I have a Mac OSX TIme Machine HHD (3TB Seagate USB), originally formatted as 'Mac OS Extended (Journaled, Encrypted)' and set up as my Time Machine back up. Inadvertently, I erased this Disk from Terminal... ouch. The erase process took no more than 5 seconds and the drive now appears as empty and without the encryption password.
I figure the the data must be still on the drive and I could use TestDisk/PhotoRec to possibly and hopefully recover files.
After running PhotoRec, it outputted a folder with 86.82GG of seemingly random files. The File extensions are mostly .swf, .plist, .txt, .gz, .DS_Store... and a report.xml generated by PhotoRec. None of the files seem to open, however the .txt files appear to be MaxMsp Patch files which would have been on the TimeMachine back up, so this is somewhat hopeful.
Could my lost data somehow be tied up and encrypted within these files? I would greatly appreciate any help to recover my files!!
Recovery from an Encrypted TimeMachine external HHD
Forum rules
When asking for technical support:
- Search for posts on the same topic before posting a new question.
- Give clear, specific information in the title of your post.
- Include as many details as you can, MOST POSTS WILL GET ONLY ONE OR TWO ANSWERS.
- Post a follow up with a "Thank you" or "This worked!"
- When you learn something, use that knowledge to HELP ANOTHER USER LATER.
Before posting, please read https://www.cgsecurity.org/testdisk.pdf
When asking for technical support:
- Search for posts on the same topic before posting a new question.
- Give clear, specific information in the title of your post.
- Include as many details as you can, MOST POSTS WILL GET ONLY ONE OR TWO ANSWERS.
- Post a follow up with a "Thank you" or "This worked!"
- When you learn something, use that knowledge to HELP ANOTHER USER LATER.
Before posting, please read https://www.cgsecurity.org/testdisk.pdf
-
recuperation
- Posts: 3026
- Joined: 04 Jan 2019, 09:48
- Location: Hannover, Deutschland (Germany, Allemagne)
Re: Recovery from an Encrypted TimeMachine external HHD
Assumably yes.timmeahh wrote: 18 Jan 2021, 06:20 I have a Mac OSX TIme Machine HHD (3TB Seagate USB), originally formatted as 'Mac OS Extended (Journaled, Encrypted)' and set up as my Time Machine back up. Inadvertently, I erased this Disk from Terminal... ouch. The erase process took no more than 5 seconds and the drive now appears as empty and without the encryption password.
I figure the the data must be still on the drive
No. You can't read/interpret encrypted data. That's why it was encrypted. If Testdisk could read out your data, how useful would be encryption?! I wonder why people always ignore this.and I could use TestDisk/PhotoRec to possibly and hopefully recover files.
Yes your data is inside these file but it does not matter anyway.Could my lost data somehow be tied up and encrypted within these files?
When using encryption with drives you typically have a key. This key is needed to decrypt a second key on your drive. That decrypted key can then be used by to read and write files. Once you loose the information of the second key on your drive your personal key is worthless.
Even though 99,999% of the sectors of your drive have not been touched and the data is still there in encrypted form you can't use/decrypt/extract it.
Re: Recovery from an Encrypted TimeMachine external HHD
Thanks for the explanation @recuperation, you've answered my question.