Symantec Endpoint Encryption

Data Recovery & Full Disk Encryption (FDE)

Critical Data Services – Encrypted Hard Drive Data Recovery

Virtually every day, we receive encrypted hard drives that have failed. Most of our corporate customers have a data protection policy in place that demands that all data bearing devices are encrypted with Full Disk Encryption (FDE). This is understandable from a security perspective but when things go wrong, it can result in permanent data loss.

No matter what encryption software was used, we can handle it. Irrespective of the failure type, our goal is to repair the drive and create a full sector-level copy of the drive. Once we have this, we can decrypt the drive or return it to the IT Department for decryption. We enter into Non-Disclosure Agreements to allow decryption to take place in our lab and we always return data on an encrypted external hard drive.

If you have an encrypted hard drive that has failed, the best advice that we can offer is:

  • Test the drive in an external caddy with the relevant manufacturers diagnosis tool before attempting to access the disk.
  • Don’t attempt to force decrypt the drive. This process is likely to fail and leave you with a partially-decrypted disk.
  • Don’t re-initialise the drive, format or attempt to fix the MBR. You will overwrite important information at the start of the disk.
  • Call us for advice on how to handle your data loss scenario. Our advice is always free and impartial.

The case we received today involved Symantec Endpoint, running on a Seagate Momentus 7200.3.

The user was unable login to the laptop. Symantec Endpoint was hanging on initialisation.

encrypted hard drive data recovery

 

The IT department took the drive and ran the Seagate SeaTools diagnostic suite on the drive. It reported a pending failure and they sent it to our lab for a detailed examination. Inspecting the Defect Lists and SMART data, we determined that the drive was re-allocating a large number of sectors. Although the drive was partially accessible, it was failing to read data from areas of the drive, resulting in the Symantec Bootloader hanging.

encrypted hard drive data recovery

We created a backup of the Service Area data and cleared the Defect Lists. With some further modifications to the Service Area configuration, we successfully created a sector-level clone of the drive to a new disk.

Using the Symantec Recovery environment and using the Decryption Key File provided by our customer, we successfully decrypted the drive, achieving a 100% successful data recovery result for our customer.

Having handled a large number of drives for this customer, they have implemented a policy for handling failed drives. Any drive displaying symptoms of failure are tested by the IT department and drives that show errors are immediately sent to our lab for processing. This ensures that drives do not suffer any unnecessary damage and the chances of achieving a full data recovery are maximised.

If your company has implemented a Full Disk Encryption program, why not talk to us to see how we can help you to minimise data loss. Call us on 01-8612280 or email recovery(at) criticaldata.ie for further information about our encrypted hard drive data recovery services.