Best practices for manually decrypting an encrypted hard disk with Drive Encryption (2024)

Technical Articles ID:KB66433
Last Modified:2024-01-06 09:43:35 Etc/GMT

Environment

DriveEncryption (DE) 7.1.x

For details of DE 7.1.x supported environments, see KB79422 - Supported platforms for Drive Encryption 7.x.

Summary

Sometimes, a fully encrypted disk can't be decrypted using DETech (DE), or duringthe encryption or decryption process. The problem is often related to the hard-disk having one or more bad sectors that causeDE toreport an error.

NOTE: This article doesn't apply to Opal-encrypted drives.

This article aids in providing advice in the following scenarios:

When the computer can't be decrypted using the Remove DE function on the DETech recovery tool
When the computer displays an error about corrupted sectors
When the computer displays an error about broken MBR/PBFS/SBFS in which an emergency boot can't fix the issue

Best practices for manually decryptingan encrypted hard disk:

The productspecialistsalways recommend trying to remove DE before trying a force decryption. A force decryption is the last effort method to decrypt the hard drive.
The productspecialists recommend that youdefragmentand run chkdsk before enablingDE Full Disk Encryption (FDE). These actions are a best practice before encrypting or decrypting a hard disk because they can help avoid subsequent errors and potential loss of data.
For critical data, clone your hard disk to an identical piece of hardware. A sector by sector clone with no compression must be usedto retainan exact replica of the disk.
NOTE:Also known as taking aRAW image.
Make sure that you can decrypt the data in the Workspace by loading the encrypted sectors.After you've verified that you can decrypt the disk,force decryptthe databy providing the start sector number and range. Record the disk information being used in case you need to contact Technical Supportand if you have totroubleshoot.

IMPORTANT:

We'renot responsible for data loss from a Force Decryption. The product team recommends that you always perform a sector level backup (RAW/CLONE) of the hard drive to avoid data loss. Examples of products to use for sector level backup are Paragon, Acronis, or Ghost.

WARNING: If a sector level backup isn't created and the process is unsuccessful, permanent loss of the data is possible.
Theadvicein this articlerequires a trained Encryption engineer. It's important for the engineer to specify the correct Start and End sectors to fully recover the data. When needed, contact Technical Support for assistance.
To contact Technical Support, go to the Create a Service Request page and log on to the ServicePortal.
- If you are a registered user, type your User IDand Password, and then click Log In.
- If you are not a registered user, click Register and complete the fields to have your password andinstructions emailed to you.

Solution

Overview of the Force Decryptionprocedure

It's not the intention of this article to provide detailed steps because theadvicein this articlerequires a trained Encryption engineer. It's important for the engineer to specify the correct Start and End sectors to fully recover the data. Forthis reason, contact Technical Support for assistance.

Defragment and run chkdsk without any additional command-line switches to test the integrity of the HDD.For details about how to use chkdsk to verify disk integrity before encrypting or decrypting the hard disk, see KB69110 - How to use chkdsk to verify disk integrity before you encrypt the hard disk.
For critical data, clone your hard disk to an identical piece of hardware.
Create a DETech Standalone bootable removable media. For instructions, see the DETech User Guide (PD24871).
Boot the system from a DETech Standalonebootable recovery media and identify which disks are encrypted using Disk Information.
Verify that the recovery key is correct by using Workspace and verify whether you can decrypt the data in the Workspace. For assistance with using Workspace, see the respective DETech User Guide for details.
Load the start and end sector of each partition or disk and select Decrypt Workspace.

NOTE: View the plain text on the right side of the workspace. It shows that a disk read error has occurred. If the error isn't readable after decrypting the workspace, the wrong key is in use.
Click Force Crypt/Decrypt Sectors.
Specify the start sector and sector count that need to be decrypted, and then click Decrypt.

The process runs until it's complete. The display shows that it's encrypting the disk because it's actually running the encryption algorithm in reverse.

NOTE: You can only decrypt one partition at a time. If multiple partitions or disks are encrypted, you must repeat the process for each.

IMPORTANT: If theForce Decryption fails, record the error you see and do not proceed to decrypt any further. Contact Technical Support immediately for the next steps.
After the disk has been decrypted, you'll need to clickRestore MBR and restore the original MBR.
Restart your computer and try to access the Windows desktop.

After the process has finished, you can see the data on the hard disk.

NOTE: If access to Windows fails, you must use typical data recovery methods to recover any data.

Affected Products

Best Practices
Drive Encryption 7.2 (EOL)

Languages:

This article is available in the following languages:

English United States
Spanish Spain
French
Italian
Japanese
Portuguese Brasileiro