TrueCrypt vs. Windows Installer



I should really have known better than to plug a drive with one single TrueCrypt'ed partition into a PC prior to installing Windows 2k8 Server R2. What will happen is that the installer might randomly decide to place the MBR on that disk, overwriting the TrueCrypt header. I realized this after 5 hours of nursing the box to being completely patched, when I wanted to mount the drive with all my data. So. What can you do in this kind of scenario? First of all, you beg that you created that disk with TrueCrypt 6.0 or later. Otherwise, you're pretty much screwed. If that is the case, however, select the device with corrupted header in TrueCrypt, click Volume Tools. Choose Restore Volume Header, then Restore the volume header from the backup embedded in the volume, which should be the first button. If this fails, you can kiss your data goodbye, it is never coming back. That is the whole point of an encrypted file system1. You can now mount the volume in TrueCrypt again, but (at least this was the case for me), the underlying NTFS table is no longer what it used to be. I have tried a couple of recovery tools, but there are only two that could possibly help me, namely GetDataBack and PC Inspector2 . The important thing about these tools is that they can look at logical drives rather than just physical ones - any tool that only operates on physical drives cannot help you because all it sees is encrypted data. However, with the above two tools, you can recover data from a drive that you have already mounted (as a logical volume) with TrueCrypt. Of course, the lesson is to never plug in a TrueCrypt'ed drive into a computer which you are about to unleash a Microsoft Windows installer on. If you happen to face the same disaster as me, on the other hand, maybe you have to spend less time searching for recovery tools that will work.
  1. The key you enter to unlock a TrueCrypt volume is not the actual key that is used for the encryption of the data on the disk. The key you enter is merely used to decrypt the actual key, which is stored within the volume header. The reason for this is simple: The ciphers used for file encryption in TrueCrypt are block ciphers an therefore, the key has to have a fixed length. However, you want to be able to choose a TrueCrypt password of any length. Also, you might want to change your TrueCrypt password without having to re-encrypt all the data! []
  2. Try this one first, it's freeware. []

Leave a Reply

Your email address will not be published. Required fields are marked *