How to Recover a TrueCrypt Container with Corrupt Header Information
InformationTRUECRYPT is a free open source application that allows you to encrypt files, folders, partitions or even entire physical drives. It is a very useful alternative to Windows Bitlocker Drive Encryption, which is only available in Windows 7 Ultimate.
In some cases, the header information of an encrypted container/volume can become corrupted resulting in the inability to mount the container/volume and retrieve the encrypted data.
TrueCrypt allows you to attempt to recover the corrupted volume header information, thereby allowing you to access the encrypted data by mounting the container/volume as you normally would.
WarningEncrypted containers/volumes can only be recovered using this method if the volume header information is corrupted. It will NOT recover the information within the container/volume if the actual data within the container has also been corrupted, or if the encryption password has been forgotten
In order to completely protect your encrypted data, you must ensure that you have also used the other disaster recovery options mentioned in Step 3 - Disaster Recovery described here. Recovery using volume header backups should always be considered a last resort.
Symptoms of a Corrupt Volume Header
If you attempt to mount an encrypted container in which the volume header information has been corrupted, you will see this panel:
If you are sure that you have entered the password correctly, then the only reason this panel is displayed is because the header information contained in the encrypted volume has become corrupted to the degree that Truecrypt no longer recognises the container/volume.
You can attempt to 'fix' the corrupted header by mounting the encrypted volume using the backup header information.
Recovering the Volume Header
TRUECRYPT allows you to attempt to recover corrupted volume header information using two techniques:
- Using an internal or embedded backup of the volume header
- Using an external backup of the volume header
WarningIf you have changed your original encryption container/volume password, and then recovered a corrupted volume using the internal/embedded backup technique, then you can only mount the encrypted volume using this original password. This is because the internal/embedded header backup is only created once, storing the original password within the backup - subsequent changes in password are never written to the internal/embedded header backup.
If you cannot remember the original password, then you must use the external backup technique as outlined in Method 2 below. This technique assumes that you created the external backup prior to the container header becoming corrupted - refer to Step 3 - Disaster Recovery described here.
Method 1: Recovery using the Internal (Embedded) Backup
When you create an encrypted container/volume, Truecrypt automatically creates an internal backup of the volume header that is embedded within the encrypted container.
From the main Truecrypt panel, use the Select File option to select the encrypted container, and then select the Volume Tools option, as shown below.
From the pull-down list that appears, choose the Restore Volume Header option.
From the pop-up panel, select the first option (the internal backup of the volume header)
Now enter the password that you used when you first created the encrypted container/volume.
In the Random Pool Mixing panel, move your mouse over the hexdecimal characters in a random fashion to create the HASH, and then click Continue.
After a short period, the corrupted header information of the encrypted container is replaced with the internal backup of the header. A confirmation message will be displayed. Click OK to close the message, and then proceed to mount and use the volume as normal.
Method 2: Recovery using the External Backup
If you created an external backup of the volume header as described in Step 3 - Disaster Recovery described here, you can attempt to recover the corrupt volume header from that backup.
The steps required are exactly the same as described earlier, with the exception that you choose the Restore the volume from an external backup file option as shown below.
Once you have selected that option, you will be prompted to browse to the location of the header backup you created. You will then be prompted to input your volume password, and after a few seconds you will receive a confirmation message that the header was successfully recovered, as shown below.
You can now mount and work with the encrypted volume as normal.
WarningA final word of caution : its extremely difficult to test this recovery functionality since the volume is encrypted. As such, I only recommend this method as a very last resort when you have exhausted all other means of recovery.
Regards,
Golden