Video Screencast Help

Howto recover a HDD that is PGP encrypted? Slave or using recovery cd doesn't work.

Created: 18 May 2013 | 2 comments

Hi,

   I have a SSD drive that was encrypted using PGPWDE 10.2.1.

   4 days ago.. the Win 7 OS hung and upon hard reboot.. it will stay in Starting Window screen..try to enter safe mode / last know good config etc..  also will stuck at the same screen..

   Went to my help desk.. they took my disk and place it into another Thinkpad machine with PGP installed..with my passphrase.. they were able to see my HDD content. Was too happy then and told them to decrypt the disk without 1st copy out the content..

   The decrypting process went on for less then 5 mins and it return errors (not able to capture the error pop up) and my disk dissapear from his PGP desktop.  Connect / reconnect, reboot.. all also lead to the same result.

   Put back the disk to my own TP (2nd hdd adapter), in windows it will "see" the HDD as not initialised.. will pop-up to initialise the disk.  Try to initialise it.. will return time-out error.

   Did a google.. and followed someone suggestion.. boot to Windows recovery and try to fix the MBR.. Boot to recovery command prompt.. bootrec /fixmbr... return error, unable to access disk/invalid some thing like that...

   Tried PGP recovery CD..  boot up.. press any key to search.. what I get is the screen...

PGP Recovery Disk is searching the disk for PGPWDE installation, please wait...  nothing hapens..  after some time... it will get time-out and reboot back to the same screen (press any key to start searching....)

   Any idea on how I can recover my data?

   Many tks & best regards.

   Jimmy

Operating Systems:

Comments 2 CommentsJump to latest comment

PGP_Ben's picture

It sounds like there could be bad sectors on the disk.

if you ran a fixmbr on the disk. That wipes out the instrumentation data for BootGuard on the disk as well as the pointers to the primary and backup user records on the disk.  This makes recovery a little bit more difficult.  In the future, I would always recommend copying the data off the machine first before attempting any type of decryption/modification of the disk drive. If you suspect possibly a bad drive, run checkdisk and things like that (after copying what you can off the drive).

One thing you could have them attempt is to slave that hard drive that is having trouble back into a PC with PGP Desktop or Symantec Encryption Desktop. Then open up a command prompt and cd into the Program Files (x86) (64-bit) or Program Files directory for PGP.

example on 32-bit:

cd c:\Program Files\PGP Corporation\PGP Desktop\

pgpwde --recover --disk 1 (or if the secondary drive ends up being disk 2 try that) --passphrase "password" (or you can use --wdrt "wdrt here" if you have an managed client and a whole disk recovery token)

to tell which disk it is you can try:

pgpwde --enum

Then find the disk not listed as C:

This will force the Encryption Desktop application to scan the whole drive sector by sector searching for the backup records to unlock the disk.

If it manages to find it, it will notify you and then you will need to re-attach the drive again and authenticate at the PGP passphrase prompt (in Desktop)

At that point, I would recommend copying the data before attempting anything else on the disk.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

JimmyTeoCF's picture

Hi,

   Tks very much for the reply.

   I guess its too late to regret now as the mistake / damage has already been done.. sigh

   I did try to put the disk back to the TP that can "see" my disk.. but it could not find the disk anymore..

   In PGP desktop or command line.. it only show the C drive.  pgpwde --enum  returns only C drive...

   Again in windows disk management.. it shows the the encrypted drive as not initialised..

   PGP recovery disk is not able to go pass the searching phase..

   What else can i do?

   Regards.