Need help with recovering a partition with corrupted FS
Posted: 22 Feb 2012, 08:17
I’ve got a situation with a TrueCrypt (TC) Whole Disk Encrypted Windows 7 laptop.
Here’s what happened leading up to the current status:
• Windows 7 couldn’t boot; stuck at Windows logo
• Using Win7PE, could not mount C: drive using TC 7.1 even with Mount Without Pre-boot Authentication option
o Intention was to copy out the TC Rescue Disk (TCRD) from the C: drive where its backed up
o Tried at least 3 times but failed
• Puzzled by this discovery, I dug into my personal backup & found a backup copy of the TCRD for this laptop
• Using TCRD, I performed the following rescue options in the order listed:
1. Restore TC bootloader -> Windows still couldn’t boot, instead entered Windows Repair Console
2. Restore Volume Header -> Windows still couldn’t boot, ditto
3. Permanently decrypt system (50+Gb) -> Windows still couldn’t boot, ditto
• Puzzled by the size & failure to boot, I used disk diagnostics utilities to analyze the HDD & discovered the C: drive is in fact about 122Gb in size!
• D: drive is also not accessible at this point
• Dug into my backup again to see if there’s another backup of this system & found a more recent one!!
• Using TCRD, I performed the following rescue options in the order listed:
1. Restore Volume Header -> successful
2. Permanently decrypt system (235Gb) -> Completed successfully
• Using the same HDD utility, I can now see 2 partitions, one for the System & the other for the D: drive
• I can browse D: drive & list the contents inside -> Decryption was successfully performed on the entire HDD
• However, the system drive is now still inaccessible
• Using gParted, the system partition is listed as unknown partition with possibly damaged file system (! mark with black frame)
• Using TestDisk in gParted, the Analysis | Quick Search report shows only 3 partitions: SYSTEM_DRV, D: drive & Recovery partition
• The basic Analysis report revealed 4 partitions: SYSTEM_DRV, twice repeated entries for a 2nd partition about 122Gb in size with cylinder/head/sector characteristics, D: drive & the Recovery partition
What recommendations are there for recovering the partition with the damaged file system?
I’m trying not to damage it further with the hope of recovering data & perhaps the OS.
At this point, I’m leaning towards adding a partition using TestDisk (A option) with the characteristics matching the 2nd partition that TestDisk Analysis report revealed above.
Any ideas if this would work?
Here’s what happened leading up to the current status:
• Windows 7 couldn’t boot; stuck at Windows logo
• Using Win7PE, could not mount C: drive using TC 7.1 even with Mount Without Pre-boot Authentication option
o Intention was to copy out the TC Rescue Disk (TCRD) from the C: drive where its backed up
o Tried at least 3 times but failed
• Puzzled by this discovery, I dug into my personal backup & found a backup copy of the TCRD for this laptop
• Using TCRD, I performed the following rescue options in the order listed:
1. Restore TC bootloader -> Windows still couldn’t boot, instead entered Windows Repair Console
2. Restore Volume Header -> Windows still couldn’t boot, ditto
3. Permanently decrypt system (50+Gb) -> Windows still couldn’t boot, ditto
• Puzzled by the size & failure to boot, I used disk diagnostics utilities to analyze the HDD & discovered the C: drive is in fact about 122Gb in size!
• D: drive is also not accessible at this point
• Dug into my backup again to see if there’s another backup of this system & found a more recent one!!
• Using TCRD, I performed the following rescue options in the order listed:
1. Restore Volume Header -> successful
2. Permanently decrypt system (235Gb) -> Completed successfully
• Using the same HDD utility, I can now see 2 partitions, one for the System & the other for the D: drive
• I can browse D: drive & list the contents inside -> Decryption was successfully performed on the entire HDD
• However, the system drive is now still inaccessible
• Using gParted, the system partition is listed as unknown partition with possibly damaged file system (! mark with black frame)
• Using TestDisk in gParted, the Analysis | Quick Search report shows only 3 partitions: SYSTEM_DRV, D: drive & Recovery partition
• The basic Analysis report revealed 4 partitions: SYSTEM_DRV, twice repeated entries for a 2nd partition about 122Gb in size with cylinder/head/sector characteristics, D: drive & the Recovery partition
What recommendations are there for recovering the partition with the damaged file system?
I’m trying not to damage it further with the hope of recovering data & perhaps the OS.
At this point, I’m leaning towards adding a partition using TestDisk (A option) with the characteristics matching the 2nd partition that TestDisk Analysis report revealed above.
Any ideas if this would work?