problem with truecrypt encrypted hard drive......

Discussion in 'privacy technology' started by petey, Aug 3, 2013.

Thread Status:
Not open for further replies.
  1. petey

    petey Registered Member

    Joined:
    Aug 3, 2013
    Posts:
    2
    Location:
    England
    I used truecrypt to encrypt my entire 1tb hard drive. Unfortunately, I should have, but did not back up or sync the drive. I started having problems about a week ago with the windows welcome screen 'hanging' - it got to a point over about a week of it first happening that it was so bad I had to re-start my computer several times before it would finally start. so I read-up on it, and the problems easiest solution for me was to de-crypt the entire drive, then try a repair with the original windows disk. no joy - windows still hanging at start. so I encrypted the entire drive again using truecrypt. oh by the way I also checked that all my drivers were up-to-date as I had read that could sometimes be the windows hanging at start cause. anyway, my last option was to do a system restore. which I did. and the whole bloody drive/operating system/computer failed. that was it. I was stumped. it wouldn't even start to the user select screen now - something serious had gone wrong. basically I had no choice but to re-install windows 7 from the original disk. so now I am left with a lovely new 980-odd free gig space hard drive - and all my original programs and more importantly, all my files(approx. half of the 1tb disk) have disappeared. ive tried re-installing truecrypt - but it doesn't recognise any of the drive as encrypted. ive tried running the truecrypt boot loader rescue disk - nothing. im left to, as I write, running a hard drive recovery program slowly. I suspect that im truly knackered but posted this as im a relative computer novice and wondered if anyone had any ideas or experiences they could share and/or help me with this probem I have of losing all my precious files. by the way, there's not even a windows.old folder - although ive not yet looked for it by enabling the 'show all files and folders' option. I hope ive explained it with enough detail, I suspect im screwed, but im asking as a last resort.
     
  2. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    When your HDD shows signs of going bad you should make a back-up of your important things from that HDD, decryption just adds extra stress on the drive.
     
  3. petey

    petey Registered Member

    Joined:
    Aug 3, 2013
    Posts:
    2
    Location:
    England
    I know I should have backed up, but I didn't. now im in this mess, I wondered if there was any kind of fix. or even part-fix.
     
  4. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    You may want to message PaulyDefran or Mirimir, I believe one of the two found a way to recover drives like this, they will probably come into the thread when they find it. It depends on how badly you overwrote the drive with Windows. It could have been your biggest mistake to reinstall windows so fast, as it requires space on the disk and it could have overwritten parts of the boot sector for TrueCrypt. You have only a slim chance, but we will have to see and if you search this section of the forum you maybe can find the thread as it was within the last month someone had the same problem and got it fixed.
     
  5. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    994
    Location:
    Hawaii
    Unfortunately, you've dug yourself a deeper hole than you started out with. Next time I suggest you ask for help before you start messing around trying to recover encrypted data. This sort of thing normally requires a cautious, somewhat delicate approach, but you just ran over it with a steamroller.

    Is the data that you need to recover valuable, perhaps irreplaceable? If so then I recommend you make a full sector-by-sector image of the entire drive before proceeding, just in case your recovery attempts end up making things worse. Especially since there's also the possibility that your hard drive may be failing.

    But ok, here's what you can do. You can skip my above recommendation if you like, based on the level of risk that you are willing to accept. What I'm about to suggest will write only 512 bytes to a part of the drive that does not normally store any user data, and first we'll try it without even doing that.

    Do you have access to an alternate PC that has TrueCrypt installed? (It doesn't need to be encrypted with TC, it just needs to have a copy of TC installed, which takes about 2 minutes.) If so, here are the steps:

    First we'll see if your latest TC encryption header is still on the disk and is still intact. If it isn't then this procedure will fail, but there's a followup procedure (Part II) that will probably work:

    Part I:
    1) Remove your hard disk and slave it (connect it) to an alternate PC as an external drive

    2) Open TC on the alternate PC

    3) Click "Select Device" and select your encrypted partition or disk from the list of devices. (If you encrypted the entire system drive then it will most likely be listed as "HardDisk 1" or higher. (Are there any partitions listed? Did your original disk have more than one partition on it? If so, post back.)

    4) Click on whichever free drive letter (in the list of available drive letters) you want to mount the volume to. (It doesn't matter which one you choose, and it's just a temporary selection for this session only).

    5) In TrueCrypt, select "System: Mount without preboot authentication"

    6) Provide the password at the prompt, and see if it's accepted. If you don't immediately see the "Incorrect password" message then you're off to a good start.

    7) If you are able to get this far, open Explorer, double-click on the drive letter that you mounted the volume to, and see if you can view any data (I doubt that you will be able to browse through your data yet, but even getting this far represents good partial success.) If Windows offers to format the volume, make sure to say No.

    Even if your PW was accepted and the volume mounted to a drive letter, your data will probably not be accessible to Windows Explorer due to a massive file system overwrite (you did this when you reinstalled Windows), but some data can probably be retrieved by using one or more data-recovery programs to explore the mounted volume, the one that you selected above in Step 4. If you get this far then we can talk about it.

    If your password was not accepted in Step 6 then go on to Part II.

    Part II:
    During Step 6 above, did you see the "Incorrect Password" prompt? If so then your encryption header was probably wiped out when you reinstalled Windows. Here's how to put it back:

    1) Reinstall your hard disk back into your original computer

    2) Boot to the Rescue CD. Make sure you use your most recent Rescue CD, the one that you created the most recent time you encrypted the drive, as we don't want to restore your older, original header.

    3) Select "Repair Options", then "Restore key data". Enter your Password when prompted, and choose "Y" when asked to write data to disk at the Y/N prompt.

    4) Repeat all seven steps from Part I above. This time your password should be accepted, so you can go on to mount the volume and use data-recovery software in an attempt to recover your data.

    There's more, of course, but that's enough to get you started.

    Note 1: If you don't have access to an alternate PC then all of the above steps can also be performed by booting to a Live CD (such as a BartPE) and running TC from there, but at the moment I don't have time to write down the full details for that approach.

    Note 2: The above was written from memory, so I can't guarantee that everything above is perfectly correct, but I think it's probably fairly close. If you get stuck then post back and we can try to figure out what's going on.

    (edit: fixed typo)
     
    Last edited: Aug 3, 2013
  6. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    *Claps* I am glad people take the time to help others even when they have to type all that out. :thumb:
     
  7. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,989
    Location:
    Brasil
    You have plenty of useful tips here, I suggest you try to follow them.
    Nevertheless, I had similar problems and my drive was failing.

    If you don't mind another suggestion: (this is going to determin if your drive is really failing)

    Download a copy of Ubuntu 12.04 (I selected 32bit just in case, but you can download a 64bit version, although there's no need of that for what you'll do). I recommend this version (12.04) since it has S.M.A.R.T. fully operational by default, no need to install anything.

    You'll be prompted to either install or Test the system. Chose "Try Ubuntu" so that you can run it without isntalling.

    Now, open the dash by pressing the Windows Key on your keyboard and search for "Disk Utility", and open it. Explanation: http://img580.imageshack.us/img580/8099/s196.png

    Open "Disk Utility" and select your drive. Explanation: http://img856.imageshack.us/img856/7997/3d4q.png

    Click "SMART DATA" on the right http://img829.imageshack.us/img829/2787/e88e.png

    Now, click "Run Self-Test" http://img850.imageshack.us/img850/2519/k7av.png

    Then select the Extended mode (Might take hours). http://img20.imageshack.us/img20/8669/mhl6.png

    After it's done scannig for error (re-allocated sectors), select "Refresh" and see for "Reallocated sector count" http://imageshack.us/a/img829/4266/51su.png

    I had 4029 bad sectors on a drive and the symptoms were:

    * BIOS screen freezing
    * Windows Freezing
    * Most operations freezing

    It appeared that my overclock was causing those freezings, but after I bought this new drive it all disappeared.

    If the Reallocated Sector count is more/or close to the "Worst" scenario, then I recommend trying to recover the data, as suggested above, and then copying to a brand new drive.
     
Loading...
Thread Status:
Not open for further replies.