Lost my truecrypt encrypted partition.

Hi there,

I was resizing my partitions and something went wrong, and my partition table went corrupt. So I used testdisk to restore the partition table. All other partitions were fine except the truecrypt encrypted partition which always said "Incorrect password or not a TrueCrypt volume".

I believe testdisk wrote incorrect partition boundaries and the truecrypt header is lost somewhere.

Here's a screenshot of my partitions from KDE partition manager: http://i.imgur.com/8ypT6hE.png

I don't remember where the partition starts or ends and what the size of partition was (it was partitioned 2 years ago and I've not messed with partitioning since). However I'm 90% sure the partition was somewhere between sda2 and sda4. sda3 is the partition which gives error while trying to mount.

I tried using WinHex and searching for random data, but I can see plaintext data in that unallocated space. And since its almost 100GB of space, it's impossible for me to search manually and pinpoint exactly where the random data starts and ends.

I've thought of writing a python script and using TCHead with my password to search each block with the truecrypt header. However, I'm not sure how long will the script will take to finish searching all 100GB of space. Any thoughts about this?

Here's the fdisk output:

Code:

Disk /dev/sda: 640.1 GB, 640135028736 bytes
255 heads, 63 sectors/track, 77825 cylinders, total 1250263728 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x9c41b62a

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048      409599      203776    7  HPFS/NTFS/exFAT
/dev/sda2          409600   205631480   102610940+   7  HPFS/NTFS/exFAT
/dev/sda3       264239104   387119103    61440000   83  Linux
/dev/sda4       410444747  1250263039   419909146+   f  W95 Ext'd (LBA)
/dev/sda5       410444748   571849739    80702496   83  Linux
/dev/sda6       571849803   615225234    21687716   83  Linux
/dev/sda7       615239680   770620288    77690304+   7  HPFS/NTFS/exFAT
/dev/sda8       820041728   836818927     8388600   82  Linux swap / Solaris
/dev/sda9       836820992   877899127    20539068   83  Linux
/dev/sda10      877904118   959690965    40893424   83  Linux
/dev/sda11      959703040  1250263039   145280000   83  Linux

So I'm stuck with a lost encrypted partition of which I have no idea where it starts or ends or its exact size. Please help.

 

Bumping this thread. Sorry.

Anyone? Dantz?