I had kept my HDD on Force Decrypt and after 2% it gave an Error while reading sector.
This time (after the above Error) i am planning to take a HDD Clone Image Backup.
I have 2 Questions.
1. Can i restart the Process using Force Decrypt ? Or doing so till spoil the data more ?
2. I had 2 Drives out of which only 1 Drive (C i had tried to decrypt. If that failed, should i try to decrypt the another one ?
A force decrypt is always the last option. All other options of data recovery should be attempted before a force decrypt as there is no log kept of what sectors are and are not encrypted. This means that in the event that the decryption fails, there is no sure way to tell where it left off.
Starting a force decrypt from the beginning of the disk will result in data loss. At this point your disk is 2% decrypted and 98% encrypted. If you start again, and assume that what ever disk issue that occurred during the initial decryption no longer occurs, the disk will then be 2% encrypted (in reverse) and 98% encrypted. The data will likely not be accessible because the partition header will likely be encrypted. It may be partially recoverable with advanced data recovery tools or via a data recovery specialist.
If you plan on attempting further action on the drive and the data is important, I would recommend taking a sector level backup of what you currently have before proceeding any further. If the sector that the disk was last decrypting was copied down, you can try to skip ahead a few hundred sectors from where the decryption left off and attempt to continue but this will possibly fail also as the drive is likely damaged and needs to be repaired.
Had a backup been taken of the drive, the backup could be copied to another drive and the decryption reattempted. But at this point, I would recommend engaging a data recovery specialist.
Unless somehow both drives had their MBRs damaged, it is likely the second drive doesn't require a force decryption. The primary tool to recover the data from the drive would the DETech WinPE in which you could mount the drive and copy the data off. The next option would be to utilize the "Remove DE" option in DETech. The last option would be a force decrypt but a backup should always be taken before attempting.
Thanks Jhall for your reply. Ill be more specific with this time with the mess i did. I had installed Ubuntu Linux shrinking a 368 GB D:\ into 268 GB and a 100 GB and Linux got installed into the 100GB partition.
As i said, i had contacted McAffee Support (Gold Support) that our Org. has and i am surprised that i was not told to explore the other options like Write Encrypted MBR (which is available on McAfee 7.1.1 ISO). The official directly advised me to take the Force Decrypt option.
I didnt have enough storage (around 500 GB i.e 100 GB C:\> , 268 GB D:\> and 100 GB Linux) hence in the first instance i didnt Clone the hard drive and directly went onto Decryption using the Force decrypt option (as advised --- Intel Security Support Notification - SR # <4-10127506051> )
But as said after 2% it failed. Didnt note the Error and clicked Force Decrypt again but after 30 seconds i powered off realising that again doing would make data more unrecoverable.
Next i went on cloning my HardDisk using Clonezilla but even that didnt allow to clone the Complete Hard Drive saying that the C had a badsector immediately after 2%. Hence it entered into Part CLone Mode and i was able to Clone rest of the partitions properly.
Next thing i have planned it to restore the cloned partitions onto the Virtual Machine and then decrypt it rather than to directly try anything onto my current Laptop.
The data is really important and i am being told by the McAfee Support to contact the Account Manager for the Max support that i can get.
Your furthur advises would be really appreciated.