Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 17461 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Data on encrypted drive, corrupted OS

Arvandor

So, I have an encrypted laptop from a user that has completely died. It was hanging on the windows loading screen after POA, but now it doesn't even do that much, just errors out instantly after POA. I can't boot into safe mode or anything.

I tried doing our SafeGuard administrator log on then booting off external media with pass through poa to windows unchecked, and booting off of a bootable Linux thumbdrive I have. This apparently doesn't decrypt the drive, however, as it appears to my Linux filesystem to still be encrypted. Trying to mount the main partition returns an invalid NTFS format error, and running a testdisk scan only brought up a lenovo backup partition (which is a discussion for another time, and a possible security hole... I'll dig into that more later.)

A coworker told me that we can use our enterprise console to create a recovery CD, but I haven't been able to find a KB that will help me with this process... Is there anyone who can point me in the right direction?

:49696


This thread was automatically locked due to age.
  • 0

    Hi Arvandor,

    although you've logged into POA and booted from the Linux drive, it cannot read your file system as your Linux system does not contain SafeGuard Encryption Subsystem drivers.

    Depending on the product you've installed (I guess either SafeGuard Enterprise or Sophos Enterprise Console with integrated Encryption), following KBAs might help you as they provide a recovery media (based on WinPE) with the SafeGuard drivers included:

    Recovering data from a Sophos Disk Encryption 5.61 Client using a bootable recovery media based on WinPE
    http://www.sophos.com/en-us/support/knowledgebase/118497.aspx

    Recovering data from a volume-based encrypted SafeGuard Device Encryption Client
    http://www.sophos.com/en-us/support/knowledgebase/108805.aspx

    Hope that helps,

    ChrisD

    Edit: typo ...

    :49702
  • 0

    I tried the steps in that KB, but the machine wouldn't boot from the DVD of the WinPE 3.0 Recovery disk I made. The screen would go blank for a few seconds, then just kick back to the boot menu.

    :49708
  • 0

    One other way you can recover the data is to slave the hard drive to another laptop or PC with Sophos Safeguard already installed.

    You will need to assign the key for your broken laptop to the working laptop. If you have access to the Sophos Management Center you can do this by clicking on Users and Computers, finding the hostname for your working laptop and selecting the local administrator account. You will then select select the “Key Tab”.

    Under “Available keys” find a key that matches the hostname of the broken laptop and drag and drop it to the pane on the right hand side.

    Connect the hard drive to your working PC and log in using the local administrator account. Right
    click on the Sophos icon and click “Synchronise”. This will download the key for the broken laptop onto your working laptop / PC. You may need to restart the laptop for the changes to take effect.

    You can then open the hard drive and browse it as if it were unencrypted.

    Let me know if this works!

    :49870
Unfiltered HTML