Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Recovering files from (double?) encrypted harddrive

Created: 06 Feb 2013 • Updated: 06 Feb 2013 | 6 comments
Hello!
 
I have a problem with a laptop's hard drive. I was able to log past the PGP Desktop boot screen, but booting to Windows led to Blue Screen of Death. And Windows' automatic repair gives an error of "boot sector for system disk partition is corrupt".
 
The hard drive is encrypted with PGP Desktop 10.1.2 (if I remember the version correctly). As I have two laptops, I decided to try to get to the files with my other laptop. My other laptop would probably be able to see the data as it uses the same Windows password authentication (single sign on), right? So, I removed the harddrive. Then I attached it to my other laptop as an external harddrive through usb. Unfortunately the other laptop has PGP Desktop 9.10 (build 500) so I was not able to see the data.
 
Due to this, I thought that I could maybe use the bootg.iso as a last resort to decrypt the harddrive. I put the hard drive back to my laptop. However, now it gives me logging screen of PGP Desktop 9.10! It won't accept my passphrase that worked before. I assume the hard-drive was automatically encrypted with PGP Desktop 9.10. So it's probably now double encrypted. Anyway to recover the data / remove the encryptions from this point?

Comments 6 CommentsJump to latest comment

PGP_Ben's picture

It is not possible to "double encrypt" your hard drive in this manner that you describe. It sounds like the recovery CD version that you downloaded is probably version 9.10 instead? I would recommending taking that CD out of the cd-rom try and downloading a fresh copy of the windows recovery images for PGP Desktop 10.1.2 found here:

http://www.symantec.com/business/support/index?pag...

Then attempt to boot first from that CD, and then enter your passphrase and press any key to boot.

If that fails to work, try booting the CD again and then entering your passphrase and then pressing "D" to decrypt.

If you decrypt this way, plan on it taking 2-3 days possibly though depending on the size of your disk drive and various other limiting factors.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

rakushun's picture

Thank you for getting back to me! I am almost sure that I got 9.10 logging screen even without the cd in cd-rom drive. Auto-encryption may be company's standard policy so I don't see why double encryption would be impossible to occur. However, I cannot 100% confirm; it has been a few months. I don't have the old hard-drive anymore so I cannot check or try decryption anymore. I may have the bootg.iso cd-rw somewhere so I can check the version if you're interested in?

PGP_Ben's picture

I was just curious, this does sound a little strange. I also saw an issue a while back where if you have Intel RDD technology (part of the PGP Desktop installer package) disabled. Then you upgrade from 9.10 to a 10.2.x build it will show this old 9.10 bootguard screen. This was an issue specific to having RDD disabled on the machine via MSI switches at installation though.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

rakushun's picture
I booted a virtual OS with the cd I had burned. The version is not mentioned in the PGP Desktop Whole Disk Encryption menu. It only shows the year "1991-2010 PGP Corporation".
 
However, I did check when the BOOTG.img is created. It is created on 22.3.2011. It has the same date and time as "PGP Desktop 10.1.2 Recovery Image". For a comparision, I also downloaded now 9.10 image and checked when it is created. Its year says 2009. So I had the right bootg.img burned. So, I still believe the chance of double encryption.
 
Luckily I had a file backup from 2 weeks period before the incident so I was able to save most of the files.
PGP_Ben's picture

Again, double encryption of the drive is not feasibly possible. However, it is possible to end up with remaing parts of the PGP Desktop 9.x BootGuard screen upon upgrade due to a known issue. I believe it is related to the Intel AntiTheft (RDD) technology that we implimented in our product which is now end of life. I believe this issue was addressed in PGP Desktop 10.2.1 MP1 see our resolved issues section here:

http://www.symantec.com/docs/TECH195813

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

PGP_Ben's picture

Did my last post answer your questions?

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.