Endpoint Encryption

 View Only

  • 1.  PGP WDE 10.3.0 recover second partition

    Posted Dec 21, 2013 05:35 PM

    hi

    Previous setup:

    OS - Windows 7 64Bit

    PGP -  PGP WDE 10.3.0 

    HDD - 320 GB, two partitions (C: and D:)    

    Status - fully encrypted

     

    I had to format and reinstall windows 7, so I just formatted C: drive without decrypting the data. Once setup was done, I realised that D: drive is no longer accessible. When clicked it says "You need to format"  and "D:\ is not accessible. The volume does not contain a recognized file system.

     

    I wasnt sure of the issue so I reinstalled PGP WDE 10.3.0 on C: drive and started encryption. In between that I got to see one article which says "dont re-encrypt C:drive" So I paused the encryption in between. Right now When I see status of drive in command line it shows only one drive in PGP and it doesnt even recognoze D:\ drive.

    C:\Program Files (x86)\PGP Corporation\PGP Desktop>PGPwde.exe --enum
    Total number of installed fixed/removable storage
    device (excluding floppy and CDROM): 1
    Managed disks:
      Disk Group aca5dba1-ba23-4f4a-aa2f-f48ba022be6f:
        Disk 0 has 1 online volumes:
          volume C:\ is on partition 1 with offset 2048
    Request sent to Enumerate disks was successful

     

    C:\Program Files (x86)\PGP Corporation\PGP Desktop>PGPwde.exe --info --disk 0
    Disk information for disk 0.
      Model Number: ST9320423AS ATA Device
      Total number of sectors on disk: 625137664
    Request sent to Display disk information was successful

     

    C:\Program Files (x86)\PGP Corporation\PGP Desktop>pgpwde --status --disk 0
    Disk 0 is instrumented by bootguard.
      Encryption process interrupted by user request
      Current key is valid.
    Drive encrypted
      Total sectors: 625137664 highwatermark: 339409904 reserved start sectors: 16
    Request sent to Disk status was successful

     

    My D:\ drive has very crucial data that is required. Please advice me a way to recover that partition.

    Thanks



  • 2.  RE: PGP WDE 10.3.0 recover second partition

    Posted Dec 21, 2013 09:10 PM

    Install PGP on another computer and slave the hard drive with the encrypted partition and follow the commands in the article.

    Try this article:

    http://www.symantec.com/business/support/index?page=content&id=TECH170574

    Thanks

    Anthony



  • 3.  RE: PGP WDE 10.3.0 recover second partition

    Posted Dec 23, 2013 07:44 AM
    From my experience, you likely have lost your data - hopefully you have backups available. Reason: The data on your drive is actually encrypted to an AES session key which is stored in PGPWDE01 (which in turn is stored on particular fixed sectors on the drive). It is not stored there in plain text, but the session key is in its turn encrypted against your passphrase. When you format the C: drive, the PGPWDE01 file is not removed (only the pointer to the file location is removed), and thus the original session key is still available. And this key was used to encrypt the data on your D: drive. Since you started encryption of the C: drive again after reinstalling the desktop client, it will have overwritten the PGPWDE01 file with the new session key that is being used for the C: drive. So you no longer have the old session key available anymore - hence the warning in most of the articles (also the one Anthony mentions): "Warning: Do not re-encrypt the C: Drive as this will result in overwriting the session key and PGPWDE01 file which contains the drive encryption information and makes the disk unrecoverable."


  • 4.  RE: PGP WDE 10.3.0 recover second partition

    Broadcom Employee
    Posted Dec 23, 2013 10:10 AM

    Hi awalanchie,

    Unfortunatelly what Japke describes is the most likely scenario.


    If you have suspended your actions in that machine, you can still do a bit-per-bit copy of the disk (so that you are able to retake troubleshooting in a different way, if needed). Then there is a remote chance that the old backup records are still intact and that they may be used to recover that disk.
    There is a very (really) small chance, but perhaps worth trying...

    HTH,
    dcats
     



  • 5.  RE: PGP WDE 10.3.0 recover second partition

    Posted Dec 23, 2013 01:29 PM

    Thanks Anthony_Betow, Japke, dcats for the comments.

     

    dcats. I am trying to take copy of disk using Casper but it does not detect my d: drive. Can you suggest a way/software to do a bit by bit whole disk backup on a USB hard drive.

    Also, like you said there is a little chance. Please guide me what further actions i can take once i have the backup. Please guys help me here. I have almost all my last 10 years backup data on that drive. I am really wishing i could reverse the time and undo that re-encrypt :(

     

    Thanks once again.