Encrypted drive

By terraterm
Mar 15, 2012
Post New Reply
  1. Hi All

    I have a client, that lost his IT administrator, dropped off the face of the earth.

    I'm now trying to recover data off an encrypted disk. Gigabytes of music collection.

    The OS is Windows Server 2003, encrypted with, Bestcrypt v2.

    I have the initial Bestcrypt password, to boot into the OS, but no one knows the Windows login password, therefore can't login into windows, can't see or access the data.

    I have full access to the machine.
    What can I use to decrypt the disk, and or salvage the files.

    I've tried some Live cd's, but that doesn't help.

    Any suggestions?

    Thx!!! in advance.
  2. jobeard

    jobeard TS Ambassador Posts: 13,028   +221

    first try booting Safe Mode and loging in on the Admin account :)
  3. terraterm

    terraterm Newcomer, in training Topic Starter

    The problem is no one knows the Admin password.

    Whether it's in safe mode or normal mode, still can't login.
  4. jobeard

    jobeard TS Ambassador Posts: 13,028   +221

    did you try hitting ENTER without typing anything? A great many systems have the
    Safe Mode Admin account without a pwd :(
  5. jobeard

    jobeard TS Ambassador Posts: 13,028   +221

    another approach is via the Command Prompt
    1. create A new account
      net user USERNAME1 PASSWORD /add
      (where USERNAME1 is the new login
      PASSWORD is the new one for this account
      )
    2. make it an Admin Account
      net localgroup administrators USERNAME2 /add
      (make USERNAME2 is exactly like USERNAME1

    Step one should always work, but step 2 may fail for lack of permissions :sigh:
  6. terraterm

    terraterm Newcomer, in training Topic Starter

    pls. read my post carefully.

    The disk is encrypted.....this is what's causing the issue. without the encryption being removed, you cannot add anything or remove anything. no utility offline or live cd, can see the drive

    Blank password on server 2003....I think not.
  7. jobeard

    jobeard TS Ambassador Posts: 13,028   +221

    I did
    remains to be seen. You have TWO issues
    a) inability to logon
    b) the Bestcrypt
    For a certainty, Windows logon can not depend upon Bestcrypt. Once you have access to the system, then the Bestcrypt encryption WILL become the issue.
    If your assertion is correct, then windows logon needs concurrent passwords
    (user account + Bestcrypt) to be known simulatneously - - not a reasonable expectation.
    I would not expect it either,
    but until you try it - - you find a surprise.

    You may be aware that XP/home has a hidden admin login which is only visible via
    Save Mode and 90% of those have not password as the majority of Home users dont even know of the login/safe mode operation.

    It's your system - - I truly wish you every success.
  8. terraterm

    terraterm Newcomer, in training Topic Starter

    hi

    i will try the blank password thingy...but if they went so far as to encrypt the disk, what are the chances...crossing my fingers...lol

    Actually the login is as follows.

    Boot system, system then comes to Bestcrypt password prompt, which I have, then it boots into windows, where the password is lost.

    since the disk is encrypted, no changes can be made in an offline scenario, until the encryption is removed.

    thx!
  9. jobeard

    jobeard TS Ambassador Posts: 13,028   +221

    AHH! Now that's interesting.

    Safe Mode may not work then as there are only 4-5 services started in safe mode--
    Best wishes.
  10. terraterm

    terraterm Newcomer, in training Topic Starter

    yep...:(

    i'll need some luck

    thx
  11. Rabbit01

    Rabbit01 TechSpot Booster Posts: 862   +33

    Something like this might work: http://www.jetico.com/bestcrypt-volume-encryption-plugin-for-bartpe/

    Boot the computer w/ the Bart PE, decrypt the drive and then access data using Bart PE's file manager.

    I've done something similar w/ my work laptop (XP Pro) sometime ago to retrieve data. The HDD is encrypted w/ Safeboot. I found the Bart PE plugin for it, and booted the computer w/ it. Once the volume was mounted and decrypted, I was able to copy my files to a flash drive.
  12. terraterm

    terraterm Newcomer, in training Topic Starter

    hi

    i will try it out....and post back.

    I'll be working on it on the weekend

    thx!
  13. terraterm

    terraterm Newcomer, in training Topic Starter

    hi all

    i was able to recover the Admin password, therefore I was able to logon, and use the Bestcrypt software to decrypt the drive.

    No blank admin password...I did try that out.

    The BARTPE/Jetico plugin, worked, meaning I was able to launch it from the CD, but it couldn't see the drives...didn't try to figure out why, as I now had access to the software itself.

    Thx!!
     
  14. Rabbit01

    Rabbit01 TechSpot Booster Posts: 862   +33

    Glad to hear it worked out at the end.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.