Data recovery on an external encrypted HDD

John_VanKirk · May 12, 2013

Many newer removable USB HDD's, for example a WD passport, can be password protected, or store data encrypted.
If a password protected or intrinsically AES encrypted HDD becomes corrupted (partition structure or formatting loss), or even USB bridge failure, is there any way to unencrypt the data or remove the password protect, so that using a data recovery program, like EaseUS Data Recovery or TenorShare Data Recovery, you can read folder or file names to recover?

Wouldn't recovering encrypted or password protected data to a healthy separate HDD still make it unusable?

Or on these HDD's, is there essentially no chance or personally recovering that data?

j2j663 · May 12, 2013

First of all you are walking a dangerous line on this forum with a question like this. The most I will say is that your best chance of recovery is to use the normal means of data recovery to try and make the drive readable again. After that you will need software that uses the same encryption and the password for the encryption to get to the data.

If the data is really encrypted with AES it is probably AES 256 or at least AES 128. If you think that you are going to crack that kind of encryption you don't understand encryption very well.

John_VanKirk · May 12, 2013

Hi j2j663,

First of all, you didn't even understand the question posed here. I don't have a drive that needs recovery or repartitioning. However, frequently folks ask for help who have external USB drives that become corrupted, or show up as RAW data in Disk Management. Any now, some of the external USB or eSATA drives automatically protect or encrypt the data for security. Data recovery is NOT simply fixing an MBR, or redoing the Partition Table. Data recovery for our discussion is used where the basic steps don't restore the drive structure, or it is reported as RAW (unformatted disk) data, and you need to use one of the above mentioned (or other) Data Recovery applets to physically copy the data to a good disk. (EaseUS Partition Master vs EaseUS Data Recovery Wizard). With non protected data, many times you can recover most of your data. If it's password protected or encrypted, I'm not sure there is a way to use your known password, or known encryption key, after the data is copied over, to make it readable again.

So the question is, have these newer protected external USB storage drives, that for whatever reason have become corrupted or are seen by Windows as RAW data, have made it not possible to retrieve your folders/files you know are there.

j2j663 · May 12, 2013

First of all you didn't ask the question very well, and second "use your known password, or known encryption key" in your second post is very different then, "remove the password protect" from your first post.

Right now there is no program that I know of that could do the same type of recovery that EaseUS would do except with encrypted data. I think externals are probably the hardest to try and figure out simply because of all the different possible levels of encryption that could be used. Different companies would go to different lengths with their own encryption software. Some may protect just the files and folders that are written, some may include partition information and some may even encrypt the entire disk.

If I ran into something like this with a drive that is encrypted and corrupted I would probably try and clone the entire disk and then try and put it back into the exact same environment as the dead one.

Considering that the more you read a corrupted disk the more likely it is to never give your info back, guessing and checking on what encryption type and level is on the disk could cost you any chance of recovering the data. This situation is also a reason that backups are becoming extremely important.

popatim · May 13, 2013

The same technique work to an extent. The software doesnt care what it recovers, its still a file to it. Its just that you dont know if you've got a valid file until after you decrypt it. In the case of drives with embedded hardware encryption/decryption your chance of recovering to another drive would be zero, theres no way to get the internal key (you only know your public key which is not the whole)

John_VanKirk · May 13, 2013

Thanks for the good information. I think it's worth consideration and discussion as external, USB & eSATA drives, add features like Self Encrypting Drives with the Key stored on the disk. Frequently someone asks the forum how to recover an external USB drive that took a surge, or was unplugged before all cached data was written, or just shows up as RAW data one day. They think these external drives are a "safe" backup, or safe single storage for large amounts of photos or data, until they are recognized as RAW, or not recognized at all. Much more frequent than with internal drives!

Then if a "removable" drive is self encrypted or purchased thinking it is more secure, as you said, the chance of recovering useable data, should something unforeseen happen, is essentially zero.

John_VanKirk · May 14, 2013

Hi John,
When you have data that's not encrypted on a removable drive, like a regular passport, and the data becomes RAW (no file system) or corrupted, I agree with you, there are several good "Data Recovery" programs that can copy it to a good drive, and recover most or all the data. We see that request for that exact problem frequently on the forum. Or if the USB/SATA bridge fails, you can remove the HDD and connect it to a new enclosure or directly to a SATA port to utilize the data.
But with self encrypting drives that have the encryption key built into the firmware, and something goes wrong, those "Data Recovery" programs, can recover the data to another drive, but it is encrypted, and the key is on the "bad" drive, so there is no way to unencrypt the data. You are stuck with encrypted data. That's why Popatim mentioned the chance of recovery on these drives is zero.

Unless I am missing an important point, there is no way to retrieve useable information in this instance.
If you try to use the password to unencrypt the drive key, there is either no key on the "good " drive or a different encryption key that won't work.

I think it would be like consciously trying to be extra secure with your data, but in reality guaranteeing to lock yourself out should something go wrong.

fzabkar · May 15, 2013

WD's SmartWare password has already been circumvented.

Here's one solution:
http://forum.hddguru.com/viewtopic.php?f=1&t=21584&p=144502

John_VanKirk · May 16, 2013

fzabkar :

Hi Franz,
Nice to hear from you! I read over the info about circumventing the SmartWare password and watched the UTube video, but didn't understand if you have to physically hack the drive to do that, or if it's all done by software entry? Also I saw a post that said initially WD used the same firmware key on all these drives, so it was possible to decrypt "recovered" data. Would guess that's been changed!

Also for others following along, WD emailed me saying using the Firmware Security Encryption is an option, so if you have a newer Passport or Ultra removable USB drive, you can use it for backup safety, without encrypting the data if you configure if that way.

kholoudmohi · Oct 28, 2013

please I need your help in this subject.. my WD passport have the same problem with the password.. suddenly it refuses the password and said its wrong although its the right one.. is there any hope to get it fixed.. please can any one advise..??!!

Search

Data recovery on an external encrypted HDD

John_VanKirk

Distinguished

j2j663

Distinguished

John_VanKirk

Distinguished

j2j663

Distinguished

popatim

Titan

John_VanKirk

Distinguished

John_VanKirk

Distinguished

fzabkar

Judicious

John_VanKirk

Distinguished

kholoudmohi

Honorable

TRENDING THREADS

Latest posts

Moderators online

Share this page