TrueCrypt Whole Disk Encryption problem

Discussion in 'encryption problems' started by summerjam, Dec 28, 2014.

  1. summerjam

    summerjam Registered Member

    Joined:
    Dec 28, 2014
    Posts:
    3
    I have a 500GB Seagate HDD with Windows 7 on it and whole disk system encryption that is corrupted.

    I am able to boot the HDD and enter the password in the TC boot loader and it even loads the Windows logo but nothing else happens - so something probably got corrupted in the Windows partition.

    The HDD has 5 partitions:

    Partition 1 - 40GB - Windows 7
    Partition 2 - 20GB
    Partition 3 - 20GB
    Partition 4 - 200GB
    Partition 5 - 220GB

    When I mount the HDD as external through USB I am able to see the first and last partitions (1 & 5) and am even able to mount them inside TC and browse them. The middle 3 partitions are missing and showing as Free Space inside Disk Management.

    I've also tried mounting the whole disk inside TC but that also didn't work.

    So I started decrypting the HDD using Truecrypt's Rescue Disk.

    So far I have decrypted about 100GB of the 500GB so that's about 20%. As you can imagine it works awfully slow!

    My questions are:

    1. Is there a way to speed up the process?

    2. Why, even though 100GB have been decrypted, I am not able to see anything when I mount the HDD - i.e. I still only see two partitions that I have to mount via TC in order to browse? Doesn't decryption work from the outside in - so that Partition 1 with Windows which is only 40GB should have been fully decrypted by now? The files I really need are in Partition 2 and 3 so I was hoping that by now I would have been able to get access to them. Do I really need to decrypt the whole drive? That would take about another 30 days.
     
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    summerjam,

    1. No there is on way to speed up the process unless you can grab a "higher end" computer processor. Any way you stack it, decryption is painfully slow.

    2. The decryption process is not done the way you imagine.

    If I understand your post you will have to decrypt the entire drive to access your #2 and 3 partitions. My understanding is that you utilized the whole disk encryption option via the TC installer process. For yourself and others reading along this thread: do yourself a favor and NEVER use the whole disk encryption option. Instead encrypt the system disk (normally the C drive) and then later encrypt the partitions separately so that they are "approachable" on their own. By using separate encryption they would have their own headers and data keys, but the way you did it the entire disk surface (excluding the bootloader) is all encrypted under one master data header. By using whole disk encryption the only access you have at this point is to finish the decryption.

    You may have had a much easier task IF I had gotten to you before you started the decryption process, which is currently some 20% finished per your post. There are windows tools to repair an operating system and you may have accessed that OS via another TC equipped machine. Once the system disk was opened you may have been able to affect repairs utilizing some basic tools (depending upon the severity of the damage to the system disk). At this point any of those options are "off the table" so decryption is your only bet unless you have a backup of the data.

    Backup: regardless of the outcome here, developing a backup protocol is likely screaming at you. Sorry! If you had a backup you could write it back in a couple of hours at most. Don't blame TC because any software or hardware can fail.

    The 2 & 3 partitions that you are concerned about are only 20 GB each, and a full sector by sector backup would take maybe 15 minutes each to restore or have created. You'll just have to consider this a learning curve for data protection.

    After your painstaking decryption, if you get it all back, come here and ask for a configuration plan. I/we will be happy to talk you through it. Further we'll get you all backed up so you never get this again.
     
  3. summerjam

    summerjam Registered Member

    Joined:
    Dec 28, 2014
    Posts:
    3
    Just FYI there seems to be a huge difference between USB 2.0 and USB 3.0 when decrypting - almost 10-fold.
     
  4. summerjam

    summerjam Registered Member

    Joined:
    Dec 28, 2014
    Posts:
    3
    Another FYI - encryption seems works from the outermost partition towards the innermost - decryption works backwards - hence why I couldn't see anything. Once I decrypted enough (but not the whole HDD) I was able to browse the contents of the partitions I needed - this is even though the HDD was encrypted using Whole Disk Encryption instead of partition by partition.
     
  5. J Meehan

    J Meehan Registered Member

    Joined:
    Mar 28, 2015
    Posts:
    2
    Hi summerjam,

    I am having the exact same problem you were experiencing. Could you please elaborate how you resolved your problem?

    Any comments and suggestions are appreciated.

    JM.
     
  6. J Meehan

    J Meehan Registered Member

    Joined:
    Mar 28, 2015
    Posts:
    2
    Hi Palancar,

    You mentioned in your post above that "You may have had a much easier task IF I had gotten to you before you started the decryption process, which is currently some 20% finished per your post. There are windows tools to repair an operating system and you may have accessed that OS via another TC equipped machine. Once the system disk was opened you may have been able to affect repairs utilizing some basic tools (depending upon the severity of the damage to the system disk).

    Could you elaborate what procedures you might use to resolve this problem?

    Any comments and suggestions are appreciated.

    JM
     
Loading...