Encrypted drive

By terraterm ยท 13 replies
Mar 15, 2012
Post New Reply
  1. Hi All

    I have a client, that lost his IT administrator, dropped off the face of the earth.

    I'm now trying to recover data off an encrypted disk. Gigabytes of music collection.

    The OS is Windows Server 2003, encrypted with, Bestcrypt v2.

    I have the initial Bestcrypt password, to boot into the OS, but no one knows the Windows login password, therefore can't login into windows, can't see or access the data.

    I have full access to the machine.
    What can I use to decrypt the disk, and or salvage the files.

    I've tried some Live cd's, but that doesn't help.

    Any suggestions?

    Thx!!! in advance.
  2. jobeard

    jobeard TS Ambassador Posts: 11,168   +986

    first try booting Safe Mode and loging in on the Admin account :)
  3. terraterm

    terraterm TS Rookie Topic Starter

    The problem is no one knows the Admin password.

    Whether it's in safe mode or normal mode, still can't login.
  4. jobeard

    jobeard TS Ambassador Posts: 11,168   +986

    did you try hitting ENTER without typing anything? A great many systems have the
    Safe Mode Admin account without a pwd :(
  5. jobeard

    jobeard TS Ambassador Posts: 11,168   +986

    another approach is via the Command Prompt
    1. create A new account
      net user USERNAME1 PASSWORD /add
      (where USERNAME1 is the new login
      PASSWORD is the new one for this account
    2. make it an Admin Account
      net localgroup administrators USERNAME2 /add
      (make USERNAME2 is exactly like USERNAME1

    Step one should always work, but step 2 may fail for lack of permissions :sigh:
  6. terraterm

    terraterm TS Rookie Topic Starter

    pls. read my post carefully.

    The disk is encrypted.....this is what's causing the issue. without the encryption being removed, you cannot add anything or remove anything. no utility offline or live cd, can see the drive

    Blank password on server 2003....I think not.
  7. jobeard

    jobeard TS Ambassador Posts: 11,168   +986

    I did
    remains to be seen. You have TWO issues
    a) inability to logon
    b) the Bestcrypt
    For a certainty, Windows logon can not depend upon Bestcrypt. Once you have access to the system, then the Bestcrypt encryption WILL become the issue.
    If your assertion is correct, then windows logon needs concurrent passwords
    (user account + Bestcrypt) to be known simulatneously - - not a reasonable expectation.
    I would not expect it either,
    but until you try it - - you find a surprise.

    You may be aware that XP/home has a hidden admin login which is only visible via
    Save Mode and 90% of those have not password as the majority of Home users dont even know of the login/safe mode operation.

    It's your system - - I truly wish you every success.
  8. terraterm

    terraterm TS Rookie Topic Starter


    i will try the blank password thingy...but if they went so far as to encrypt the disk, what are the chances...crossing my fingers...lol

    Actually the login is as follows.

    Boot system, system then comes to Bestcrypt password prompt, which I have, then it boots into windows, where the password is lost.

    since the disk is encrypted, no changes can be made in an offline scenario, until the encryption is removed.

  9. jobeard

    jobeard TS Ambassador Posts: 11,168   +986

    AHH! Now that's interesting.

    Safe Mode may not work then as there are only 4-5 services started in safe mode--
    Best wishes.
  10. terraterm

    terraterm TS Rookie Topic Starter


    i'll need some luck

  11. Rabbit01

    Rabbit01 TS Evangelist Posts: 787   +58

    Something like this might work: http://www.jetico.com/bestcrypt-volume-encryption-plugin-for-bartpe/

    Boot the computer w/ the Bart PE, decrypt the drive and then access data using Bart PE's file manager.

    I've done something similar w/ my work laptop (XP Pro) sometime ago to retrieve data. The HDD is encrypted w/ Safeboot. I found the Bart PE plugin for it, and booted the computer w/ it. Once the volume was mounted and decrypted, I was able to copy my files to a flash drive.
  12. terraterm

    terraterm TS Rookie Topic Starter


    i will try it out....and post back.

    I'll be working on it on the weekend

  13. terraterm

    terraterm TS Rookie Topic Starter

    hi all

    i was able to recover the Admin password, therefore I was able to logon, and use the Bestcrypt software to decrypt the drive.

    No blank admin password...I did try that out.

    The BARTPE/Jetico plugin, worked, meaning I was able to launch it from the CD, but it couldn't see the drives...didn't try to figure out why, as I now had access to the software itself.

  14. Rabbit01

    Rabbit01 TS Evangelist Posts: 787   +58

    Glad to hear it worked out at the end.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...