Video Screencast Help

cleared MBR of PGP encrypted Windows 7 (64bit) - How to get back the data

Created: 20 Jan 2013 | 11 comments

Hi,

I had Windows 7 boot problems on my PGP encrypted Windows 7 (64bit). In a Windows Recovery session I cleared the MBR, not knowning that I will lose access to my harddisk, as PGP has its own bootloader.

Now, I am trying to get back my data.

Using PGP recovery disk had not worked so far, as it could not recognize my PGP encrypted WIndows 7 (64bit).

Can somebody help me.

 

Thanks in advance, Oliver.

Comments 11 CommentsJump to latest comment

Tom Mc's picture

Unfortunately, doing this may leave you unable to recover disk access to your data.  Another option to try for decryption is to attach the disk to another computer with PGP installed.  You can try this with either placing the disk internally to the other, or via a USB attached disk caddy.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

Oliver-Rainer's picture

Just another question: Does somebody know the possible reasons why the PGP recovery does not find my encrypted Windows 7?

Oliver-Rainer's picture

Hi,

at least I got access to another system with PGP desktop installed.

After using "pgpwde --fixmbr" and "pgpwde --recover" my harddisk is recognized correctly by PGP.

Now, I want to decrypt my harddisk using "pgpwde --decrypt", but I always got error the message:

Error code -12198: Not permitted by your Administrator

 

It seems that the user of the other system does not have the needed access rights.

Can somebody help me?

Thx in advance, Oliver

Oliver-Rainer's picture

Thanks for the fast response.

Thus, there exits no way to just restore the PGP Bootloader?

Thx, Oliver

Tom Mc's picture

I'm not aware of a way to do this.  Part of the difficulty is that the sector(s) containing the PGP bootloader is the only part of the disk not securely encrypted.  Another difficulty is that the PGP bootloader must never be moved from the sector(s) it was originally installed to.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

BastelMTK's picture

Hello,

because I have a similar problem, I am also looking for an answer to the question "Why 'PGP Recovery Disk' does not recognize my Win 7/64?"

On Win 7 I had an update to version 10.2.1 and after the necessary reboot Windows only starts into the repair mode. PGP Boot seems to be ok, because I am still asked to enter the key. After entering the key, Windows starts into repair mode, but no OS is recognized. I also tried to load the drivers but still the same.

What can I do?

Tom Mc's picture

I would attempt decryption, either by the Recovery CD, or via another computer with PGP installed.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

PGP_Ben's picture

Oliver, back to your original question.

Hi,

at least I got access to another system with PGP desktop installed.

After using "pgpwde --fixmbr" and "pgpwde --recover" my harddisk is recognized correctly by PGP.

Now, I want to decrypt my harddisk using "pgpwde --decrypt", but I always got error the message:Error code -12198: Not permitted by your Administrator

DId you attempt decryption using a valid passphrase that the disk was encrypted with? I don't see that in your syntax. Such as:

pgpwde --decrypt --disk 0 --user "username encrypted to" -p "valid passphrase for that user"

If that doesn't work, maybe you have an WDRT or another authentication account that you setup to attempt decryption with?

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

Oliver-Rainer's picture

Sorry for the late reply.

Yes, I used the full pgpwde command. I am not sure, if I had used the --user option.

Nevertheless, I started the decyrption of the 465GB harddisk via the PGP restore DVD. But it does not succeed. After only ~12 hours it reported success, but I could not find or access any data.

My assumption is the following (and it is really an assumption, because I have no knowledge in this area):

- I remember that pgpwde --recover tries to read every record/sector to find backup information. The backup information was found and could be restored. But, only a small part of the records/sectors are read due to an read error on one of the records/sectors. pgpwde --recover stopped at this record/sector.

- decryption via PGP restore DVD only decrypted part of the harddisk and stopped at the corrupted record/sector.

This is my assumption.

In the meanwhile I started with a new harddisk. I still have the former harddisk available. It is still in the stadium right after the decyrption via PGP restore DVD.

Do you think there is still a chance to recover the data on the harddisk?

 

Thanks and best regards, Oliver.

PGP_Ben's picture

I have heard of some success using a utility such as sprinrite. WHich allows you to repair bad sectors on the disk or make a best effort to pull the data off there if it can.  Then attempt the decryption. But spinrite is a commercial product which costs money. You can find it on GRC's website here:

http://www.grc.com/sr/spinrite.htm

Another option is to see if you can force a sector by sector copy of the disk somehow (using a utility such as clonezilla Live CD). Use the drive clone to run the decryption commands and see what you get.

Best of luck!

Ben

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

Sachin Sawant's picture

hi Oliver-Rainer,

The same problem I was face this time i was remove the drive (which is corrupted or not encrypted properly) and attach other machine (which is installed PGP and working properly) and decrypted first... and check...