.

    Many Thanks!
     
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    You have two options which are very simple depending upon the tools available in your "software/hardware toolbelt".

    1. Requires a usb sata/ide cable to connect the hard drive in "trouble" to another computer with TC available. If the second computer doesn't have TC installed you can easily run TC portable from a flash too. Either way you would open the TC control panel and see the option to mount the drive. You will need the exact password of course. Once the drive mounts you can then access the contents and copy off the files/folders you want to an external media.

    This is where I would start. PRESERVE the files on the other media before making any repairs. Then depending upon your skills you can also try to effect repairs of the broken system disk too.

    2. You can mount a linux live CD with two options: a) I have built the TC program into my linux live disk so I immediately have TC up and running when the live disk mounts the OS in RAM. b) Once your normal live disk comes up you can install TrueCrypt (in RAM) or use TC portable mode to access the hard drive the same as step one above.

    If you don't already have a linux live disk ready to go it would be MUCH easier and quicker to use method 1.
     
  3. dmountains

    dmountains Registered Member

    Joined:
    Jan 7, 2015
    Posts:
    3
    Palancar,

    Thank you for the feedback!

    I don’t have TrueCrypt installed on another machine but could do so. I understand from your comment that this is necessary to get the drive to mount.

    I don’t have linux installed or know anything about it.

    As a follow up to my previous post, I got my hands on the machine and found that while the TrueCrypt password function still works, the drive where the OS is installed is unidentified by the system. When running diagnostics, the system (built in Dell stuff) reports that the drive exists but needs to be formatted.

    The Dell system diagnostics reports that there are no media defects on the drive.

    Are there any tools on the CD that was made at the time TrueCrypt was installed to do drive diagnostics? I have not worked with it. Has anyone tried to remove the encryption when the drive doesn’t appear to the OS? Any feedback would be appreciated…….
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    OK lets slow down and "stop" touching stuff until we enter a safe zone (no disrespect intended). I see linux is out for you at this time. Its OK but it would have made it easy in some ways. Lets move on to some really simple stuff to get started.

    1. Since you have access to another computer you can use TC without installing it if you want. Just grab a flash drive and copy out the TC portable folder. You can download it or extract it from a TC install disk/file. Really small, the portable folder is only a few meg even with the complete format exe for creation. Now you insert the flash drive in computer 2, open the TC folder and you'll have access to the control panel without an install. Caveat: you MUST be an Admin user on computer 2, or know the UAC password to get there temporarily.

    2. You will need a usb to SATA connector to attach computer 1's drive to computer 2's USB. You can buy them online for under 10 bucks all day long!

    3. Using steps 1 & 2 you will mount the "bad" hard drive with TC portable. Once the drive is mounted to the drive letter you designate then you can copy off your files and folders to an external drive.

    If you get this far you will have your important/special files putting you in what I call the safe zone.

    Lets get this far before we do anything heroic or dangerous to your disk.


    IMPORTANT: THE TC PORTABLE VERSION SHOULD MATCH THE VERSION ON THE HARD DRIVE. You didn't mention the version you were using.



    4. Let me add that you asked about the rescue disk you made. So here is my YEARS of helping people with this program giving advice but its YOUR decision. The rescue disk gives you the opportunity to decrypt the system disk (or the whole disk if encrypted everything at once with TC). There is a danger here and its unpredictable. Sometimes when a full decrypt is commanded it goes without a hitch, and in fact most times it does. But when it goes wrong its likely a total loss for someone new to this stuff. So, my recommendation would be to copy out the important files as mentioned above, and THEN you can do a decrypt if you want. After decryption you will be left with a normal broken windows system disk, but you can then use normal repair tools to fix it.

    Just so you get a sense here. I have my disks backed up and can "burn" back a perfect sector copy in about 90 minutes without ANY fear of disaster. Once you get to this point TC will be a piece of cake.

    Good luck in your recovery!
     
    Last edited: Jan 9, 2015
  5. dmountains

    dmountains Registered Member

    Joined:
    Jan 7, 2015
    Posts:
    3
    ^^Thank you for this detailed response!^^

    Couldn’t find the recovery disk, which was very odd, and between that and being requested to move forward, I ended up having to reformat the drive so that the user could continue to work with his notebook computer. He said there was nothing irreplaceable on the drive. We only have a few machines that used TrueCrypt so I have put your generously created notes where I can find them in the future, and hopefully no one will come along and remove them as they did the recovery disk.
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Glad to throw up some suggestions. The rescue disk image is extremely small so saving it as a file is also easy to do. You can burn it to media when needed.
     
Loading...