File Share Encryption

 View Only

  • 1.  Data recovery after blue screen with PGP

    Posted Feb 23, 2013 10:08 PM

    I have Dell laptop that is running Windows XP that was encrypted with PGP WDE 10.1.2 (Build 50). During startup yesterday, I put my password in, and just as soon as it got to the Windows XP loading screen, I had a instant flash of blue screen and then a reboot.

    The blue screen error is a page fault in nonpaged area I found when I used the stop reboot on blue screen option.

    The hard drive was removed from said laptop, and connected to another PGP WDE laptop with a external HD dock. PGP came up and asked me for my password, and as soon as I entered it I get the same blue screen and reboot.

    After coming back up, I checked the drive health from disk management before entering my PGP password and Windows said the drive was good, and showed me the correct status.

    After looking online I found the article at http://www.symantec.com/business/support/index?page=content&id=TECH149631 and used a boot disk to run this procedure. The procedure seemed to work perfectly, however now when I connect the drive back to another PGP WDE machine I do not get a PGP password prompt. I get nothing at all. When I check the disk health, It shows 100% free and asks me to format, so I know my MBR is now wiped clean. I think my MBR is now gone, but did not get repaired.

    Any suggestions on where I can go next to try to recover my data? Any help or assistance is appreciated.



  • 2.  RE: Data recovery after blue screen with PGP

    Posted Feb 25, 2013 07:34 PM

    I would try the WDE Recovery CD for decryption. 



  • 3.  RE: Data recovery after blue screen with PGP

    Posted Apr 12, 2013 02:35 AM

    http://www.symantec.com/business/support/index?page=content&id=TECH149631 says the following:

    WARNING:  Using a fixmbr will wipe a MBR clean.  If you are unsure of other applications that are using the MBR you should create a ticket and explore if there are any other options before proceeding with this fix.  Backups should always be on hand before performing this operation as this could lead to a loss of data.   If backups have not been created you will need to make an image of your disk, and transfer that to a new drive.   Use the drive with the image for all testing and troubleshooting so that the original remains intact.

    There is a reason that disclaimer is in there. Running a command like pgpwde --fixmbr will overwrite your master boot record. Unfortunatley that is where store the pointers to our user data which is used to access your session keys to decrypt your data. 

    I would recommend hooking that drive you want to try and recover back up to another machine with PGP WDE on there and run the following command from a command prompt in windows (once the drive is attached)

    c:\program files\pgp corporation\pgp desktop\pgpwde --recover --disk 1 -p "passphrase of user on the disk"

    or if it's 64-bit:

    c:\program files (x86)\pgp corporation\pgp desktop\pgpwde --recover --disk 1 -p "passphrase of user on the disk"

    In the future, always try and make a backup of the files on an encrypted drive before changing anything to do with the partioning, modifying the MBR, or attempting to decrypt the disk (if possible).