I wanted to clone a Veracrypt disk, but I placed the disks the wrong way, cloning an empty disk to my data disk. I realized this after 5-10 secs and I stopped it. When I load the Veracrypt disk, it actually opens the disk but it is empty and when I want to access it, it says it needs to be formatted. Nevertheless, I believe all my data is still on the disk sinxe it was not yet overwritten. Do you have any idea how I could recover my data that is very valuable to me? Thanks
I am desperate... Does anyone has an idea? I ran UFS on the mounted disk hoping it will detect files without the partition table but the result is not significant and when I look at the content of the mounted volume open through Veracrypt, I cannot see any string or anything that seems to make sense. Do you have ideas of what I should do? I am sure all my data is still on the disk!!!
@Eric28 Regretfully, I have the feeling that you are in an almost impossible situation. I clone quite a bit (I almost never image) and understand that sometimes it gets confusing which drive you are cloning to, especially when they are both the same size and type and you are cloning from an dvd disk and you are already anxious and panicky about the success of the clone of your vital data. Different cloning softwares have different structures and ways of doing things which further confuses matters. Usually, when cloning, you get the message/warning, that everything on the recipient disk will be deleted, prior to being written to. I think that once you have said 'Yes, I understand' and agreed to that, then you are committed and there is no turning back. With a non encrypted drive you might have the chance (if the data has not been mangled) with a recovery software to see and recover the 'ghosts'.from the disks, some of which might still retain their integrity and be usable. I fear that with the encrypted situation that you are in and having started the process of cloning that your data, is, unfortunately, probably lost for good. I might be wrong (and I'm certainly no expert) but these are my thoughts. I know that if your data is vital and you must retrieve it that you can use the data recovery experts but (as I understand it) they are very expensive and even then it's not a 'sure thing'.
Thanks to all of you. Unfortunately, I cannot give the encryption password to anyone because I have data on my drive that is professional and confidential regarding defense and other activities. I have 2 dockers for cloning, one from back to front and the other from front to back... My problem comes from there!!! I confused the two systems. I probably cloned only 0,1% of the disk (12 secs out of 10 hours). I can see the empty blocks at the beginning of the physical disk. Nevertheless, I can mount the disk with Veracrypt. The password is accepted and it mounts a volume. But that volume does not have a recognized partition or file system. So I cannot see anything. I have seen many posts from @dantz on this very forum, sometimes 15 years ago, and some recently, and the users were very happy in the end to recover their data. So I believe it is possible, some people had the same symptoms and solved it :www.wilderssecurity.com/threads/veracrypt-disk-unallocated-can-mount-no-data-access-stuck-with-user-dantzs-solution.390085/#post-2632864 , and the guy @dantz seems to be incredibly knowledgeable... I am in the same position as the guy from that 2016 post... It is why I keep hope but frankly, I am getting depressed...
I am not an expert in this. I suspect that if you can open encrypted container to see its content then at this point you can treat it as corrupted/partially overwritten unencrypted filesystem. Maybe use kind of programs that may discover filesystem leftovers and recover some files from it?
Hi Eric28, somehow you have woken me from my slumber. I have long since moved on, and I don't usually do this, but I will see if I can help you. First, though, I must warn you that I am very rusty on this topic. In fact, I will have to go back and re-read some of my old posts to see how I did it. So please bear with me. It sounds like you are using partition encryption. We can go forward with that assumption for now. Few questions: 1) When you mount your volume in VeraCrypt, are you using the backup header? Or, at some point earlier, did you restore your main header from the backup header? (Possibly VeraCrypt restored it to the wrong location because the partition table was absent or altered?) 2) What tool are you using to examine the contents? You mentioned UFS, which I am not familiar with. For starters, I suggest using a hex editor to examine the mounted volume for strings of non-random text or other obvious patterns. It doesn't have to be recognizable words, although if the volume is decrypting then there will very likely be various words present. Long (say, longer than eight) strings of zeros are usually a sufficient indicator of decrypted data. If it's not jumping out at you then use the search function to find these things. Some of my previous posts describe my WinHex technique for searching for strings of zeros. The point of doing this is to find out whether or not your encrypted data is actually decrypting when you mount the volume. We can already assume that the beginning of your volume has been damaged, so you will have to look well past that point to find out. One more caveat: I'm not going to be available 24/7, so I will answer your posts as I have the time. Let's see how this goes.
@Eric28 I just saw your thread on the VeraCrypt forums. Here's what I think happened: After the accident you restored the volume's main header from its backup header, but the partition table had already been destroyed during the cloning accident, so the header was restored to the wrong location. This is why VeraCrypt accepts your password and appears to mount the volume but does not actually decrypt the data. The restored header was likely placed at the very beginning of the disk rather than at the starting offset of the (missing) partition where it should have gone. In most cases (assuming you are using a standard external hard disk) this would mean that your header is now 1,048,576 bytes out of position, and VeraCrypt can't decrypt your data because the header is the wrong distance from it. This is usually fixable. However, some of your data may not be recoverable. It depends on how much was overwritten during the accident.
I just saw your post in the other thread. I was waiting for you to get back to me. Have you made any progress?
