I'd posted a couple of weeks back relating to 2 of my drives encrypted and wanted to decrypt them.
I've taken a Clone of one of those (268 GB D ) and restored it on Another Machine by Creating a VM and into a Virtual Hard Disk.
The Virtual Box i then booted using the DETech ISO 7.1.1 and Force Decrypt the .VHD file by input Start Sector and Total Sector Count.
My Question is : -
1. Will the program decrypt the .VHD file or it will take the sectors from Actual Drives of the Host OS and start operations ? Will it stay in limits of Virtual Box ?
2. Is the method appropriate to to this operation ? As it took almost 2 Hrs and it showed Starting Decrypt... but i was monitoring the Date Modified of .VHD file and it remained the same as if no operation had even been performed. But the Hard Drive Operation Red light indicator was continuously ON.
I checked out the other drives and data. Fortulately everything was safe. After Turning off the Virtual Box, i restarted Windows (Host OS) and it worked fine.
1. If your running in a vm, then the vm can't see the real drive, only what the hypervisor exposes.
2. The theory is sound - I don't know anyone else who's attempted it though.
Well, Just for an update. Things worked but was not Quite Useful,
Restoration of 268 GB D:\> on VHD was successful.
Virtual Box was restarted with 7.1.1. DTech ISO and it booted well.
Using a USB i authenticated the File. I/p the Daily Authorization Code.
Disk Information showed the Correct information and I made a Force Decrypt by Inputting the Start and Total Sectors.
2nd time when i did this method, In the Virtual Box i found the "Session Information" which kept on Updating the Bytes Read and Bytes Written.
After 2 Hrs the Bytes Read/Written was Equialent to 500 MB+. Which means decrypting a 268 GB of Drive by this method might take around a couple of Months or something. When i closed the VM the Modified Time of the VHD file got updated. Next by booting the VBox with an Live Ubuntu CD i opened the VHD in a Disk Editor and i could see more readable information in some of the Sectors.
So i have now restored the Part Clone (D: ) into some other Physical Computer and will start the Decryption. Hope after Decryption the whole data is readable.
But the VM method would have worked if it would not have been for speed.
I have just one more Question :-
If you restore a Part CLone of a Logical Encrypted Drive onto Another Machine and Force Decrypt it successfully then it should be readable right ? Because the File System Index/InformationTable should be in the same logical Volume ? Or there isnt any such information Table ?
if you restored the decrypted sectors from the clone to the physical drive, then started the force decrypt from the correct next sector, then in theory it would be fine.
Again, never been tried to my knowlege.
Are you using the stand alone version of DETech, or the WinPE version? You know the WinPE version is significantly faster?
Sorry to reply late, I'm using the Standalone version of DETech CD. Meaning the bootable one.
The last attepmpt i have made now is : - There were 2 Drives C:\> 90 GB and D::\> 268 GB.
While decrypting C:\> encountered problems at 2% itself. Now i have cloned D and restored it on a machine with 300 GB Drive.
The Decryption has almost reached 95%. Ill update within 2 Hrs or so.
Nopes.... Didnt work out... when i clicked on Machine's F: (On which the Decryption took place) the system asks to Format the Drive. From Windows Disk Manager it shows a RAW file System.
Although the Disk Editor Software, showed some readable information but the start Headers were incorrect. I didnt find any .R..NTFS... like headers..
Screwed Up !!