cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 12

Decrypting a partially encrypted external HDD

Hi,

the short version of my problem: We had one machine object with a wrong policy (external hard drives connected to the computer were encrypted). The Notebook was stolen recently and now all we got left is the machine object of the device with which I thought the decryption process would be fairly simple.

I exported the SDB file and booted to the SafeTech environment, authenticated from the SDB and experimented with the workspace (load from sectors -> different start sectors like 2048 or 63, decrypt workspace, etc.) but nothing worked (no pattern in the workspace).

I attached a screenshot of the disk information and my hope is that one of you can tell me the secret where I have to fill in which values to decrypt this HDD.

This is really urgent and I already tried to get support via the Phone / E-Mail but it seems the supporters are swamped at the moment, delays are horrible and the answers are not helping to be honest.

Please let me know if you need any more information and I will gladly provide it!

Thank you very much in advance and best regards

Kevin

11 Replies
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 12

Re: Decrypting a partially encrypted external HDD

first question - how is this removable disk attached to the laptop running SafeTech?

If it's the 2nd drive - did you forgot to change disk? and you're looking at the laptop hard disk, not the removable one? You need to set the correct disk number (probably 1).

remember, the internal drive on an encrypted laptop will have a different key than an external drive from another machine.

Highlighted
Level 7
Report Inappropriate Content
Message 3 of 12

Re: Decrypting a partially encrypted external HDD

1. The HDD was attached to the laptop via USB and was partially encrypted during the progress.

2. This is the correct disk, the machine ID you can see in the screenshot matches to the original laptop machine object in the McAfee Endpoint Encryption Manager.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 12

Re: Decrypting a partially encrypted external HDD

Well if this is disk 1 (not the internal disk of the unrelated laptop) and you exported the correct machine object, but sector 2048 does not decrypt successfuly, then something is not correct.

Are you sure you set the correct disk before you went into the workspace? How did you connect this external drive to a machine and get it working in SafeTech - normally a usb connection would not work (it would work with WinTech though of course). 

Message was edited by: SafeBoot on 4/22/14 11:29:08 AM EDT
Highlighted
Level 7
Report Inappropriate Content
Message 5 of 12

Re: Decrypting a partially encrypted external HDD

Actually I did not start the decryption because 1. I don't know how and 2. I thought there have to be readable patterns after you decrypt the workspace or it won't work. And yes, I set the correct disk before accessing the workspace.

Which sector count do I enter though?

Not sure about that since I have 3 to choose from in the screenshot. Does that even matter for the decryption?

And how can I start the decryption correctly?

IDK, tried several versions of SafeTech / WinTech we have here but I never had the problem that the HDD would not work via USB...

Thank you for your quick responses!

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 12

Re: Decrypting a partially encrypted external HDD

the region is telling you what is encrypted, the power fail section tells you what *could* be encrypted - you'll have to take a look and decide yourself.

BUT as I keep repeating - you MUST make sure you are looking at the correct disk before you do anything, and then you must make sure you are using the right key.

then, just use the force decrypt option.

If sector 2048 does not decrypt though you're either looking at the wrong disk, or you're using the wrong SDB file.

As a comment- there's no way you can access a USB encrypted hard disk in SafeTech  - you have to be using WinTech. SafeTech simply doesn't support USB drives like that (and even if it did, it would take a week to decrypt one).

Use WinTech.

What's above the screen shot? do you have two disks mentioned in the disk info window?

Highlighted
Level 7
Report Inappropriate Content
Message 7 of 12

Re: Decrypting a partially encrypted external HDD

Yes there are two disks. I will clone the disk 1:1 and start the decryption in a WinTech environment on a test computer just so no valuable data is lost if it fails.

I will report back in 2 days tops, thank you!

Level 7
Report Inappropriate Content
Message 8 of 12

Re: Decrypting a partially encrypted external HDD

Sorry for the delay, I started the force decrypt with start sector 2048 and sector count 177907200. The HDD still doesn't show content in A43 and Windows though. I cloned the original disk again and am ready to test again. Was the sector count I entered correct?

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 9 of 12

Re: Decrypting a partially encrypted external HDD

Did you successfully test decrypt the start sector first? If that doesn't work then you have the wrong key.

Highlighted
Level 7
Report Inappropriate Content
Message 10 of 12

Re: Decrypting a partially encrypted external HDD

The machine ID from the first screenshot matches the ID in the Safeboot Encryption Manager exactly, isn't that an indicator that the used key is correct?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community