Access to encrypted data on extended partition after operating system had been re-installed

  • Article ID: 109299
  • Updated: 28 May 2009


Product
Sophos SafeGuard Disk Encryption 4.60

Client OS

Windows 2000 Professional SP4, Windows XP SP3

Server OS

None

Question

Is there a way to access the data on the d: drive?

Answer

The explanation for the above behaviour is that the d: drive never got decrypted, hence the data on it is unuseable for the new operating system.

Solution:
There is only one possible solution. This solution requires a backup of the Sophos SafeGuard Disk Encryption kernel of the machine in question. Without a kernel backup, the data on the d: drive cannot be retrieved.

Assumption 1: The available kernel backup is the correct kernel backup for that machine.

Assumption 2: The person executing the next steps is aware of the usage of Sophos SafeGuard Disk Encryption Emergency Tools. (For more information about the emergency tools, please search our knowledge database)

  • Boot the machine from a bootable diskette and use the Sophos SafeGuard Disk Encryption emergency tools to restore to the kernel backup.
  • Restart the machine booting from floppy.
  • Start Sophos SafeGuard Disk Encryption Emergency Tools again. This time, you need to authenticate. Use the SYSTEM account (alternatively use an account which has sufficient right to perform the next step).
  • Select the option "uninstall" .

A de-installation will now start. That means that all partitions which had originally been encrypted are now decrypted. Even the c: drive which holds the new operating system will be decrypted. The decryption of the unencrypted partition 1 will result in unuseable data on that partition. But the important user data on the d: drive will be decrypted (which is the goal of this process).

After the decryption process, it is recommended to connect the hard disk to another machine. Make a backup of the data on the d: drive, before installing the operating system again on the c: drive.

Below, please find some "solutions" that will not allow access to the data.

No solution 1:
Re-installing Sophos SafeGuard Disk Encryption on the same machine.

Why not?
Installing Sophos SafeGuard Disk Encryption will start an initial encryption process, during which the d: drive is encrypted again. The encryption of an encrypted partition does not result in accessible data.


No solution 2a:
Attaching the hard disk containing the encrypted d: drive to another machine.

Why not?
The data on the d: drive remains encrypted, no matter from which machine you are trying to access it.


No solution 2b:
Attaching the hard disk containing the encrypted d: drive to another machine on which Sophos SafeGuard Disk Encryption is installed.

Why not?
The Sophos SafeGuard Disk Encryption system kernel on the second machine is different from the one of the first machine. Even in a case where a hard disk key has been set manually (so no random key was used), the data on the encrypted second partition remains encrypted.


Keywords: verschlüsselt MBR daten neuinstallation crash, sde reinstall harddrive datarecovery

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments