TrueCrypt problem

Discussion in 'encryption problems' started by TheRSays, Jun 1, 2013.

Thread Status:
Not open for further replies.
  1. TheRSays

    TheRSays Registered Member

    Joined:
    Jun 1, 2013
    Posts:
    3
    Hello all!

    I've just registered as a user here because I've been searching for solutions to my problems on the Internet, and the users of this forum were the most knowledgeable in that regard.

    Here is my problem -

    I have a hard-disk. It has 3 partitions - C (which has Windows 7 installed on it), D, and E.

    I encrypted this hard-disk with TrueCrypt, using pre-boot authentication.

    In my infinite wisdom, I re-installed Windows 7 over the last copy (in partition C). It was my mistake. I didn't remember that partitions D and E were encrypted too.

    Now, the computer shows the partitions correctly. C has a fresh copy of Windows 7. D and E are shown as RAW partitions.

    TrueCrypt won't load these 2 partitions.

    I have a TrueCrypt rescue disc which I made when I encrypted this computer. I know the password.



    Is there any way that I can mount these two partitions in TrueCrypt successfully?

    Thank you!
     
    Last edited: Jun 1, 2013
  2. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    Mmm. Tough call.

    This was actually recently brought up here. Installing an OS over an encrypted partition is a big no-no.

    But if you have the rescue disk, it would seem you should be able to recover.

    Have you been through the documentation?
     
  3. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    993
    Location:
    Hawaii
    So you encrypted the entire disk at once, including all 3 partitions, rather than encrypting just the system partition and then encrypting the other partitions separately?

    If so, when you reinstalled Windows 7 you most likely overwrote TrueCrypt's encryption header for the entire disk (among other things). However, the 2nd and 3rd partitions should be mostly untouched, so your data should still be there. (The beginning of each partition may have been overwritten a bit, as Windows loves to 'fix' things that it doesn't understand.)

    I would try this:

    1. Boot to the TC Rescue Disk (make sure it's the correct one, of course) and use it to restore the encryption header (aka the "key data"). I believe you'll find it listed under "Repair Options: Restore key data". Don't restore anything else at this point.

    2. Remove your hard drive and connect it to another PC that has TrueCrypt installed.

    3. Open TC on the other computer and attempt to mount each of your two encrypted partitions using the "System: Mount without preboot authentication" menu option.

    4. If the partition mounts, hooray! However, Windows may not be able to browse the contents, as each partition's filesystem may have been damaged by the overly helpful Windows. You might need to use data-recovery software, but we can talk about that later if you get this far.

    I'm not sure if this is going to work or not, as I have not tested your particular scenario, but that's my best guess at the moment. If you want to play it super-safe you should make a sector-by-sector image of the entire drive before you begin to mess around with it like this. However, restoring the "key data" is relatively harmless, as this merely writes 512 bytes at the end of Track 0, an area which is normally unused.

    I also suggest you post this problem in the TrueCrypt "System Encryption" forum.
     
    Last edited: Jun 2, 2013
  4. TheRSays

    TheRSays Registered Member

    Joined:
    Jun 1, 2013
    Posts:
    3
    Thank you JackmanG and dantz for your replies.

    I did something before I could see either of your replies, and I'm glad to say that I was successful. There may be other people who might find themselves in the same situation as I was in, so I'm going to post here what I did to get my data back. I also have some questions regarding TrueCrypt, and I'd appreciate it if you could answer them for me.

    Here is what I did -

    I booted from my TrueCrypt Rescue Disc. Then, it gave me 4 options - 3 of them to restore something or the other, the 4th to completely decrypt the system. So I restored everything that it offered to restore, and then asked it to decrypt the system completely. It took it a few hours to decrypt the system. Since my new copy of Windows 7 was already decrypted prior to this (as it was a fresh install), it was now gibberish, and I got an error message when I tried to reboot the system. So I installed Windows 7 again, and hurray, both my partitions were now there, decrypted and ready to use.

    I had a back-up of about 95% of the data held by these two partitions in an external HDD, but the remaining 5% of it was extremely important to me.

    My questions are -

    How should I now encrypt now the system so as to avoid this situation again? Should I make a new TrueCrypt Rescue Disk when I encrypt these 3 partitions again, or will this one do?

    Thank you!
     
  5. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    I'll definitely defer to dantz for the final word on that, but I guess it would depend on your preference. If you don't mind entering multiple passwords, you might encrypt just the system partition and then encrypt the rest of the drive on a per partition basis. (Of course to keep it simpler, you could use the same password for each one.)

    This way, if you ever need to reinstall the OS again (or install a different one), you won't run into the same problem. (Of course, you could always just do what you did again, but this way you avoid having to decrypt the whole drive.)

    Just for some knowledge, you might go through the Known Issues & Limitations and even the FAQ (probably will learn a few things you will use, or at least will be good to be aware of).
     
  6. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    993
    Location:
    Hawaii
    Glad you succeeded! A full decryption using the rescue disk was going to be Plan B. It's usually best to try to recover the data first, as a rescue-disk decryption can sometimes fail partway through, leaving the data in a partially-decrypted state that requires advanced skills to recover from.

    To re-encrypt, I suggest you start by encrypting just the system partition, and yes, you will need to create a new rescue disk, since the encryption key for the first partition will now be completely different.

    Once the encrypted system is running properly you can go on to encrypt the two data partitions. If you wish you can specify the same password for all three partitions. Doing so will allow you to automount the two data partitions during bootup, so you will only need to enter the password one time, as before.

    It's usually preferable to encrypt each partition separately rather than encrypting the entire disk all at once, but both methods have their pros and cons and both are valid. I find disaster recover to be easier when all partitions are encrypted separately. However, this also places the data partitions at additional risk due to user screwups. For example, you can safely alter the partition sizes or otherwise repartition a fully-encrypted system disk, but you don't dare try that on a system that has separately encrypted partitions or you'll break them for sure.

    You seem like a "shoot first and ask questions later" kind of guy, so you might actually be better off with a fully-encrypted disk. But the truth is, you can easily get into trouble using either method if you don't know the rules of behavior. You can learn quite a lot by reading through the TrueCrypt problem forums (all those tales of woe!) and learning what not to do.

    Oh, and always back up your data! And it wouldn't hurt to make a backup copy of your new rescue disk. And finally, if you encrypt your data partitions separately then for safety's sake you should also back up each partition's volume header.
     
  7. TheRSays

    TheRSays Registered Member

    Joined:
    Jun 1, 2013
    Posts:
    3
    Thank you for your replies, they are quite informative.

    I have one more question - is the 'TrueCrypt Rescue Disc' all I need in case I run into this kind of a situation again? Or should I back-up something else as well?

    Thank you!
     
  8. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    993
    Location:
    Hawaii
    I already kind of said this in the last sentence of my previous post, but I'll expand upon what I said, hopefully for clarity:

    If you use TrueCrypt to encrypt the entire disk that your system resides on, (which includes all partitions on the disk, of course), then the rescue disk is all you need (aside from keeping current data backups and perhaps a recent system image). Since everything is riding on this one CD, it wouldn't hurt to make a second rescue disk, just for safety.

    However, if you use TrueCrypt to separately encrypt one or more data partitions, or an entire non-system disk, or one or more file-hosted volumes, then you should ideally back up the volume header of each one.
     
Loading...
Thread Status:
Not open for further replies.