How to recover an encrypted HOME partition?

[johnjohndoe]

Hello.

I am trying to recover the encrypted HOME partition of a Ubuntu installation. I did write down the passphrase. The harddisc originally contained a Windows partition, followed by the Ubuntu system partiton, followed by the HOME partition ... I cannot remember the exact layout, though. There is also a NTFS partition at the end of the disc which is no longer of interest since I managed to recover all data from it.

Here is what the disc looks like in GParted:



Here is what TestDisk "Quick analyze" outputs:

Code: Select all

    Disc /dev/sda - 500 GB / 465 GiB - CHS 969021 16 63
    
    Warning: the current number of heads per cylinder is 16
    but the correct value may be 255
    You can use the Geometry menu to change this value.
    It's something to try if
    - some partitions are not found by TestDisk
    - or the partition table can not be written because partitions overlaps.

...

Code: Select all

    Disk /dev/sda - 500 GB / 465 GiB - CHS 969021 16 63
         Partition             Start        End    Size in sectors
     * HPFS - NTFS               2   0 33    205   3 19     204800 [System-reserviert]
     P HPFS - NTFS             205   3 20 203174   9 41  204593152 [W764]
     P Linux                203176  10 11 305359   3 51  103000064
     L Linux                313112   6  7 373707   2 50   61079552
       HPFS - NTFS          373707   2 51 969022  15 47  600078336 [DATA]
       HPFS - NTFS          373707   2 58 969020  15 63  600076329

A disc clone

In order to try out recovery steps with TestDisk I cloned the whole disc include its partition table to another disc. The "test disc" is an SSD while the "original disc" is a S-ATA. I used dd to accomplish the clone.

Code: Select all

$ dd if=/dev/sda of=/dev/sdb bs=4096 conv=notrunc,noerror,sync

When I run TestDisk "Quick analyze" on the "test disc" the output differs:

Code: Select all

    Disk /dev/sdb - 500 GB / 465 GiB - CHS 969021 255 63
         Partition             Start        End    Size in sectors
       HPFS - NTFS               0  32 33     12 223 19     204800 [System-reserviert]
       HPFS - NTFS              12 223 20  12748  53 41  204593152 [W764]
       Linux                 12748  86 11  19159 202 51  103000064
       Linux                 19646  68  7  23448  74 50   61079552
       HPFS - NTFS           23448  74 51  60801 112 47  600078336 [DATA]

A "Deeper analyze" does not reveal the desired partitioning information on the "test disc" while they seems to be there on the "original disc".

Questions:

1. Why differs the output of TestDisk?
2. Can I change the Geometry (cylinders) of the "original disc" without loosing information about the encrypted HOME partition? Is this setting permanent or temporary for the TestDisk session? Please point me to the documentation that informs about this.
3. Why can I not find the desired partitioning information on the "test disc"?

I also posted the problem here: http://unix.stackexchange.com/questions ... on-with-dd.

[johnjohndoe]

Finally, I was able to reproduce the output of TestDisk on the second drive. I simply changed the geometry settings to the ones of the original drive. I did the following:

Lookup the geometry settings of the original drive:

Code: Select all

$ sudo sfdisk -g /dev/sda
/dev/sda: 969021 cyclinders, 16 heads, 63 sectors/track

Open TestDisk, select the "test disc" and apply the above settings in the Geometry menu. Do not be afraid - the setting are not permanent.

Then choose Quick analyze and the result should show the same as it did for the original drive. This time it recognized the desired Linux partitions like the original drive. This time I could savely write the partition table since it only applied the "test disc".

Further reading, very helpful: How to mount an encryped home partition?