Please oh Tech Geniuses hear my humble prayer...

Discussion in 'encryption problems' started by Altair, Nov 30, 2012.

Thread Status:
Not open for further replies.
  1. Altair

    Altair Registered Member

    Joined:
    Nov 29, 2012
    Posts:
    4
    Location:
    United States
    I've been extensively snooping around the net to figure out what's wrong to no avail. It's been over a week and a half. I think I'm starting to go bald over this. I know it's long, but I'm a simpleton when it comes to these things. Because of that, I'm not sure what's important to know and what isn't, so I try to be as detailed as possible about my situation. If anyone can help I would be inexplicably appreciative.

    I recently installed truecrypt 7. I encrypted the system partition for Windows 7 (standard recommended settings for everything) and it was working fine for a while. Out of the blue a screen of death occurred. I tried booting a few more times but only encountered more BSOD. I decided I was going to decrypt the drive before I continued troubleshooting.

    I changed the BIOS and booted from the CD/DVD drive with the original truecrypt rescue disk. During this process two things happened. First, I made the mistake of restoring the original boot partition/mbr before decrypting the drive (forgive me if I'm not using proper jargon). After realizing this I attempted to go ahead and decrypt the drive. Second, the powered surged while it was decrypting. After that I didn't know what to expect.

    I restarted the decryption process, It finally finished a day later. Now when it boots it doesn't ask for a password but just says that there are no sectors/partitions to boot from. I press escape, it skips that screen, and goes straight into Windows startup repair (which doesn't work either).

    I'm now using a LiveCD version of Ubuntu to see what's going on. The HDD passed memory and hardware diagnostics easily. No bad signs of anything anywhere with the disk itself. This leads me to believe that the problem is the OS. I then planned to copy the data from the disc over to an external HDD, wipe the old drive, reinstall windows, and put the data back onto the drive. Hoping that it works the same as before

    The problem is that I'm looking at my volumes on the drive right now and it's showing two partitions labled as "RECOVERY Partition 2 16GB NFTS" and "Partition 3 484 GB Unknown" Which means the majority of the drive is still encrypted!!! WTF? When I mount the drive it comes up as "Dell Utility". I'm at a loss and don't know what to do. Please offer solutions if you can. I will try to answer any questions to the best of my ability. Thank you.

    Edit: TL; DR It took me an hour to write, please take 5 minuets to read.
     
    Last edited: Nov 30, 2012
  2. woomera

    woomera Registered Member

    Joined:
    May 21, 2004
    Posts:
    211
    ok this is not such a tricky case as its just a messed up one since it looks like you've been really unlucky!

    so the 1st question is, why not install a new windows? did you have any personal/important file in your C drive?

    i doubt there be anyway to restore you old windows back!
     
  3. Altair

    Altair Registered Member

    Joined:
    Nov 29, 2012
    Posts:
    4
    Location:
    United States
    I like to keep my old files because it's like a scrapbook snapshot of my life. There are some pictures, programs, bookmarks, etc that I'd like to hold on to. I don't care about the old windows, I just want my files back.
     
  4. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I would remove the drive, put it in a USB dock, and look at it on another Windows system. See if Windows reports it as RAW.

    PD
     
  5. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    As far as I know, restoring the original Windows bootloader before using the TC Rescue Disk to decrypt the partition wouldn't cause any permanent harm in most cases. I can think of a couple of exceptions, but they're uncommon.

    If the decryption process is interrupted (by a power outage, etc.) then there will often be a little localized corruption, but usually no big problem. During encryptions and decryptions TrueCrypt constantly updates its encryption header to keep track of the current scope of encryption. If you resumed the decryption and allowed TrueCrypt to finish then the partition should be fully decrypted. The fact that TrueCrypt no longer asks for the password shows that the decryption has reached the end, because at that point TrueCrypt automatically restores the Windows bootloader. (Of course, you already did that yourself, so maybe in this case this isn't a reliable indicator).

    However, one major exception to the above would be if you used the TC Rescue Disk to "Restore Key Data" while in the middle of the decryption, in which case TrueCrypt would lose its place and would start decrypting from the beginning again, resulting in the double-decryption (actually, the re-encryption) of whatever portions got decrypted the first time, in other words, a royal mess. So I hope you didn't do that!

    More likely your drive is merely damaged in some way, or some other weird glitch has destroyed your Windows partition, or possibly your Ubuntu disk can't find it for some reason. I would try slaving the drive to another system and using data-recovery software to try to recover your data. If you can't find any data from that partition and you feel that for some reason it is probably still encrypted then post back and I'll try to show you ways to determine whether or not that is the case.

    Incidentally, be careful about using the Recovery partition to repair Windows, as this would probably overwrite your lost data. So would reinstalling Windows from the boot disk (although a repair might work in some cases). Your best move at this point will be to write nothing to the drive and continue to probe it using various data-recovery programs.
     
  6. woomera

    woomera Registered Member

    Joined:
    May 21, 2004
    Posts:
    211
    ok so this is now much easier, here is what i would do if it was my computer:

    -try to run another full decryption process to make sure.
    -download hiren bootcd and boot into "mini windows xp"
    -if minixp didnt work then try a live ubuntu cd
    -navigate to c drive (might be under a different name) and recover your files. i.e. flash drive
    -fornat, re-partition your hard drive and install a new windows.

    hope these helps
     
  7. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Right now, for the original user, Dantz advice is the correct method of proceeding safely. The original poster emphisised the desire to recover their files if possible. Altair I highly recommend you do as Dantz suggested in terms of further analyzing the drive. In order to help you further, it is important to confirm if the drive is actually still encrypted or not to help narrow down how to proceed form here. On a side note if you need help on how to slave a drive as well or require potential other options post back.

    -EB
     
Loading...
Thread Status:
Not open for further replies.