Truecrypt Issue: I cannot read disk even though I successfully mounted Windows
7 Professional, Truecrypt 7.0a
Following your recommendation, I decided to use Truecrypt to encrypt a SD
card that contains personal data to keep it off the work laptop. This has
worked very successfully for about three months until this morning. When I entered
the password to mount the volume, it mounted as usual with no error messages.
However, when I tried to access the mounted drive (volume), it said, âYou need
to format the disk in drive Z: before you can use it. Do you want to format
it?â Of course, I clicked No.
I consulted the Truecrypt user manual that said that I should restore the
volume header. As recommended, I dismounted the volume, then used Tools >
Restore volume header using the âRestore the volume header from the backup
embedded in the volumeâ option, and the normal password worked. I got the
message saying the volume header was successfully restored. However,, the same
problem persists, âYou need to format the diskâŠ..â as above.
This is a real disaster for me, I need the drive contents. Do you have any
idea what to do next?
I do not.
I may have one straw to grasp at, but overall, Iâm concerned that this
situation cannot be recovered.
Iâll explain why I think that is and what I would have done differently.
Iâll also ask my readers for any additional ideas.
]]>
Flash wears out
This ends up catching people by surprise, and unfortunately, it does so fairly often.
How quickly it wears out depends on the quality of the device and how much itâs written to. (Writing causes wear, reading does not.)
My suspicion is that your SD card, which uses flash memory, has likely worn out.
That would explain why the device can be mounted (the area with the TrueCrypt header has not worn out), and yet appears unformatted to Windows (the area with the file listing probably has).
One straw to grasp at
Start by write protecting the card.
SD cards have a small slide-switch that prevents writing to the device, which in turn prevents any recovery attempts from making the situation worse (a common mistake).
Now, try a file recovery tool, perhaps Recuva, on the mounted volume and see if it âseesâ anything that it can recover.
Itâs a long shot, but you have nothing to lose by trying.
Next time
If your data exists in only one place, itâs not backed up.
I donât see this as an issue of encryption as much as it is an issue of keeping critical data in only one place. Encrypted or not, had that one place been, say, a portable hard drive that died in some unrecoverable way, youâd be in the same position.
There are two approaches that would have lessened the impact of this device failure:
-
Backup the TrueCrypt volume. Simply making a copy of the TrueCrypt volume somewhere else on a regular basis quickly, and safely, backs up everything in it. Lose the original and you can simply copy and mount the backup.
-
Backup the contents of the TrueCrypt volume. If done properly, backing up the unencrypted contents of the volume can protect you from both device failure and encryption failures, such as forgetting the pass phrase. The âtrickâ, if you want to call it that, is that, by definition, this is sensitive data so youâll want to make sure that itâs protected some other way â most often using physical security that involves some form of physical lock or perhaps some other form of secure access control.
As you might guess, I do both.
Encryptionâs not the culprit
I do want to be clear and point out that TrueCrypt doesnât seem to be at fault here. Even if the data were unencrypted on the device, a device failure could still have rendered it completely and irrevocably unrecoverable.
Encryption can make data recovery more difficult and often impossible, but backing up makes data recovery unnecessary.
Call for ideas
Iâd be interested in hearing from readers about what other recovery options might apply in this situation. Aside from tools like Recuva, itâs certainly possible that there are other approaches that are worth investigating. Please share your thoughts in the comments below.
I had a similar situation last year. I wanted to reformat and reinstall, but I had my backups encrypted in an encrypted partition. It seems there were no tools that could be used to boot from a live cd, mount the volume then recover it, so I thought Iâd just install Windows on the empty drive and recover things from there. I didnât know Windows made a recovery partition on a different drive it thought was empty, my backup drive. It meant I was unable to mount it, though I was able to restore the backup volume header. I still couldnât use the file system, though the backup was a clear image, i.e. it wasnât encrypted or compressed, so I used a recovery program to recover the parts of the image that could be found, GetDataBack for NTFS. That found almost all the missing parts (it was chopped in CD size parts), but I was still missing about 70 out of 708, if I remember it right. I then used a different program to make those 70 files but filled them with nonsense so that the recovery utility would recover the whole image, including what lay beyond the 70 files. After that I checked which filesâ contents had turned into nonsense and after a while I got the idea to use the filesâ signatures. This doesnât always work, but for instance with many JPEG files thereâs metadata embedded in the file that includes its name, and with MP3 files there was the songâs title. I used a special program, WinHEX, to search the raw image of the partition that contained the backups for those names and found almost all I was missing.
Bottom line: I used GetDataBack for NTFS to recover most files, then I scanned the partition myself for traces that might be found in the signatures of files that were still missing.
P.S. I used some of the other files that had a similar date modified to the missing files to check if there was something in their signature that might be similar to the signature of the missing file.
I agree with Leo that most likely the flash drive is just âworn outâ as I have had this happen several times myself. Iâve learned the hard way, more than once, not to use a flash drive as your âonlyâ backup. Now I always backup my âbackupsâ to DVD or a second PC just in case.
I wanted to add, though, that more often than not a flash drive is damaged before it can wear out. A common problem many people often donât realize is that you cannot put a flash drive (or SD card) near any type of magnet. This means your cell phone, speakers, etc.
If you have ever had to replace a credit card because stores could no longer âreadâ the magnetic strip on the back â itâs basically the same principle.
Personally, I would try Leoâs suggestion of using Recuva or a similar program. Just the fact that it shows in Windows is a good sign, often a damaged drive wonât even show at all.
Iâve had this situation a few times. The card is NOT worn out but Windows is having another game with me. Place the card in another card reader (I have a dedicated USB SD card reader, and everything is fine. Every time.
Not an idea but a question. When you create an image is the data that is in the true crypt volume backed up also?
Second, can you back up a true crypt volume or the folders and/or files within the volume in the same way you backup regular folders/files.
Hello,
I think the following (third entry in the Troubleshooting chapter of the TrueCrypt guide) relates better to the issue rather than the header corruption:
PROBLEM:
After successfully mounting a volume, Windows reports âThis device does not contain a valid file
systemâ or a similar error.
PROBABLE CAUSE:
The file system on the TrueCrypt volume may be corrupted (or the volume is unformatted).
POSSIBLE SOLUTION:
You can use filesystem repair tools supplied with your operating system to attempt to repair the
filesystem on the TrueCrypt volume. In Windows, it is the âchkdskâ tool. TrueCrypt provides an easy
way to use this tool on a TrueCrypt volume: First, make a backup copy of the TrueCrypt volume
(because the âchkdskâ tool might damage the filesystem even more) and then mount it. Right-click the mounted volume in the main TrueCrypt window (in the drive list) and from the context menu select âRepair Filesystemâ.
If itâs possible you should also try to read the card from a Linux environment. It should be easy to get started with a live CD / USB (no installation needed) of Fedora or Linux Mint. Then you can either install TrueCrypt or remove the password while in Windows and then try to read the password-less card from the Linux environment.
But before all this please do take a backup or two of the volume and keep it safe.
Sorry, Dave, but you are wrong. Itâs true that magnets (even fairly weak ones) can ruin data on credit cards or anything else that uses an exposed magnetic stripe or disk, but flash card technology doesnât involve, nor is it influenced by, magnetic fields. Unfortunately, my very strong magnet seems to be missing from its habitual parking place so I canât conduct the experiment I was planning. Nevertheless, the physics involved rather conclusively indicate that flash memory would not be affected by even a multi-tesla MRI machine. Do you have any evidence to support your claim?
Although Alan is right that Windows may sometimes accept one interface while failing with another, Leo is certainly also right that these devices do have a finite number of write cycles. Think of it somewhat like a piece of metal than can be flexed some number of times before it breaks at the flex point.
30-Sep-2011
1) Try using a shorter or a different CABLE-it`s happened with me-a rusted cable was transferring data to my cell phone but NOT to my External HardDrive.
2)Use a different USB Port.
3)Try on a DIFFERENT COMPUTER
4)Silly suggestion:Somehow get it into WinRar & transfer onto another comp;open & use original password.(Sounds ridiculous to me-dont hold me to this pl)
I have experienced trouble with flash memory cards being read by my card reader. I got all kinds of different errors. I couldnât figure it out but coincidently, I had problems with my Logitech web cam. It wouldnât install properly. Logitech support suggested I uninstall their software using Revo Uninstaller. This I did and their software then installed.
I then needed to use my CD/DVD drive and it didnât auto-play! I went into the Auto Play of the Control Panel and discovered that all the settings had been messed up. I hit the Reset All Defaults and I immediately had the CD/DVD back again and the flash card reader also came to life and I was able to read the flash cards without errors.
I later found out when the Logitech software offered an update and I accepted, that I again couldnât use the flash card reader or the CD/DVD driveâŠ.same problemâŠAuto-Play was all messed up.
Could this possibly be playing a role in the case of the unreadable SD card?
Also Windows has a long history of corrupting data written directly to flash cards or other external devices. It has to do with the handling of temporary files.
This was using Windows 7 Home Premium X 64 on a Quad Core computer.
In 1992, there was a new option in DOS to encrypt my hard drive, involving something called âmounting.â It was a horrid disaster and I had to entirely format my hard drive all over again, with a loss of any information it used to hold. Iâve never again trusted this encryption concept, and the very use of the word, âmounting,â makes me cringe. And this story reminds me why.
I know itâs a silly question, butâŠ
have you tried copying the truecrypt file to your HD and then trying to mount the copy?
Some good ideas here.
A couple more I might suggest:
1) use a volume or disk copy program to copy the flash card to an available HD. Programs such as EaseUs Partition Master, or Paragon Partition Manager, are free and have partition volume copy function. Or you could try a dedicated copier such as DriveImage XML or HDClone Free to make the volume copy.
2) When one of these succeeds, make a second and set one aside as your fall-back (perhaps copying it to a CD or DVD).
3) Now use your multiple steps to try to gain access to the encrypted volume. First from within TrueCrypt, then possibly doing file directory repair, then trying the recovery methods.
4) If the copy didnât work, try a lower-level copier, such as ISOBuster (the basic version is free, and even though it is designed for CD/DVD it might work, I have never tried it on flash memory myself), or TeraCopy, which retries sectors if the copy fails, or similar low-level, error-retrying copy software.
5) Once copied, as above, make a copy of that copy and save it off for fall-back.
6) As above, now try to use the various methods to gain access to the encrypted volume.
Two other tips regarding flash drives.
There are times I have had the flash drive tell me it could not be written to â and it turned out to be a case of too many files in the root level of the drive â not lack of space or other drive issue. The simple fix for that was to delete unneeded files, or put some of the root level files into a folder. Which then clears up space in the flash drive root area to allow it to function again.
Lastly, a flash drive testing app, such as Check Flash (1.16) can be used to check the flash drive to see how good (or bad) the sectors/cells are. Just make sure to either use ONLY in Read mode, or ONLY on drives with no important data.
Iâve got a friends microSD card from her phone that seems to be totally dead, absolutely nothing happens when you attempt to read from it. Iâve tried different adapters, card readers, computersâŠ.everything I could think ofâŠ.I never get anything out of this card.
Any ideas, besides just giving up.
Do any of the data recovery services have any tricks to read these things?
I have had great success with a program that is not free called getdataback there is FAT32 and NTFS version. I once had a customer delete all her pictures then reformat her drive and reinstall a new windows! I got back about 85% of her pictures. That was amazing to me.
The question rang a bell with me, but I donât understand it well enough to know whether this is relevant.
All I would say is that I have seen a message saying âYou need to format this drive before you can use itâ frequently, coming from Windows (Vista SP2), after plugging in a USB HDD on which one of the four partitions is TrueCrypt (7.0a) encrypted. TrueCrypt has no problem mounting that device and accessing the filing system.
I did not see such a message from Windows XP SP3 the last time I plugged the same HDD into it.
So the crucial question is: was the message from Windows? If so, simply ignore it. If it was from TrueCrypt, apologies for wasting your time.
And the best of British luck!
30-Sep-2011
Thanks for a lot of suggestions that may help me too.
My âproblemâ is a Flash Memory disk, a USB stick of about 7 years old (the oldest file I was able to recover dated back to 2004). I recognize I used it a lot (several files updated/renamed several times a day), and the wear-out doesnât really surprise me. What is more alarming: there is NO warning whatsoever, that a failure is going to happen (like bad sectors or retries on magnetic disks). One evening, I closed an updated file, and everything seemed fine. The next morning, the fileâs directory was still there, but it was EMPTY. Upon research, I found several other directories in the same situation, some of which hadnât been touched in YEARS!!!!
Luckily, there was no really vital data involved, only an ongoing VBA development lost in the process cost me time to recover.
I understand that with the block optimization, when a cell fails, a whole bunch of data is going into the Nirvana, but still: NO PRECURSING SIGNS INDICATING THAT HAVOC IS PENDING!
As such, I ask myself, wether the netbook/laptop manufacturers arenât nuts in using such devices as system drives. I understand the goodies: less power consumption, less heat, no noise, âŠ, but: Compared to a few manipulations of perhaps a dozen files a day, the operating systems do MILLIONS of writes during a session. And if the system disk one day says, without a forewarning, âiâm deadâ, where does that leave you?
It sounds like the controller is bad. If the data is important and you donât mind spending the money, there are companies that specialize in removing the NAND chip and reading it directly. If you are handy with a soldering iron and feeling brave, there are some ways to do it yourself, but I donât recommend it.
This is for Craig Fearing, who wrote:
Actually, Craig⊠thatâs false. There was a show of Mythbusters in which they ran an episode where they specifically tried magnets of ever-increasing strength versus a credit card magnetic strip; they then kept running the card through a standard âswipe-readerâ, and could still read their pre-recorded data from the magnetic strip! It turns out that nothing short of a commercial demagnetizer would be sufficient to kill the magnetic strip on a credit card. Today, anyway, with modern experience â perhaps in the past it was different!
I have a 16gb Kingston SD card that is full of pictures from a recent trip to Italy with my wife. When we got back and tried to load the pictures our computer wouldnât recognize the card. We sent it to a specialist who cut the chips out of the card and was able to read the data but they are stuck now not being able to âtranslate the patternâ and actually read pictures. ANY ideas would be helpful! Do any companies specialize in decoding data?