How to Recover a TrueCrypt Container with Corrupt Header Information
is a free open source application that allows you to encrypt files, folders, partitions or even entire physical drives. It is a very useful alternative to Windows Bitlocker Drive Encryption, which is only available in Windows 7 Ultimate.
In some cases, the header information of an encrypted container/volume can become corrupted resulting in the inability to mount the container/volume and retrieve the encrypted data.
TrueCrypt allows you to attempt to recover the corrupted volume header information, thereby allowing you to access the encrypted data by mounting the container/volume as you normally would.
Encrypted containers/volumes can only be recovered using this method if the volume header information
is corrupted. It will NOT recover the information within the container/volume if the actual data within the container has also been corrupted, or if the encryption password has been forgotten
In order to completely protect your encrypted data, you must ensure that you have also used the other disaster recovery options mentioned in Step 3 - Disaster Recovery
. Recovery using volume header backups should always be considered a last resort.
Symptoms of a Corrupt Volume Header
If you attempt to mount an encrypted container in which the volume header information has been corrupted, you will see this panel:
If you are sure that you have entered the password correctly, then the only reason this panel is displayed is because the header information contained in the encrypted volume has become corrupted to the degree that Truecrypt no longer recognises the container/volume.
You can attempt to 'fix' the corrupted header by mounting the encrypted volume using the backup header information.
Recovering the Volume Header
TRUECRYPT allows you to attempt to recover corrupted volume header information using two techniques:
- Using an internal or embedded backup of the volume header
- Using an external backup of the volume header
Method 1: Recovery using the Internal (Embedded) Backup
If you have changed your original encryption container/volume password, and then recovered a corrupted volume using the internal/embedded backup technique, then you can only mount the encrypted volume using this original password
. This is because the internal/embedded header backup is only created once, storing the original password within the backup - subsequent changes in password are never
written to the internal/embedded header backup.
If you cannot remember the original password, then you must
use the external backup technique as outlined in Method 2 below. This technique assumes that you created the external backup prior to the container header becoming corrupted - refer to Step 3 - Disaster Recovery
When you create an encrypted container/volume, Truecrypt automatically creates an internal backup of the volume header that is embedded within the encrypted container.
From the main Truecrypt panel, use the Select File
option to select the encrypted container, and then select the Volume Tools option, as shown below.
From the pull-down list that appears, choose the Restore Volume Header
From the pop-up panel, select the first
option (the internal backup of the volume header)
Now enter the password that you used when you first created the encrypted container/volume.
In the Random Pool Mixing panel, move your mouse over the hexdecimal characters in a random fashion to create the HASH, and then click Continue
After a short period, the corrupted header information of the encrypted container is replaced with the internal backup of the header. A confirmation message will be displayed. Click OK to close the message, and then proceed to mount and use the volume as normal.
Method 2: Recovery using the External Backup
If you created an external backup of the volume header as described in Step 3 - Disaster Recovery
, you can attempt to recover the corrupt volume header from that backup.
The steps required are exactly the same as described earlier, with the exception that you choose the Restore the volume from an external backup file
option as shown below.
Once you have selected that option, you will be prompted to browse to the location of the header backup you created. You will then be prompted to input your volume password, and after a few seconds you will receive a confirmation message that the header was successfully recovered, as shown below.
You can now mount and work with the encrypted volume as normal.
A final word of caution : its extremely difficult to test this recovery functionality since the volume is encrypted. As such, I only recommend this method as a very last resort when you have exhausted all other means of recovery.