Author Topic: Recovery of a RAW partition  (Read 4367 times)

tryingitout

  • Newbie
  • *
  • Posts: 8
Recovery of a RAW partition
« on: December 20, 2015, 08:46:33 am »
I have been running DiskCryptor for over a year on my Windows 8.1 laptop without any problems.  A few days ago, though, Windows stopped running.  I still get the DiskCryptor login when I bootup, but then get the blue screen from Windows.  A chkdsk command indicates my primary partition is now RAW.  I have several files that were not backed up recently, so I plan to attempt recovery of the encrypted data.  I have an SSD, if that makes any difference, and the drive is MBR.

First, I am having trouble putting my hands on my header file backup. Can I create a new one since I can still login to DiskCryptor before Windows tries to load? (And is there a standard file name for the header file that I can search for on my backup drive?)

Secondly, if I can copy the RAW partition to an external drive using some offline data backup/imaging software, can I decrypt my data on the external drive, so I can then copy it back to the newly formatted NTFS partition on my SSD?  Or alternatively, once I copy the encrypted data back onto my SSD, will I be able to view it there somehow using my original passphrase? (I am assuming that I will not need to reinstall DiskCryptor after resolving this RAW partition problem.)   In other words, assuming I cannot decrypt RAW data, if I tried to copy encrypted data back into a new NTFS file structure, could it then be decrypted?

Thirdly, I can use the Win7PE boot disk with DiskCryptor loaded, but I'm not sure that helps me in my circumstance.  Is there anyway to use that platform to recover my data, or decrypt RAW data?  If so, am I correct in assuming I need to find my header file first?  Using the boot disk, I can launch DiskCryptor.  When I select my C or D drives (seen as RAW), I only have the option to Mount the drives.  It would be great if I could decrypt the entire drive at this point, and then I could use alternate data recovery tools to export the decrypted files.

In summary, I have a huge chunk of encrypted RAW data, I have my DiskCryptor passphrase, and I may or may not be able to put my hands on the header file backup that I created a year ago.  How can I recover this data?
I would appreciate any and all advice in this situation, and am happy to give any more information.

PS - I do have the DiskCryptor loader CD that I originally made if that helps at all.  I have not tried to use it because I am a bit unclear as to its purpose.
From my research, the recovery of this data in the RAW file system would seem to be quite straightforward.  The fact that the data was encrypted seems to make the recovery quite a bit more complex, if not impossible. Help!

Anfinuo

  • Sr. Member
  • ****
  • Posts: 380
Re: Recovery of a RAW partition
« Reply #1 on: December 20, 2015, 03:09:42 pm »
Did you try to use a Live Media with DC to mount, decrypt those partitions at all ?

As for what can you do with Win7PE boot disk, that depends what creator of said disc did, what he included. So if he included a disc backup software, you can use it. I, and Italick did:
https://diskcryptor.net/forum/index.php?topic=5321.msg12691#msg12691

tryingitout

  • Newbie
  • *
  • Posts: 8
Re: Recovery of a RAW partition
« Reply #2 on: December 21, 2015, 12:38:54 am »
Thank you so much for your response.

First, the Win7PE boot disk I have used does not have backup software included.  I have since seen your version that contains the Macrium Reflect.  It sounds like I should use your version so I can create an image before attempting to alter the data.

Secondly, I have not attempted to mount or decrypt the RAW partition with DC.  Are you saying that even when Windows can't see the partition and chkdsk indicates it is RAW, that DC will still be able to decrypt all the files?  That would be great!

Lastly, I am assuming that I should image the partitions and save them to an external hard drive prior to attempting the mount and decrypt.  Is that correct?  And it sounds like my backup header file isn't needed after all, right?

Thanks again!

Anfinuo

  • Sr. Member
  • ****
  • Posts: 380
Re: Recovery of a RAW partition
« Reply #3 on: December 21, 2015, 05:12:28 pm »
Are you saying that even when Windows can't see the partition and chkdsk indicates it is RAW, that DC will still be able to decrypt all the files?
I'm saying that encrypted, unmounted volumes are "unseen" by Windows, so if something messed with your ability to make them "seen", you can get various errors. Try to mount it with Live Media. If you can, and everything is O.K., something messed with your bootloader.
If not, we will need more info.

Lastly, I am assuming that I should image the partitions and save them to an external hard drive prior to attempting the mount and decrypt.  Is that correct?  And it sounds like my backup header file isn't needed after all, right?
Yes.
Well, you can try to make one now, but I would trust them now.

tryingitout

  • Newbie
  • *
  • Posts: 8
Re: Recovery of a RAW partition
« Reply #4 on: December 28, 2015, 03:33:34 am »
I have used the Macrium for an image.  I attempted to decrypt my drives (though I cannot confirm that my C: drive finished completely as it ran overnight), and am encountering an error as I try to proceed.  My C: drive is still in RAW format, Diskcryptor indicates that my C: drive needs to be mounted.
When I attempt to mount drive C: I get the error code 4.  It is my understanding that this indicates that my header file is corrupt.
As I mentioned, I backed up the header file upon initial installation, but cannot find the file now.  Can you tell me if there is a standard naming convention or file type that I can search for on my backup drive?

Anfinuo

  • Sr. Member
  • ****
  • Posts: 380
Re: Recovery of a RAW partition
« Reply #5 on: December 28, 2015, 09:27:37 pm »
Can you tell me if there is a standard naming convention or file type that I can search for on my backup drive?
Name - HarddiskVolume<number>
Filetype - bin.

tryingitout

  • Newbie
  • *
  • Posts: 8
Re: Recovery of a RAW partition
« Reply #6 on: December 28, 2015, 11:25:46 pm »
Thank you.
Would the header be part of the loader.iso file that I created upon initial installation of DiskCryptor?

Anfinuo

  • Sr. Member
  • ****
  • Posts: 380
Re: Recovery of a RAW partition
« Reply #7 on: December 29, 2015, 01:16:49 am »
Would the header be part of the loader.iso file that I created upon initial installation of DiskCryptor?
Don't think so, loader is for something else than backup.

tryingitout

  • Newbie
  • *
  • Posts: 8
Re: Recovery of a RAW partition
« Reply #8 on: December 29, 2015, 03:35:05 am »
I found the header file.  I'm sorry to be so obtuse, but can you send me a link to the instructions on replacing it?  I am assuming this should be done through PE since I still can't boot my computer normally.
It looks like the decryption worked, and my drive is back to showing as NTFS.  That's great news.  My next problem is that my password won't work in DiskCryptor when I try to boot my computer.  I assume that is because the header file is corrupt.

tryingitout

  • Newbie
  • *
  • Posts: 8
Re: Recovery of a RAW partition
« Reply #9 on: December 29, 2015, 06:08:18 am »
First, I tried the "restore header file" on the DiskCryptor running on PE.  I still get the Error Code 4. Is there something I am doing wrong?
Secondly, at this point, can I just uninstall DiskCryptor altogether and reinstall it another time?  All my data is decrypted, and I just need to get past the DC login to see if my Windows will work.
Thank you!

Anfinuo

  • Sr. Member
  • ****
  • Posts: 380
Re: Recovery of a RAW partition
« Reply #10 on: December 29, 2015, 02:21:32 pm »
The "DC login" you refer to, is the DC bootloader. It doesn't uninstall with DC. You need to do it that manually via: "Tools" -> "Config Bootloader".
Also remember what was wrote here:
https://diskcryptor.net/wiki/Downloads