Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 19535 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Am I doomed?

DoctorWho

We despretly need to get in toe a SafeGuard Easy Encrypted Drive.  We were having issues with the drive booting up on thanksgiving, and we ran the WINPE and Sophos software.

Of course the only option in the software that pertained to our issue was "REPAIR THE MBR" 

For the love of god, why isnt there an disclaimer that says "HEY BACK THIS UP, put a jump drive in here and back it up"  Because we can the MBR Fix, and now we dont see the sophos loading screen and we cant access our drive.  

We are NOT using the enterprise, which I wish I had, but the client didnt spend the money.

SO is there any way to go back to where we were before? Is there any other way to decrypt the drive?

What are the options?  I must say I am dissapointed in the lack of documentation in the software.  To the users who use this software all the time its a no brianer, but would a disclaimer or a pop up box have killed you guys?

:55013


This thread was automatically locked due to age.
  • 0

    Hi DoctorWho,

    accessing the hard disk through a modified WinPE image to access the data should be possible even if the Master Boot Record had been reset.

    As the next recovery steps depend on the software that was used to encrypt the affected machine, please reply with the software and version number of the software that was used to encrypt the machine.

    Recovery steps are also documented in http://www.sophos.com/en-us/support/knowledgebase/108156.aspx

    Regards,

    ChrisD

    :55065
  • 0

    Sophos Safe Guard Easy Version 6.00.1

    :55067
  • 0

    During the installation of SafeGuard Enterprise 6.00.1.31, the Client generates a set of recovery files (the location to save the backup files is specified in the Client Configuration package). One of the recovery files is a backup of the Master Boot Record (MBR) that can be used to restore the MBR in case it got corrupted.

    Please find an extract of the SafeGuard Easy Tools Guide below:

    5.2 Restoring a previously saved MBR backup
    To restore a previously saved MBR backup, proceed as follows:
    1. After the installation of Sophos SafeGuard on the endpoint computer, you are prompted to
    specify a file location for saving the MBR backup. This produces a 512 byte file with the file
    extension .BKN, which contains the MBR.
    2. Copy this file to the folder on the memory stick in which the other extra Sophos SafeGuard
    files are located.
    3. Now insert the Windows PE Boot CD into the drive, plug in the memory stick with the Sophos
    SafeGuard files and switch the computer on to boot from the CD.
    4. When the computer is ready, start the cmd-box, navigate to the directory on the memory stick
    where the Sophos SafeGuard files are located and run be_restore.exe.
    5. Select Restore MBR to restore from a backup and select the .BKN file.
    The tool now checks whether the selected .BKN file matches the computer and afterwards restores
    the saved MBR.

    5.3 Repairing the MBR without backup
    Even when there is no MBR backup file available locally, be_restore.exe can repair a damaged
    MBR loader. be_restore.exe - Repair MBR locates the Sophos SafeGuard kernel on the hard disk,
    uses its address, and recreates the MBR loader.
    This is highly advantageous, especially as there is no need for a computer-specific MBR backup
    file locally. However, it takes a little more time because the Sophos SafeGuard kernel on the hard
    disk is searched for.
    To use the repair function, proceed as described, but select Repair MBR when running
    be_restore.exe.
    If more than one kernel is found, be_restore.exe – Repair MBR uses the one with the most recent
    time stamp.

    Please let me know if you are able to boot the machine again after restoring the MBR backup.

    Regards,

    ChrisD

    :55069
  • 0

    Will this second method work if WInPE doesnt see a local disk?

    :55070
  • 0

    When you say "WInPE doesn't see a local disk" is that because the disk is encrypted and the file system is not visible / cannot be accessed or because the disk is not recognized from the system anymore?

    BE_Restore in repair mode can repair a broken MBR on the target disk even if the disk is encrypted and the file system is not visible.

    Regards,

    ChrisD

    :55071
  • 0

    After running the MBR fix, I went back in to WINPE, and I dont see the Localdisk in the tree on the left.

    :55093
  • 0

    Could you please post a screenshot or photo from the WinPE disk after opening a command line and running "DISKPART" followed by the command "LIST DISK" and "LIST VOLUME" ?

    Does the disk show up in the BIOS at all? If not (and you've checked that the wiring is OK), I would suspect a physical defect with the drives controller / mechanic and would recommend to contact a professional data recovery service.

    Regards,

    ChrisD

    :55117
Unfiltered HTML