Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bitlocker HDD Fried - I have keys - How do I unencrypt backup HDD?


  • Please log in to reply
3 replies to this topic

#1 jsternmd

jsternmd

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 25 July 2016 - 08:39 PM

I decided to use Bitlocker to encrypt my 2nd internal SATA data HDD (NTFS) on my PC (Win 7 Pro) containg sensitive financial and personal data.  I assumed that when the encrypted SATA HDD was unlocked with my Bitlocker password that any file(s) copied to an external (USB) backup HDD (NTFS) drive would be non-encrypted files.  I tested my assumption and it seemed to be confirmed because I was able to open any of the copied files on the USB HDD drive even if the Bitlocker protected internal SATA HDD was locked.  


We had a T-storm event and my PC motherboard got zapped along with other things like some TVs, cable box, router, etc.  After, the PC powered up but no BIOS messages, etc appeared.  I removed the C:/ drive and that seems readable from a USB HDD SATA caddy on another PC but the encrypted data HDD was literally fried with a dark scorch line across the PCB and would not power up.  The PC motherboard also had scorch marks.  Fortunately I have the external backup drive which was not connected at the time.  I thought I was in luck.  

I plugged the backup USB hdd into my new Win 7 Pro box and found some strange things.  I could not copy many of the data files from the USB HDD onto the new PC HDD (another new 2nd internal SATA).  I got an error message saying "You need permission from S-1-5-21-405074475-1107139141-5430-etc etc to make changes to this file.  The file date showed as 2/22/2016.

These files that cannot be copied appear in green color type in Windows Explorer and when checked they have the "e" encryption attribute set which I could not uncheck.  What I found strange was that many subfolder have files and executables that seems perfectly fine without encryption.  I thought the good ones were old files created before I ever used Bitlocker but looking at dates it appears somewhat random.

I do have my dead encrypted SATA drive's Bitlocker Recovery key ID and the Full recovery key ID plus the Bitlocker Recovery key.  How do I un-encrypt the individual files on the USB backup drive?

I opened bitlocker on the new PC and it says no certificates found.  So I created a new certificate and then try to update one subfolder on the backup HDD containing non-critical data with the new certificaTE. I thought it would ask me for the old recovery key but all I got was the same

error for each file:

[ERROR]   0x80071771: file location and file name

I assume, the S-1-5-21, etc is the id of my old PC.  Any advice would be greatly appreciated

Thanks in advance.

Jerry



BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 22,632 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 AM

Posted 26 July 2016 - 07:43 PM

I believe you need to take ownership of the external on your new computer for the permissions problem. See this video. It's for Vista but the steps are similar to Windows 7.

https://www.youtube.com/watch?v=V2wkaMFsh04

For the Bitlocker issue does the drive have a lock on it when viewing Computer?

 

See this page on unlocking a Bitlocker drive.

 

http://www.sevenforums.com/tutorials/210071-bitlocker-drive-encryption-unlock-locked-data-removable-drive.html


Edited by JohnC_21, 26 July 2016 - 07:44 PM.


#3 jsternmd

jsternmd
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 26 July 2016 - 08:04 PM

I thought it was a bitlocker issue because the hdd was secured with bitlocker.  But I routinely also made complete backups to two different USB external HDD for added redundancy.  When I compared the two backups (which should be identical) using a file listing program (Total Commander) i noticed something.  The encrypted files seemed random, some subfolders had all encrypted files, others had only some and other subfolders had no encrypted files.  So this makes me think its not a Bitlocker issue which should be all or none.  Both backups have ~650,000 files  - on the 1st b/u there are ~21,000 files with the "e" attribute appearing in green color text.  However on the 2nd b/u there are only ~2000 files with "e" attribute set.  I couldn't make a comparison to see if the same ~2000 encrypted files files on b/u#2 were among those encrypted on b/u#1.  What is even more strange, I did a spot check of ownership of files with and without "e" on the b/u's and they all have the same ownership id tag.  I may have some luck, as I have the original boot C:/ hdd and I bought an identical used computer for $100 that I will try to reboot with the original C: drive.   I am hoping I can pull out the EFS certificates and use the certificates on the new PC with the encrypted data files.  Arrives Friday.   I looked at the videos but this is not for encrypted files rather for ones where permissions are blocked by ownership, right?

 

tia

jerry



#4 JohnC_21

JohnC_21

  • Members
  • 22,632 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 AM

Posted 26 July 2016 - 08:24 PM

i do not have much experience with Bitlocker. My method is to use Veracyrpt container on a hard drive. It is strange as you say that there are encrypted and non-encrypted files on the disk. 

 

Hopefully you can get your data back. You may want to look at this article. I think your prospects are good because you have the keys.

 

http://ask-leo.com/how_can_i_recover_files_encrypted_with_windows_filesystem_encryption.html

 

I have absolutely no experience with this software but it may be something of a last resort.

 

http://www.m3datarecovery.com/bitlocker-drive-data-recovery/

 

 

Edit: This company also has similar recovery software. No experience with it but they do make a partition recovery program that is quite powerful.

 

http://www.diskinternals.com/efs-recovery/


Edited by JohnC_21, 26 July 2016 - 08:27 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users