S
Simmy
Guest
Customer brings in a computer with a suspected faulty hard drive. Turns out the data is needed by Monday and oh yes, it's encrypted (which he didn't mention on the phone). The drive is encrypted using Becrypt Disk Protect and has 1000's of reallocated sectors. The software requires a username/password (which I have) at the point of booting from the hard drive. Once entering those details, it blue screens (0x7b) when attempting to boot into any of the startup options. System Repair also doesn't see the drive, so there goes my chances of recovering the data from the command prompt.
I've currently got an Acronis image of the drive, which is converted to a working vmware image. The VM boots, shows the username/password box and bluescreens in just the same way.
My next step is to restore that image to a working hard drive and try to chkdsk it or repair it from that. My concern is the chkdsk will have to run as a slave drive plugged into the server. This means the data will be encrypted at the point of running chkdsk...which I'm fairly sure won't work.
I tried phoning Becrypt, who wouldn't breathe a word to me until I proved the client had some kind of support contract with them. Basically, with the laptop belonging to one of the largest organisations in the country, getting in touch with someone who is in charge of the encryption on the drives is virtually impossible. So I don't think I'll get a chance to speak to Becrypt support.
I understand there is a Becrypt plugin for BartPE, to help recover data in these types of situations, but I'll be damned if I can find it. I'm running out of ideas now.
Any other suggestions from you bright folk?!
I've currently got an Acronis image of the drive, which is converted to a working vmware image. The VM boots, shows the username/password box and bluescreens in just the same way.
My next step is to restore that image to a working hard drive and try to chkdsk it or repair it from that. My concern is the chkdsk will have to run as a slave drive plugged into the server. This means the data will be encrypted at the point of running chkdsk...which I'm fairly sure won't work.
I tried phoning Becrypt, who wouldn't breathe a word to me until I proved the client had some kind of support contract with them. Basically, with the laptop belonging to one of the largest organisations in the country, getting in touch with someone who is in charge of the encryption on the drives is virtually impossible. So I don't think I'll get a chance to speak to Becrypt support.
I understand there is a Becrypt plugin for BartPE, to help recover data in these types of situations, but I'll be damned if I can find it. I'm running out of ideas now.
Any other suggestions from you bright folk?!
Last edited by a moderator: