Can't load Windows; need DOS-based cloning utility in Windows PE
Created: 10 Feb 2014 | 20 comments
I'm running Windows XP SP3
PGP WDE 10.2.1 MP3
SSD HD 250 GB
It's a company laptop, and I couldn't even tell you if it has PGP Desktop WDE installed. They rolled down PGP off the network and I really never gave it a second thought. I just enter my passphrase during the boot process and that's it. I wanted to back up my data and I was doing the barbarian method of dragging-and-dropping the many, many files and folders I value. Unfortunately, it was taking too long and a select number of files couldn't copy because of IO read/write errors. I decided to try cloning the drive, but I didn't get very far because of IO read write errors. I tried running chkdsk/r a few times, and I can't tell you if any of that is what led to my troubles, but I can tell you that, right now, it doesn't boot up completely.
The computer boots and starts the process of loading Windows. It shows the familiar Starting Windows Logo and at about the same point, I get a BSOD STOP error 0x000000ED Unmountable_Boot_Volume. It never gets to the Windows GUI.
I honestly forgot that maybe the drive being encrypted could be an issue with cloning, although the IO read errors with a select number of files could be something else.
I was thinking about trying to fix the boot sector or MBR, but I read that Symantec replaced the MBR with this bootguard and overriting it may not be the smart thing to do right now. I couldn't even try, I think. I don't even have a Windows XP CD, since it's a company laptop.
The problem is I need this data and I have a feeling my company will not even try to recover it and all my data will be gone.
I resorted to installing a full version of PGP WDE 10.3.2 on another laptop and slaved the hard drive to it. Unfortunately, it's unable to read it. I enter my passphrase and it says disk operation is in progress but that's it. Nothing. The program basically locks up on me. HOWEVER, I am able to use the command line, authenticate, and even attempt to decrypt the hard drive. There are two problems, though. 1) Even after I authenticate in the command line, Windows still doesn't recognize the hard drive. 2) My company must have locked down the hard drive for decrypting, for my account does not have admin priviledges to decrypt the drive. I would need them to decrypt it.
I did try and run a 10.2.1 MP3 Recovery disc on the original laptop with the its hard drive and the decryption process seemed to be going through. I even saw that it had 1% encrypted. However, I didn't realize that this process could take that long (because it's running a 16-bit processs?). I wonder if converting the CD to a USB would decrease the decryption time. I don't have days, so I stopped it. But I found it interesting that I had no problems decrypting with the recovery disc, yet I did not sufficient priviledges to decrypt it in Windows.
I tried using things like Recuva and testdisk to see if I can get the data but no dice.
At this point, I researched and found I could create a Windows PE disc and use Hirens boot disc or I can use ubuntu live cd to clone the drive. I would authenticate with the PE disc, by slipstreaming the PGP files, and then open up Ghost with the Hirens disc. There's just one problem: I can't get any of the Hiren programs to open at the PE command line. The advantage of PE is you can dynamically load other programs and discs. The problem is I can't get anything to work.
The good news is that the pgp commands work in PE. I can authenticate the disk (I still don't know if I can read it). I didn't try decrypting because I would think it's the same story as using the PGP recovery disc--it would take days.
I was thinking there must a command line cloning tool I can use in windows PE to clone the drive to another drive. Therre is a version of dd for Windows, but I don't know how to use it; I dont' know if it supports hard drive to hard drive cloning or how I would even write the command. But if I could slipstream dd for Windows, that could possibly work. Are there any other hard disk to hard disk cloning tools that would work in Windows PE?
I'm running out of options. I can't decrypt in Windows because of insufficient priviledges. PGP Recovery disc takes too long. Should I try cloning the hard disk in Windows to another hard disk again, even though the drive is encrypted? Or, is it essential for the hard disk to be authenticated or decrypted before I can do any a data transfer?
One last thing I tried: In Windows PE, I ran chkdsk/f but it says I have a corrupt master boot record. Should I try and fix the mbr or boot sector? I can see if it can't find the starting sector to boot Windows. But my situation is it finds the sector and attempts to load Windows before it haults with the aforementioned STOP error code.
Any suggestions? Thank you.
Discussion Filed Under: