Disk encryption and data recovery

[DiskTuneUser]

Hi, thanks for answering my questions about DiskTune.

I'm wondering if using products such as TrueCrypt, BitLocker etc. can make data recovery impossible if the hard drive starts malfunctioning or if lots of "bad sectors" start showing up?

I know TrueCrypt allows you to permanently decrypt the drive, I'm not sure about BitLocker or others.

[Joep]

Hello,

Yes, I would assume this to be true. If bad sectors prevent the disk encryption drivers from delivering data then recovery software doesn't stand a chance either.

[DiskTuneUser]

This is an important topic.  Sometimes we hear on the news about companies losing laptops or other storage devices with customers' personal details.  If they use some kind of encryption, with a very strong password or other authentication, the data on the lost device would be useless to whoever finds it.

But this creates a problem... what if the hard drive needs rescuing?  I know you can run things like Windows chkdsk if the drive has already been booted or mounted from TrueCrypt, BitLocker and others, as the encryption driver is loaded and - so I've read - the encryption driver does the actual encryption/decryption "on the fly" as programs like chkdsk perform read/write operations.

Some new hard drives have hardware encryption built-in, Seagate makes them for instance.  I'm not sure how they actually work.

What can be done if the encrypted drive has problems, such as filesystem corruption?  Can we load the encryption driver in memory and then use a recovery tool such as iRecover?  Maybe using a boot disc?

[Joep]

Hello,

This is an important topic.  Sometimes we hear on the news about companies losing laptops or other storage devices with customers' personal details.  If they use some kind of encryption, with a very strong password or other authentication, the data on the lost device would be useless to whoever finds it.

Yes, and if tools like iRecover would be able to read that data, disk encryption would be useless. However with the appropriate credentials the owner may still be able to perform data recovery. As long as he's able to somehow, on the fly or not, present un-encrypted data to a data recovery tool, data may be recoverable. In such an event I suggest you contact the manufacturer of the disk encryption software.

File system corruption does not have to be a problem, well, not a bigger problem than normal file system corruption.

[DiskTuneUser]

If an encrypted hard drive has any kind of corruption or bad sectors suddenly appear, maybe removing the encryption (decrypting) would allow data recovery or would decrypting make the problems worse?  So far I've learned that encryption software allows the user to decrypt a drive, although it does take a few hours.

Some full disk encryption programs (such as Microsoft's BitLocker) can use a Trusted Platform Module (TPM) if one is present on the motherboard.  There's a major problem with this: if the motherboard with the TPM is faulty, you may not be able to move the hard drive to another computer.  Section 3 of this Wikipedia page explains (the text may be altered in future):
http://en.wikipedia.org/wiki/Full_disk_encryption

Maybe you could sell a backup tool that backs up files very quickly and verifies each file has been backed up correctly?  So far I've not found a backup tool that's easy to use and fast.  It would be a lot nicer than dragging and dropping hundreds or thousands of files using a CD Burning program (and making several DVD's) or dragging and dropping files between hard drives!!