Interrupted encryption, then format and now trying to recover data
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
I’ll try to make this brief, also I’m new to VeraCrypt so maybe I’m missing something. I’m helping someone that wants me to help them restore data from the drive.
Computer with Windows 7 Installed. Tried to do in-place encryption of the whole system drive. Pre-tests and everything works great but its interrupted at around 75%, complaining of corrupted files. He boots up Windows tries to do sfc /scannow it finds corrupted files but can’t fix them. Tries check disk but it won’t start for some reason. He can’t resume the encryption so he boots into safe mode to try to run check disk again. He gets stuck in some kind of boot loop where the computer tries to boot into safe mode but can’t.
Now the biggest mistake happens he downloads some kind of Dell factory defaults ISO and runs it. He tries to set it to save files (documents, etc.) but it fails, so it Formats the drive and install a new Windows 7 installation. When the computer boots up it asks for the encryption password and continues to boot Windows but it says it has some problem with the new Windows/system32/winlogon.exe
I’ve tried to put the disk in another computer and mounting it but it complains that the encryption is not done so it can’t mount the partition. continuing the encryption won’t work either it complains it isn’t a valid volume. When I run data recovery programs I find some files but most are encrypted though I manage to open a few PDF’s and some Word documents, that wasn’t encrypted.
I’ve got a rescue disk iso file but I haven’t managed to get it to boot from it yet, there seems to be almost nothing in it? Its just 1,75MB but maybe that’s like it should be.
Really, I just want to be able to mount the disk so that I can recover some files from it mainly outlook .pst files (I’ve found them with recovery programs but they are encrypted).
Right now, I think my biggest chance is to somehow repair the Windows installation so that I can run it decrypted then run data recovery programs to get the files I need. But from googling it doesn’t seem possible to install to an encrypted drive.
Anyone got any pointers or ideas to try or is it hopeless?
If you have nothing personal on the drive anymore and just want a clean install, I Would suggest cleaning the partition using windows install disk or USB. this should completely remove the old windows install and even the VeraCrypt bootloader.
once booted into the windows installer, open CMD and run diskpart, then enter seldisk 0, and then clean. it should say the disk has been cleaned sucsessfully and you can run the command exit teice to close CMD.
Doing this will of course remove all personal files, but you may have a chance of recovering them using a tool called "EaseUS Data recovery" the free version is pointless so you should look for a crack. If you want you can DM me and I will link you to a working one without malware.
Note that it may not recover all the files, perhaps none. but It's the best method I can think of. Hope it helps
Hello and Thank you for replying
When and if I get out the important files or just give up I will try your method. Yes, indeed I have good experiences with EaseUS Data recovery, I have a good version that works, but thanks 😊. The problem is that the files I get out of the recovery are still encrypted so I can’t do much with them.
have you tried using your veracrypt rescue disk? I Believe it was made for these types of situations. If you remember the Password/PIM you should be able to repair the header or fully decrypt the drive.
I tried it before when i tried to "burn" it to a USB but i didn't get it to work. But now after buring it to a disc i managed to boot from it. I can tell it to start decrypting. It seems to be working just have to see what the final result will be since the disk is formated.
I wont be able to do much more since I'm going away for a trip. But with a little luck i be able to start recovering data on monday after the decryption is done. Thanks!
you are welcome :) it should only take a few hours to decrypt. but because the system files are corrupted you should seriously consider reinstalling windows the correct way.
Yes as soon as i get the files out i will definitely format the disk and do a clean install of windows.