Truecrypt Hidden Volume Corrupted Recovery

Hi,

I have been using Truecrypt for sometime to store files for my Website. I created a 320gb File Container with a standard FAT32 Volume within which reside a hidden FAT32 Volume in which i stored most of my files. A while back I misstyped the password for the standard partition when i was supposed to use the Hidden Partition and pasted a number of files in the outer Volume in my haste.

When i realized my mistake, it was too late and probably some of the files in the hidden partition must have been overwritten because when i mounted the hidden partition Windows asked if i want to format it.

Here's what i have done so far:
1. I have used testdisk to search for Boot Sector on the hidden volume using the "rebuiltbs" option. to which testdisk found one which listed some html files but only a small amount of what was actuallly in the volume.

2. I have used Photorec to recover almost all the files but the directory structures and filenames got all messed up,they were in numbers and all the directories were mixed up, which was pretty useless for me since the html files and their resources folders were all over the place.

3. I used Getdataback for FAT to recover the directories partially and the file names were also correctly recovered. However, the name of the root directories are still replaced with numbers.

Is it at all possible to get back my data the way they were arranged directory-wise in the hidden volume before it was corrupted?

My system:

* windows 8.1
* 1 SSD 120gb (NTFS Windows) and 1 HDD 3tb split into 2 NTFS partition D:(840GB) And E:(2TB)
* The Truecrypt File Container (320gb) resides in Partition D of the HDD

I have combed through everything i could possibly find regarding Truecrypt here and in other forums but i just could not get anywhere else from here. Any Help, small or big, would be very much appreciated.

Thanks in Advance.

 

TrueCrypt is working normally using its embedded backup header, but unfortunately your volume's file system has sustained damage from a partial overwrite. I see this as more of a data-recovery issue than a TrueCrypt issue, as TrueCrypt merely mounts your volume and encrypt/decrypts its data on-the-fly, without keeping track of what the data actually is.

I suggest you go to some of the data-recovery sites and ask any experts you find if they can think of any better ways to restore more of your file system.

If they reply that some of their tools won't work properly within a TrueCrypt virtual volume then you always have the option of cloning your mounted volume (via sector-by-sector clone) into an equivalent-sized empty partition in order to get TrueCrypt completely out of the picture. The new partition will contain fully decrypted data.

 

Hi dantz,

I decided to use Getdataback to restore the files (everything was intact), since I had paid for it anyway. I manually renamed the lost root directories' names by hand and now, everything is in order although it took me almost a day's work to do so.

Thanks for the reply, much appreciated, and you are right, this is more of a data recovery problem come to think of it. Getdataback worked great on the virtual Truecrypt volume BTW, the data was apparently decrypted by truecrypt when I mounted the hidden volume, and getdataback have no problem seeing the files but it was the root directories name that got messed up, around 50 of them. Fortunately I was able to recall the names from memory.