Tech Support Guy banner
Cancel

Encrypted partition on damaged HDD

977 Views 9 Replies 3 Participants Last post by  Yankeu
Y
My laptop HDD stopped appearing. Definitely physical damage. I had a partition that was encrypted and I haven't accessed it in long enough that I don't recall the password. I would have to try many things. I couldn't get a straight answer from the specialist I talked to on this: if the sectors on that partition weren't damaged, will he be able to give me a cloned image of it? Seems like a straightforward question to me; I know it depends on the damage, but this should theoretically work, right? He just kept saying he can give me all the folders with the files from the disk.
Thanks for any and all info!
Save
Like
Status
Not open for further replies.
1 - 10 of 10 Posts
Macboatmaster
You are right in this regard
I couldn't get a straight answer from the specialist I talked to on this: if the sectors on that partition weren't damaged, will he be able to give me a cloned image of it? Seems like a straightforward question to me; I know it depends on the damage, but this should theoretically work,
Click to expand...
If the drive can be read by the cloning software, then it can be cloned
However depending on the damage to the file structure if any = the data will still be in that state after the clone

If the drive is physically damaged with reference to the read write head for instance after collided with the platters then it may not clone and the data may well be unreadable where that damage has occurred - that is a simplified explanation.

In respect of your other point
I couldn't get a straight answer from the specialist
Click to expand...
If he has said for instance that he does not know if it will clone until he tries it then that is 100% correct

and with reference to this
He just kept saying he can give me all the folders with the files from the disk.
Click to expand...
You will have to ask him - if this data will then be readable

Possibly he will use software to decrypt the drive after cloning
A encrypted drive that is cloned is still an encrypted drive.

Finally although you have not of course actually asked for our help with decrypting - please be aware that we would not assist
One of the rules of the site is
Bypassing Passwords
Please do not ask for assistance with (or ways to bypass) a forgotten or unknown password, personal identification number (PIN) or any other type of access code that may be required on a computer, mobile device or web site. As there is no way to verify the actual situation or intent, no assistance will be provided and any such threads will be closed.
Click to expand...
As I said above I do appreciate you have not actually asked for help on the password issue and I mention the point only for your information

Good luck with it.
See less See more
Save
Like
Y
Thank you. Yes, I only want to know if he can give me something. I don't want anyone's help decrypting it, as I take that to be practically impossible. On the drive as it is now, I can't so much as try a password. He could have been trying to say what you suggested. He seemed to be saying he couldn't even use dd if the disk was damaged. But couldn't he still provide whatever sectors were not damaged? I mean, if some part of the encrypted data is damaged, then is it impossible to get any of it?
Thanks again.

Macboatmaster said:
You are right in this regard

If the drive can be read by the cloning software, then it can be cloned
.....
If he has said for instance that he does not know if it will clone until he tries it then that is 100% correct
....
Good luck with it.
Click to expand...
Save
Like
Macboatmaster
If the drive is damaged to the extent that it will not be possible to read data - lets imagine the read write head is not moving across the platters then it is a lost cause
If the mechanical aspects of the drive are OK and there are some bad sectors then it may be possible to obtain some data. Even if the drive will not clone.
It may also be possible to decrypt without the password but as mentioned no advice can be given in that regard on this site.
If you do not wish to place your trust in this specialist you have spoken to then consult another, if you get the same answer - then it is most likely correct is it not.
Save
Like
DavisMcCarn
Cloning a hard disk drive is creating a physical copy of every sector (piece of paper) in the original and you do it to get away from the failing hardware. I have done well over 10,000 clones for data recovery and, most of the time, they are highly successful. It does; however, completely depend upon what pieces of paper in the filing cabinet (sectors) are damaged and there is absolutely no way to find out until after the drive has been cloned.
I had one drive where 57% of it was bad; but, after the cloning, only six files were bad and another where only six sectors (.000000001%) was bad; but, it was in a critical spot for the filesystem and nothing was recoverable, at all.
If the bad sector(s) are in the master file table or in the root directory, you can really be in deep kimchi. Most of the time; though, 98+% is recoverable; but, you will still have to figure out what the password is.
See less See more
Save
Like
Y
They called me and told me something utterly unexpected. Instead of attempting to clone the drive as I requested, they cracked my encryption somehow, as I specifically asked them not to do! They copied everything from my encrypted drive to the other drive I gave them in unencrypted form and left it with a security guard in the lobby of their workplace for me to pick up. I don't know if this is illegal but I am DISGUSTED. I did NOT ask for help recovering my enrypted partition. Is this normal procedure for data specialists?? To me it seems beyond unprofessional.
Save
Like
DavisMcCarn
If there is any chance that the drive's data might be used in a court case, they will have definitely blown the chain of custody and there goes the evidence.
Save
Like
Macboatmaster
If there are some consequences of them unencrypting your data - of whatever nature those consequences maybe - then I believe your instructions should have been submitted in writing and acknowledged by the company you employed.

Other than that I do not believe we should advise.

I realise you have not actually asked for advice on this point, at this stage
Instead of attempting to clone the drive as I requested, they cracked my encryption somehow, as I specifically asked them not to do! I don't know if this is illegal but I am DISGUSTED
Click to expand...
IMHO you should seek professional advice if you feel the need.
Save
Like
Y
Thanks for the perspectives. I'm not in legal trouble and I'm not in the US nor even a western country. All I am asking is if this is normal procedure. I asked him to clone my encrypted partition, and he decrypted it without asking, and copied it to an unencrypted drive to be held at the reception desk of an office building until I happen to come for it. I will ask if he charged extra for this.
Save
Like
Y
I got another total surprise when I got the disk home. When I said "encrypted," he apparently understood "invisible from Windows." He had copied files from a Windows and a Linux partition and thought he was done. I told him on the phone to look for that last partition, and he saw that it was there and offered to clone what's left of the drive to anoher hard drive I bring in. Exactly what I asked him to do the first day...
Save
Like
1 - 10 of 10 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top