Rescuing an encrypted hard drive

6

2

A friend of mine asked me to encrypt the hard drive on his netbook (running Windows Vista) so I used TrueCrypt's full-system encryption to do it. All is well.

Except now he forgot his Windows login password (still knows the hard drive unlocking one, though, so the netbook boots) and does not have the administrator password!

I'm thinking most password recovery tools will balk at the hard drive. Any thoughts on how I can fix this?

Bruno Antunes

Posted 2011-04-19T16:15:12.533

Reputation: 254

Have you tried booting the computer from a Linux live CD? – sblair – 2011-04-19T17:02:09.357

Answers

1

i'm assuming this user is setup as a regular user and is not the admin account? if so try hitting f8 after the truecrypt gateway and login to administrator via safemode, you should be able to reset the password via the control panel then.

acme64

Posted 2011-04-19T16:15:12.533

Reputation: 402

3

As you know the TrueCrypt password what I would do is install TrueCrypt on another machine, take the hard drive out of the netbook and install it in the other machine alongside it's existing hard drive

I believe you should then be able to mount the TrueCrypt drive from within your good system and copy whatever files they want to keep off that drive.

I would then put the drive back in the netbook, reinstall the OS as default with no encryption, then re-encrypt with TrueCrypt after that.

Mokubai

Posted 2011-04-19T16:15:12.533

Reputation: 64 434

2

If he still has the TrueCrypt recovery CD (which it forced you/him to burn before encrypting the drive) you can boot from that and use it to fully decrypt the drive. This will take a while, but when it's done you can use whatever tool you want on the drive.

You can also put the drive in another computer and use the TrueCrypt desktop application to mount it (use Mount Device). You can then use a tool like the NT Offline Registry Editor to edit the SAM, resetting the password on the account.

Using either of those methods will avoid reinstalling the operating system, which should not be necessary in this situation.

jcrawfordor

Posted 2011-04-19T16:15:12.533

Reputation: 15 203

1

Because you are on a netbook I am assuming you don't have a CD-ROM drive and probably don't have a way to connect a 2.5" HDD... You will need a spare USB Thumb Drive but this should work best...

Download UNetbootin and run it select Ubuntu as the Distribution then set Type to USB Drive and select your USB Drive Letter. Make SURE it is the correct drive letter

Set your BIOS to boot off of Removable Media and boot up the Ubuntu Live Desktop. After it is completely loaded open up Firefox and head to Truecrypt.org and download the standard linux version unpack it and run the truecrypt-7.0a-setup-x86 file. At a terminal you should be able to type ./truecrypt-7.0a-setup-x86 but I am pretty sure you can just double click it and it will install.

After it is installed start it from either the drop down start menu or at a terminal run "truecrypt".. click "Select Device" and locate the main system drive then click the "System" menu and select "Mount without pre-boot authentication..." enter the password and the drive should be mounted under "/media/truecrypt1"

From here you can either copy the information off of the drive or you can try to reset the password using a Linux utility... I have not tried any from within Ubuntu but I know it can be done one that I came across just googling is called "chntpw"

Just going by the simple instructions you open a terminal and execute "sudo apt-get install chntpw" and run the command "chntpw -u USERNAME SAM" and it should ask you for what password you want. You could also type "man chntpw" for more information. I am sure there are a ton of other utilities available but you have google just the same as I do :)

Riguez

Posted 2011-04-19T16:15:12.533

Reputation: 3 594