Truecrypt Issue: I cannot read disk even though I successfully mounted Windows
7 Professional, Truecrypt 7.0a
Following your recommendation, I decided to use Truecrypt to encrypt a SD
card that contains personal data to keep it off the work laptop. This has
worked very successfully for about three months until this morning. When I entered
the password to mount the volume, it mounted as usual with no error messages.
However, when I tried to access the mounted drive (volume), it said, “You need
to format the disk in drive Z: before you can use it. Do you want to format
it?” Of course, I clicked No.
I consulted the Truecrypt user manual that said that I should restore the
volume header. As recommended, I dismounted the volume, then used Tools >
Restore volume header using the “Restore the volume header from the backup
embedded in the volume” option, and the normal password worked. I got the
message saying the volume header was successfully restored. However,, the same
problem persists, “You need to format the disk…..” as above.
This is a real disaster for me, I need the drive contents. Do you have any
idea what to do next?
I do not.
I may have one straw to grasp at, but overall, I’m concerned that this
situation cannot be recovered.
I’ll explain why I think that is and what I would have done differently.
I’ll also ask my readers for any additional ideas.
]]>
Flash wears out
This ends up catching people by surprise, and unfortunately, it does so fairly often.
How quickly it wears out depends on the quality of the device and how much it’s written to. (Writing causes wear, reading does not.)
My suspicion is that your SD card, which uses flash memory, has likely worn out.
That would explain why the device can be mounted (the area with the TrueCrypt header has not worn out), and yet appears unformatted to Windows (the area with the file listing probably has).
One straw to grasp at
Start by write protecting the card.
SD cards have a small slide-switch that prevents writing to the device, which in turn prevents any recovery attempts from making the situation worse (a common mistake).
Now, try a file recovery tool, perhaps Recuva, on the mounted volume and see if it “sees” anything that it can recover.
It’s a long shot, but you have nothing to lose by trying.
Next time
If your data exists in only one place, it’s not backed up.
I don’t see this as an issue of encryption as much as it is an issue of keeping critical data in only one place. Encrypted or not, had that one place been, say, a portable hard drive that died in some unrecoverable way, you’d be in the same position.
There are two approaches that would have lessened the impact of this device failure:
-
Backup the TrueCrypt volume. Simply making a copy of the TrueCrypt volume somewhere else on a regular basis quickly, and safely, backs up everything in it. Lose the original and you can simply copy and mount the backup.
-
Backup the contents of the TrueCrypt volume. If done properly, backing up the unencrypted contents of the volume can protect you from both device failure and encryption failures, such as forgetting the pass phrase. The “trick”, if you want to call it that, is that, by definition, this is sensitive data so you’ll want to make sure that it’s protected some other way – most often using physical security that involves some form of physical lock or perhaps some other form of secure access control.
As you might guess, I do both.
Encryption’s not the culprit
I do want to be clear and point out that TrueCrypt doesn’t seem to be at fault here. Even if the data were unencrypted on the device, a device failure could still have rendered it completely and irrevocably unrecoverable.
Encryption can make data recovery more difficult and often impossible, but backing up makes data recovery unnecessary.
Call for ideas
I’d be interested in hearing from readers about what other recovery options might apply in this situation. Aside from tools like Recuva, it’s certainly possible that there are other approaches that are worth investigating. Please share your thoughts in the comments below.
I had a similar situation last year. I wanted to reformat and reinstall, but I had my backups encrypted in an encrypted partition. It seems there were no tools that could be used to boot from a live cd, mount the volume then recover it, so I thought I’d just install Windows on the empty drive and recover things from there. I didn’t know Windows made a recovery partition on a different drive it thought was empty, my backup drive. It meant I was unable to mount it, though I was able to restore the backup volume header. I still couldn’t use the file system, though the backup was a clear image, i.e. it wasn’t encrypted or compressed, so I used a recovery program to recover the parts of the image that could be found, GetDataBack for NTFS. That found almost all the missing parts (it was chopped in CD size parts), but I was still missing about 70 out of 708, if I remember it right. I then used a different program to make those 70 files but filled them with nonsense so that the recovery utility would recover the whole image, including what lay beyond the 70 files. After that I checked which files’ contents had turned into nonsense and after a while I got the idea to use the files’ signatures. This doesn’t always work, but for instance with many JPEG files there’s metadata embedded in the file that includes its name, and with MP3 files there was the song’s title. I used a special program, WinHEX, to search the raw image of the partition that contained the backups for those names and found almost all I was missing.
Bottom line: I used GetDataBack for NTFS to recover most files, then I scanned the partition myself for traces that might be found in the signatures of files that were still missing.
P.S. I used some of the other files that had a similar date modified to the missing files to check if there was something in their signature that might be similar to the signature of the missing file.
I agree with Leo that most likely the flash drive is just ‘worn out’ as I have had this happen several times myself. I’ve learned the hard way, more than once, not to use a flash drive as your ‘only’ backup. Now I always backup my ‘backups’ to DVD or a second PC just in case.
I wanted to add, though, that more often than not a flash drive is damaged before it can wear out. A common problem many people often don’t realize is that you cannot put a flash drive (or SD card) near any type of magnet. This means your cell phone, speakers, etc.
If you have ever had to replace a credit card because stores could no longer ‘read’ the magnetic strip on the back – it’s basically the same principle.
Personally, I would try Leo’s suggestion of using Recuva or a similar program. Just the fact that it shows in Windows is a good sign, often a damaged drive won’t even show at all.
I’ve had this situation a few times. The card is NOT worn out but Windows is having another game with me. Place the card in another card reader (I have a dedicated USB SD card reader, and everything is fine. Every time.
Not an idea but a question. When you create an image is the data that is in the true crypt volume backed up also?
Second, can you back up a true crypt volume or the folders and/or files within the volume in the same way you backup regular folders/files.
Hello,
I think the following (third entry in the Troubleshooting chapter of the TrueCrypt guide) relates better to the issue rather than the header corruption:
PROBLEM:
After successfully mounting a volume, Windows reports “This device does not contain a valid file
system” or a similar error.
PROBABLE CAUSE:
The file system on the TrueCrypt volume may be corrupted (or the volume is unformatted).
POSSIBLE SOLUTION:
You can use filesystem repair tools supplied with your operating system to attempt to repair the
filesystem on the TrueCrypt volume. In Windows, it is the ‘chkdsk’ tool. TrueCrypt provides an easy
way to use this tool on a TrueCrypt volume: First, make a backup copy of the TrueCrypt volume
(because the ‘chkdsk’ tool might damage the filesystem even more) and then mount it. Right-click the mounted volume in the main TrueCrypt window (in the drive list) and from the context menu select ‘Repair Filesystem’.
If it’s possible you should also try to read the card from a Linux environment. It should be easy to get started with a live CD / USB (no installation needed) of Fedora or Linux Mint. Then you can either install TrueCrypt or remove the password while in Windows and then try to read the password-less card from the Linux environment.
But before all this please do take a backup or two of the volume and keep it safe.
Sorry, Dave, but you are wrong. It’s true that magnets (even fairly weak ones) can ruin data on credit cards or anything else that uses an exposed magnetic stripe or disk, but flash card technology doesn’t involve, nor is it influenced by, magnetic fields. Unfortunately, my very strong magnet seems to be missing from its habitual parking place so I can’t conduct the experiment I was planning. Nevertheless, the physics involved rather conclusively indicate that flash memory would not be affected by even a multi-tesla MRI machine. Do you have any evidence to support your claim?
Although Alan is right that Windows may sometimes accept one interface while failing with another, Leo is certainly also right that these devices do have a finite number of write cycles. Think of it somewhat like a piece of metal than can be flexed some number of times before it breaks at the flex point.
30-Sep-2011
1) Try using a shorter or a different CABLE-it`s happened with me-a rusted cable was transferring data to my cell phone but NOT to my External HardDrive.
2)Use a different USB Port.
3)Try on a DIFFERENT COMPUTER
4)Silly suggestion:Somehow get it into WinRar & transfer onto another comp;open & use original password.(Sounds ridiculous to me-dont hold me to this pl)
I have experienced trouble with flash memory cards being read by my card reader. I got all kinds of different errors. I couldn’t figure it out but coincidently, I had problems with my Logitech web cam. It wouldn’t install properly. Logitech support suggested I uninstall their software using Revo Uninstaller. This I did and their software then installed.
I then needed to use my CD/DVD drive and it didn’t auto-play! I went into the Auto Play of the Control Panel and discovered that all the settings had been messed up. I hit the Reset All Defaults and I immediately had the CD/DVD back again and the flash card reader also came to life and I was able to read the flash cards without errors.
I later found out when the Logitech software offered an update and I accepted, that I again couldn’t use the flash card reader or the CD/DVD drive….same problem…Auto-Play was all messed up.
Could this possibly be playing a role in the case of the unreadable SD card?
Also Windows has a long history of corrupting data written directly to flash cards or other external devices. It has to do with the handling of temporary files.
This was using Windows 7 Home Premium X 64 on a Quad Core computer.
In 1992, there was a new option in DOS to encrypt my hard drive, involving something called “mounting.” It was a horrid disaster and I had to entirely format my hard drive all over again, with a loss of any information it used to hold. I’ve never again trusted this encryption concept, and the very use of the word, “mounting,” makes me cringe. And this story reminds me why.
I know it’s a silly question, but…
have you tried copying the truecrypt file to your HD and then trying to mount the copy?
Some good ideas here.
A couple more I might suggest:
1) use a volume or disk copy program to copy the flash card to an available HD. Programs such as EaseUs Partition Master, or Paragon Partition Manager, are free and have partition volume copy function. Or you could try a dedicated copier such as DriveImage XML or HDClone Free to make the volume copy.
2) When one of these succeeds, make a second and set one aside as your fall-back (perhaps copying it to a CD or DVD).
3) Now use your multiple steps to try to gain access to the encrypted volume. First from within TrueCrypt, then possibly doing file directory repair, then trying the recovery methods.
4) If the copy didn’t work, try a lower-level copier, such as ISOBuster (the basic version is free, and even though it is designed for CD/DVD it might work, I have never tried it on flash memory myself), or TeraCopy, which retries sectors if the copy fails, or similar low-level, error-retrying copy software.
5) Once copied, as above, make a copy of that copy and save it off for fall-back.
6) As above, now try to use the various methods to gain access to the encrypted volume.
Two other tips regarding flash drives.
There are times I have had the flash drive tell me it could not be written to – and it turned out to be a case of too many files in the root level of the drive – not lack of space or other drive issue. The simple fix for that was to delete unneeded files, or put some of the root level files into a folder. Which then clears up space in the flash drive root area to allow it to function again.
Lastly, a flash drive testing app, such as Check Flash (1.16) can be used to check the flash drive to see how good (or bad) the sectors/cells are. Just make sure to either use ONLY in Read mode, or ONLY on drives with no important data.
I’ve got a friends microSD card from her phone that seems to be totally dead, absolutely nothing happens when you attempt to read from it. I’ve tried different adapters, card readers, computers….everything I could think of….I never get anything out of this card.
Any ideas, besides just giving up.
Do any of the data recovery services have any tricks to read these things?
I have had great success with a program that is not free called getdataback there is FAT32 and NTFS version. I once had a customer delete all her pictures then reformat her drive and reinstall a new windows! I got back about 85% of her pictures. That was amazing to me.
The question rang a bell with me, but I don’t understand it well enough to know whether this is relevant.
All I would say is that I have seen a message saying “You need to format this drive before you can use it” frequently, coming from Windows (Vista SP2), after plugging in a USB HDD on which one of the four partitions is TrueCrypt (7.0a) encrypted. TrueCrypt has no problem mounting that device and accessing the filing system.
I did not see such a message from Windows XP SP3 the last time I plugged the same HDD into it.
So the crucial question is: was the message from Windows? If so, simply ignore it. If it was from TrueCrypt, apologies for wasting your time.
And the best of British luck!
30-Sep-2011
Thanks for a lot of suggestions that may help me too.
My “problem” is a Flash Memory disk, a USB stick of about 7 years old (the oldest file I was able to recover dated back to 2004). I recognize I used it a lot (several files updated/renamed several times a day), and the wear-out doesn’t really surprise me. What is more alarming: there is NO warning whatsoever, that a failure is going to happen (like bad sectors or retries on magnetic disks). One evening, I closed an updated file, and everything seemed fine. The next morning, the file’s directory was still there, but it was EMPTY. Upon research, I found several other directories in the same situation, some of which hadn’t been touched in YEARS!!!!
Luckily, there was no really vital data involved, only an ongoing VBA development lost in the process cost me time to recover.
I understand that with the block optimization, when a cell fails, a whole bunch of data is going into the Nirvana, but still: NO PRECURSING SIGNS INDICATING THAT HAVOC IS PENDING!
As such, I ask myself, wether the netbook/laptop manufacturers aren’t nuts in using such devices as system drives. I understand the goodies: less power consumption, less heat, no noise, …, but: Compared to a few manipulations of perhaps a dozen files a day, the operating systems do MILLIONS of writes during a session. And if the system disk one day says, without a forewarning, “i’m dead”, where does that leave you?
It sounds like the controller is bad. If the data is important and you don’t mind spending the money, there are companies that specialize in removing the NAND chip and reading it directly. If you are handy with a soldering iron and feeling brave, there are some ways to do it yourself, but I don’t recommend it.
This is for Craig Fearing, who wrote:
Actually, Craig… that’s false. There was a show of Mythbusters in which they ran an episode where they specifically tried magnets of ever-increasing strength versus a credit card magnetic strip; they then kept running the card through a standard “swipe-reader”, and could still read their pre-recorded data from the magnetic strip! It turns out that nothing short of a commercial demagnetizer would be sufficient to kill the magnetic strip on a credit card. Today, anyway, with modern experience — perhaps in the past it was different!
I have a 16gb Kingston SD card that is full of pictures from a recent trip to Italy with my wife. When we got back and tried to load the pictures our computer wouldn’t recognize the card. We sent it to a specialist who cut the chips out of the card and was able to read the data but they are stuck now not being able to ‘translate the pattern’ and actually read pictures. ANY ideas would be helpful! Do any companies specialize in decoding data?