Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Chinmaya_Naik
Advisor

How to recover the data on the encrypted Hard Disk (Full Disk Encryption)

Hii Team,

Requirement: How to recover the data on the encrypted Hard Disk.

I follow the sk105523 to make the below process.

Step 01: Remove the HARD Drive from encrypted PC.

Step 02: Connect to the Another PC (Example: HOST_A) through USB port by using a converter to access the Hard Drive (Encrypted PC).

Note: HOST_A must have Endpoint Security Client installed with FD blade enabled. (E80.51 or Above)

Step 03: GO to location "%programfiles(x86)%\CheckPoint\Endpoint Security\Full Disk Encryption" on HOST_A.

Note: You found the "FDE_Drive_Slaving.exe".

After complete above step follows the below final step.

Step 04: Open the "FDE_Drive_Slaving.exe" then select the Drive of encrypted PC and start to recover.

NOTE: Make sure you open the FDE_Drive_Slaving.exe utility as an administrator, and once that is open connect the mounted drive.  Connecting the mounted drive before opening the FDE_Drive_Slaving.exe utility may sometimes not work correctly. (Thanks Steve_Lander for this information) 

Once the drive shows up on the list, you can click on it and unlock it with FDE credentials.

Also Please suggest If any other simple procedure apart from using "Dynamic Mount Utility".

dmu.png

Regards

@Chinmaya Naik

0 Kudos
7 Replies
G_W_Albrecht
Legend
Legend

The most dreaded issue nowadays with FDE is: After a Windows Update, Windows fails to boot anymore. For such events, we use the old PointSec way 😉 listed in sk90242: ATRG: Full Disk Encryption E80.40  Full Disk Encryption Recovery using Full Disk Encryption Recovery Media. The method from sk105523 must be used if the HDD Controller or mainboard is defective.

CCSE CCTE SMB Specialist
0 Kudos
Chinmaya_Naik
Advisor

Thanks, @G_W_Albrecht  I got your point.

Yes, the sk105523  is when HD Controller or mainboard is defective.

I need to validate the step that I shared.

 

@Chinmaya Naik

0 Kudos
Steve_Lander
Collaborator

Make sure you open the FDE_Drive_Slaving.exe utility as administrator, and once that is open connect the mounted drive.  Connecting the mounted drive before opening the FDE_Drive_Slaving.exe utility may sometimes not work correctly.  

Once the drive shows up on the list, you can click on it and unlock it with FDE credentials.

0 Kudos
Gerbelhunter
Explorer

I'm trying to use this technique, however on the system that has FDE installed, I can't find a file path to "%programfiles(x86)%\CheckPoint\Endpoint Security\Full Disk Encryption"

I've trying installing CP_EPS_E80.51_Clients_Windows over the top - Master_FULL\EPS.msi - and I get an error;

Error 27559. No blades were selected. Check Point Endpoint Security installation aborted.

Does anyone know where I can get a copy of the FDE_Drive_Slaving.exe?  What package do I need to install to access this?

Thanks,

 

0 Kudos
PhillipHuman
Explorer

When I try this, I get a bluescreen of death.

Also, the drive i have is partially encrypted, windows wont boot up either so I cannot finish the encryption

0 Kudos
IamArt
Explorer

Hi Shinmaya, if I installed FDE but system drive got an error and re-format without decrypt data drive first. Is it possible to use this method apply to get data back? Or do you have  method to recommend? Thank you very much in advance.

0 Kudos
PhoneBoy
Admin
Admin

Pretty sure if you've already erased the disk, you're out of luck.

0 Kudos