Recover data from a corrupt truecrypt encrypted partiton
If you have a drive that totatly encrypted using Truecrypt and somehow the boot sector / disk header is corrupted and you can no longer mount the truecrypt volume, is it somehow possible to recover the data on the corrupt disk?
The password and algorithms used are all known but there are no backups of the headers or boot sectors. The file system used NTFS.
This is what I've been experienced so far:
The disk shows up as "Invalid" in "Computer Management" because it is / was a Dynmic drive, I changed this by editing 1C0 from 42 to 07 using a Hex-editor. Now I can see the partitions on the drive but still not mount the truecrypt partitions.
I am currently tryign to run TestDisk to recover the boot sector because it shows up as "Bad" in TestDisk.
Any other ideas or pointers? If TestDisk is unable to recover the drive headers, is there someway that data can be recoverd when you know the Password and Encryption algorithms?
Edit
Just to clearify, it's not a bootable system drive that is corrupt. But according to TestDisk:
A valid NTFS Boot sector must be present in order to access any data; even if the partition is not bootable
Truecrypt provides a rescue disk. You burn it on a CD/DVD and starts the computer from it.
The following seems to apply to you:
If the TrueCrypt Boot Loader screen does not appear after you start your computer (or if Windows does not boot), the TrueCrypt Boot Loader may be damaged.
For more information, see: http://www.truecrypt.org/docs/rescue-disk
Depends on what the corruption actually is, I suggest Spinrite to recover unreadable data and sectors. This software works below the file system level, at the bit level to restore unreadable bits, which could be the cause of the corruption.
http://www.grc.com/sr/spinrite.htm
I have had a Windows Vista laptop drive using TrueCrypt whole-disk (System) encryption fail once, and that time I was able to boot off an Ubuntu Live CD, save an image of the entire disk to a server over the network using the excellent ddrescue
(or was it dd_rescue
? Confusingly, they are similar but one is more recent).
Then decrypt the image using TrueCrypt on the server. It took a long time but I was able to recover almost all of the files. So try ddrescue
or dd_rescue
.