Totaly filesystemdesaster on physical drives and inside of VC-Volumes
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
Hello,
i need help and i hope to get some here.
First of all here are the systemspecifications:
Software:
Win10
Veracrypt 1.23
System:
Intel NUC i5 (NUC5I5RYH)
Internal drive 1: 1x Crucial 500GB MX500 M.2 as System-Drive with one partition, full disk encrypted
Internal drive 2: 1x 2TB HDD 2.5" SATA 6G internal, NTFS-Formated with a 2TB VeraCrypt-Containerfile on it
2x 4Port USB3.0 Hubs plugged in seperated USB 3.0 Ports on the rear ports of the NUC
External Drives:
On USB-Hub #1 with drive 3 and 4
-> 2x 6TB WDRed drives, each in a Inateck USB3.0 Case with Model No. FE3001
-> Both are GPT and NTFS-formated with a 6TB VeraCrypt-Containerfile on it
On USB-Hub #2 with drive 5 and 6
-> 2x 8TB Seagate Archive drives, each in a Inateck USB3.0 Case with Model No. FE3001
-> Both are GPT and NTFS-formated with a 8TB VeraCrypt-Containerfile on it
All VeraCrypt-containers are formated with NTFS inside.
What happend:
On a late evening last week, win10 was running and all mentioned USB-Drives were mounted with VC but not spinning because of inactivity for a longer time. I clicked on the cyclebin to clean it and Windows initiated a spin up of all drives. Because it was late and i wanted to go to bed i clicked Start->Shutdown while during the spin up of the attached drives. Win10 initiated a shutdown (without warning of any running processes) and because its a fast system, all windows-services was terminated very quickly and the shutdownscreen appeared before the drives was initiated again. So, win10 stuck in this shutdownscrean and waited for the final spin up of all USB-drives to eject the drives in a clear state before the hardware got powered off.
A day later, i booted the system again. The internal drives and the two 6TB drives were in good condition and i am able to mount the VC-volumes on these drives and access all files.
But the NTFS filesystem on both 8TB-drives seems to be damaged. When i tried to access the disks to mount the VC-Containerfiles, win10 brought me a errormessage:
"The Recycle Bin on X:\ is corrupted. Do you want to empty the Recycle Bin for this drive?"
What ive done since then:
I clicked yes at the recycle bin errorwindow, but this error msg appeared every time i tried to access the drive 5 ( X:\ which is 8TB#1) or 6 (Y:\ which is 8TB#2).
So, i ignored the errormessage and tried to mount the VC-containerfiles:
For the container on X: 8TB2#1, i was able to mount the VC-container, but when i tried to access the mounted drive i got the windows error msg:
E: is the mounted drive letter of the VC-container on X:\
Good news: I did a quick test with PhotoRec and it was able to recover files. So, basically, i am able to the access the VC-Container.
Bad news: NTFS filesystem inside of the VC-Container seems to be totaly broken. Its not possible to perform a Chkdisk on this mounted drive. Windows Explorer is telling me that the mounted drive has 0bytes space. Maybe, MBR/GPT in the VC-container is broken.
For now and for this drive, it would be helpful if you could tell me some good recovery tools which are able to analyse mounted VC-volumes. PhotoRec is a nice tool, but its not able to restore a complete directory tree with correct file and dir names, if you know what i mean.
Also, it would be very nice to know, if you know a tool to do a forensic clone of a mounted VC-Volume to a physical drive. This would be very usefull, because many backup- and filesystem analysis tools do not support virtual disks like VC-Volumes.
BTW: Meanwhile, i did a chkdsk with repairoptions at windows start up and the "Recycle bin" error is gone on drive X: 8TB#1.
For the container on Y: 8TB2#2, things seem to be a bit worse at the moment. When i try to mount the container with VC, i get the following error message from VC:
I cant find any information about this error code.
Till now, i did not performed any Chkdisk or something else on this disk.
Since this happened, i purchased a new 10TB disk to be able to try several backup scenarios. First of all, i copied the VC-Containerfile from X: to this drive, which was not a problem. Because handling such big files is very time-consuming, it might take time to solve this problems and give you guys feedback.
Would be very nice to get some advanced help from you guys.
BTW: I dont have any backups.
Try run
mountvol /Ein elevated command line
then reboot