This is a duplicate of a post I put into General Q's... wasn't sure which was the best category, so thought I'd put it in both..
----------------

Okay, here's the deal... I'm looking for help in finding a tool to do a specific hdd recovery task. This is the situation...
one of our high mucky-mucks decided that backing up his laptop to the network was a bad idea. Now we find ourselves in a situation where his laptop is unbootable. We need to try to recover it, and if anyone's gonna have a tool to do it, it's Linux. I need to find that tool.

The HDD is a 10Gb disk, running NT4.0 sp6a. The entire hdd is encrypted, using a product called SafeGuard Easy. Basically, the app applies an algorithm to the MBR, and to the drive, on a partition by partition basis, to secure data against tampering. To boot the computer, you must enter a password, which protects the MBR. If you use a floppy to bypass the hdd MBR, then you find yourself with an unmountable volume. The drive was partitioned as follows:
hda1 -> 275mb hibernation (type 84)
hda2 -> 2GB NTFS (system)
hda3 -> 7.3GB NTFS

So the tech who was working on the laptop decided that since hda2 was almost full, that he'd use Partition Magic to resize the partitions. Worked fine, no problems. But when the laptop rebooted, the puter would just BlueScreen, claiming to find no bootable volume. Since the partition table changed, the encryption algorithm seems gibbled. The app's manufacturer is not able to help much on this one either.
So the question is this... does anyone know of a tool, app, or utility, either linux- based or otherwise, that can help me to rebuild these partitions? We're grasping at straws here... any suggestion, no matter how vague, would be appreciated, cause we're stumped.
Thanks in advance, folks.

Greetings,

Well all I can say is I am glad I am not doing your job. :P
www.partimage.org (http://www.partimage.org) <-- will allow you to back up a partition, which would be a good start so when ya start playing around with the partition table, ya don't loose ya data. Only thing to remember is Partimage can restore to a partion to the same size or larger (not smaller), even if you only have around 20% of the partition used and the other 80% empty... it backs up info as a partition.

I won't pretend I have done anything like this before, but the way I would approach it would be to back the info up, fdisk the drive through Linux then repartition. Then use partimage to restore to one of your new partitions.

Ya might have to boot to a floppy after you fdisk in Linux and fdisk and set your main partition active to make it bootable before (or after) you restore your data.

My suggestion would be to wait for a few more responses from a few more LNO members as I would say some might have come across something like this before.

Read up on partimage, fdisk and gather as much info about your partition arrangement as possible... and send the bill to the person who decided to use partion magic. ;)

Hope that helps.

Cya round
Jinx

Mucking with encrypted and/or compressed volumes or partitions is always a Bad Thing. Partition Magic was probably oblivious to the encryption and just marched along merrily, doing the job it was told to do.
If ultimaco (http://www.utimaco.com/eng/content_products/sg_easy.html) (the maker of SafeGuard Easy) can't help you, then you are probably screwed, as the original information is now, as you aptly put it, "gibbled".

Since the volume wasn't even linux-native to begin with (and NTFS to boot), I wouldn't hang my hopes on a Linux solution. Your best bet is to press ultimaco further; perhaps you'll luck out and get in contact with a tech who might have some better insight.

Sorry for the depressing follow-up, but that's my gut feeling...

I'll have to agree with DMR on this one, the HD wasn't even encrypted with MS. At least when you encrypt with MS there is a recovery agent. I think the hd is gone unless the Manufacturer of the encryption app can help you out.

I guess I'll post this here too. I also put it in the General Linux Questions thread.

***This is only a theory***

First of all the high mucky-muck should quit downloading porn off the internet then he won't feel the need to encrypt his entire hard drive to hide it... nuf said bout that! :)

The way it sounds if you could get the password back on the MBR you could then put the data back on the partitions.

I figure you could:
-- Backup the partitions:
-- Reformat the drive:
-- Repartition it exactly as before:
-- Reinstall the OS:
-- Reinstall the encryption software using original password:
-- Reinstall the original encrypted data:

So here are the steps you could try (at your own risk, of course, and knowing that I will assume no responsibility for what happens) :)

[list=1]
Install the affected hard drive in a Linux system. This assums the drive is an IDE drive installed on the Primary-slave IDE controller, you might need to change the /dev/hdbX.

Collect all partition information about the drive.

/sbin/fdisk -l /dev/hdb > driveinfo.txt

NOTE: The file driveinfo.txt can now be printed as a reference to later re-partition the drive to it's original state.
Make backups of the three partitions on the affected drive.
dd if=/dev/hdb1 of=hdb1.img
dd if=/dev/hdb2 of=hdb2.img
dd if=/dev/hdb3 of=hdb3.img
NOTE:This will take an extremely long time, so be patient. This will require alot of drive space!

Put the drive back in the original system and reinstall everything as before. Be sure to make partitions exactly like the file driveinfo.txt. Must use original password.

Put the drive back in the linux system and backup the boot sectors.
dd if=/dev/hdb1 of=hdb1.boot.img bs=512 count=1
dd if=/dev/hdb2 of=hdb2.boot.img bs=512 count=1
dd if=/dev/hdb3 of=hdb3.boot.img bs=512 count=1
This step is not necessary but just a precaution.
You should now have the passwords on the boot sectors image file.

Put the partitions back on the drive. Once again you may need to change the /dev/hdbX.
dd if=hdb1.img of=/dev/hdb1 bs=512 seek=1 skip=1
dd if=hdb2.img of=/dev/hdb2 bs=512 seek=1 skip=1
dd if=hdb3.img of=/dev/hdb3 bs=512 seek=1 skip=1
NOTE: By setting bs=512 and seek=1 skip=1 we will skip the first 512 bytes of the image (the old boot sector) and also we will not overwrite the new boot sectors.

Pause for a moment of reflection... Do you believe in miracles?
[/list=a]

PS. If there was some sort of Time-Stamp applied when the original password was created then this is all a waste of time.

If it doesn't work you still have the data on the drive plus now the mucky-muck has a backup.

[ 05 January 2002: Message edited by: slapNUT ]

Thanks for the feedback and suggestions.

The tech involved was able to get in touch with a not-stupid at Utimaco, and they have managed to resolve the issue.

Thanks again