Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

How to recover the data on the encrypted Hard Disk (Full Disk Encryption)

Hii Team,

Requirement: How to recover the data on the encrypted Hard Disk.

I follow the sk105523 to make the below process.

Step 01: Remove the HARD Drive from encrypted PC.

Step 02: Connect to the Another PC (Example: HOST_A) through USB port by using a converter to access the Hard Drive (Encrypted PC).

Note: HOST_A must have Endpoint Security Client installed with FD blade enabled. (E80.51 or Above)

Step 03: GO to location "%programfiles(x86)%\CheckPoint\Endpoint Security\Full Disk Encryption" on HOST_A.

Note: You found the "FDE_Drive_Slaving.exe".

After complete above step follows the below final step.

Step 04: Open the "FDE_Drive_Slaving.exe" then select the Drive of encrypted PC and start to recover.

NOTE: Make sure you open the FDE_Drive_Slaving.exe utility as an administrator, and once that is open connect the mounted drive.  Connecting the mounted drive before opening the FDE_Drive_Slaving.exe utility may sometimes not work correctly. (Thanks Steve_Lander for this information) 

Once the drive shows up on the list, you can click on it and unlock it with FDE credentials.

Also Please suggest If any other simple procedure apart from using "Dynamic Mount Utility".

dmu.png

Regards

@Chinmaya Naik

0 Kudos
4 Replies
Sapphire

Re: How to recover the data on the encrypted Hard Disk (Full Disk Encryption)

The most dreaded issue nowadays with FDE is: After a Windows Update, Windows fails to boot anymore. For such events, we use the old PointSec way 😉 listed in sk90242: ATRG: Full Disk Encryption E80.40  Full Disk Encryption Recovery using Full Disk Encryption Recovery Media. The method from sk105523 must be used if the HDD Controller or mainboard is defective.

0 Kudos
Highlighted

Re: How to recover the data on the encrypted Hard Disk (Full Disk Encryption)

Thanks, @G_W_Albrecht  I got your point.

Yes, the sk105523  is when HD Controller or mainboard is defective.

I need to validate the step that I shared.

 

@Chinmaya Naik

0 Kudos
Highlighted

Re: How to recover the data on the encrypted Hard Disk (Full Disk Encryption)

Make sure you open the FDE_Drive_Slaving.exe utility as administrator, and once that is open connect the mounted drive.  Connecting the mounted drive before opening the FDE_Drive_Slaving.exe utility may sometimes not work correctly.  

Once the drive shows up on the list, you can click on it and unlock it with FDE credentials.

0 Kudos
Highlighted

Re: How to recover the data on the encrypted Hard Disk (Full Disk Encryption)

I'm trying to use this technique, however on the system that has FDE installed, I can't find a file path to "%programfiles(x86)%\CheckPoint\Endpoint Security\Full Disk Encryption"

I've trying installing CP_EPS_E80.51_Clients_Windows over the top - Master_FULL\EPS.msi - and I get an error;

Error 27559. No blades were selected. Check Point Endpoint Security installation aborted.

Does anyone know where I can get a copy of the FDE_Drive_Slaving.exe?  What package do I need to install to access this?

Thanks,

 

0 Kudos