LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 06-20-2013, 05:02 PM   #1
crazypoker
LQ Newbie
 
Registered: Jun 2013
Posts: 9

Rep: Reputation: Disabled
Recovering data using Knoppix on a PGP encrypted drive


I'm having issues booting my computer running WinXP and would like to pull some data off of it before I completely redo the computer.

Here are the high level points:
- Computer has PGP WDE
- After starting, I am prompted for the passphrase almost immediately, I do know the passpharse and can get past this part on a normal boot, it's sometime during the running of startup scripts is when it fails
- I've downloaded and been able to boot using Knoppix V7.0 using a USB drive(Knoppix loads prior to me being prompted for my PGP passphrase)
- When Knoppoix loads however, I am not able to see my drive from which I would like to recover data
- When I run fdisk -l I am able to see the drive - /dev/sda and /dev/sda1. From my research I believe sda is the drive and sda1 is the partition
- I've tried various mounting commands with no luck, I could list them out but figured I'd just first start with this and see what type of feedback I get

That is about as far as I can get.

Can anybody help me out with steps needed to access the drive/partition and in turn, the data on that drive?

Thanks in advance
 
Old 06-20-2013, 07:07 PM   #2
yancek
Guru
 
Registered: Apr 2008
Distribution: PCLinux, Slackware
Posts: 5,100

Rep: Reputation: 811Reputation: 811Reputation: 811Reputation: 811Reputation: 811Reputation: 811Reputation: 811
Running fdisk should tell you under the System column if it is a Linux partition, usually just says "Linux".
Running df -T should tell you the filesystem type in the output, interestingly enough under the "Type" column.
The example below shows Type ext4 on sda8 and the root "/" partition.

Quote:
df -T
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda8 ext4 39G 25G 13G 68% /
Using the example above to mount that partition:
Code:
mount -t ext4 /dev/sda8 /mnt/sda8
You would need to create the "sda8" directory or whatever you want to call it in the /mnt directory or, you could just use /mnt as the mount point if you are on a Live CD.

Rescuing data should work well with TestDisk which may be on the Knoppix CD. You could try typing 'testdisk' in a terminal. I don't have a Knoppix CD to test.
 
Old 06-20-2013, 07:29 PM   #3
bill_from_tampa
LQ Newbie
 
Registered: Jan 2005
Location: Tampa
Distribution: Debian testing
Posts: 23

Rep: Reputation: 3
You should probably ask symmantec or whoever provided the PGP whole-disk encryption software how to recover data from the drive. It may be that the entire filesystem is encrypted meaning the linux mount command does not recognize that there is a filesystem on the partition (it is encrypted!). I have no idea if any of the linux (open source) whole-disk encryption software would be able to unencrypt and mount something created by your software (PGP). Maybe somebody else can help with that issue -- good luck! [I won't ask if you had the data backed up, that would be adding insult to injury...]
 
Old 06-20-2013, 08:42 PM   #4
jefro
Guru
 
Registered: Mar 2008
Posts: 12,087

Rep: Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521Reputation: 1521
My guess is you could simply use the gui to mount the drive. Do you have some file manager available in knoppix? The drive may show up in media or other folder already.

Yes, sdx is a scsi attached drive in position x. It would be scsi because of other reasons not actual scsi. Could be sata or ide or other.

Yes, sda1 is the first partition on sda. You may have other swap partition. Guess you could use gparted to see what is there on the sda drive.

I assume since it asks for the passphrase you have a start. The data may all be wrong but at least you have a start.

Knoppix may not correctly read soft or faux/fake raid arrays.

Use a few other distros just to see. Opensuse, live Gentoo maybe a few others. Fedora can't hurt to try either.
 
Old 06-21-2013, 12:18 AM   #5
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD
Posts: 2,032

Rep: Reputation: 309Reputation: 309Reputation: 309Reputation: 309
Quote:
After starting, I am prompted for the passphrase almost immediately
This happens when trying to boot Windows, is that correct? So Windows starts to boot, asks you for the passphrase, and then problems occur? What specifically is the problem? Does Windows give you an error message? Have you tried booting in Windows SAFE MODE?

Without knowing what PGP WDE is/does for its encryption, it's hard to give advice on how to recover a Windows version of it from Linux. But I went to Goggle and searched on "linux pgp wde" and the very first eight hits were for documents on the Symantec website. I didn't follow those hits to the documents themselves, but that's where I'd start if I were you. Next, I'd call Symantec support and ask them how to recover if you can't find anything else on the web and don't get any additional advice here on LQ.org
 
Old 06-21-2013, 10:07 AM   #6
crazypoker
LQ Newbie
 
Registered: Jun 2013
Posts: 9

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by yancek View Post
Running fdisk should tell you under the System column if it is a Linux partition, usually just says "Linux".
Running df -T should tell you the filesystem type in the output, interestingly enough under the "Type" column.
The example below shows Type ext4 on sda8 and the root "/" partition.



Using the example above to mount that partition:
Code:
mount -t ext4 /dev/sda8 /mnt/sda8
You would need to create the "sda8" directory or whatever you want to call it in the /mnt directory or, you could just use /mnt as the mount point if you are on a Live CD.

Rescuing data should work well with TestDisk which may be on the Knoppix CD. You could try typing 'testdisk' in a terminal. I don't have a Knoppix CD to test.
Here is the output of the df -T command, as you can see, it doesn't return anything for /dev/sda or /dev/sda1, thoughts?

knoppix@Microknoppix:~$ df -T
Filesystem Type 1K-blocks Used Available Use%
/dev/sdb1 vfat 3918848 1019968 2898880 27%
/mnt-systemtmpfs tmpfs 2625536 0 2625536 0%
/ramdisk/dev/cloop iso9660 1985480 1985480 0 100%
/KNOPPIX/dev/loop0 ext2 297485 4651 292834 2%
/KNOPPIX-DATAunionfs aufs 297485 4651 292834 2%
/UNIONFSunionfs aufs 297485 4651 292834 2%
/usrunionfs aufs 297485 4651 292834 2%
/hometmpfs tmpfs 10240 56 10184 1%
/UNIONFS/var/runtmpfs tmpfs 20480 2744 17736 14%
/runtmpfs tmpfs 10240 0 10240 0%
/UNIONFS/var/locktmpfs tmpfs 102400 52 102348 1%
/UNIONFS/var/logtmpfs tmpfs 2097152 8 2097144 1%
/tmpudev tmpfs 20480 4 20476 1%
/devtmpfs tmpfs 2097152 0 2097152 0% /dev/shm

Additionally, I was able to run testdisk and was able to see /dev/sda, however, I was not able to determine how to use it to access any data. I'm still working on that utility though.
 
Old 06-21-2013, 10:59 AM   #7
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD
Posts: 2,032

Rep: Reputation: 309Reputation: 309Reputation: 309Reputation: 309
Quote:
Originally Posted by crazypoker View Post
Here is the output of the df -T command, as you can see, it doesn't return anything for /dev/sda or /dev/sda1, thoughts?
That's because the df command can only return data for mounted filesystems. And you haven't been able to mount the filesystem yet.
 
Old 06-21-2013, 01:05 PM   #8
crazypoker
LQ Newbie
 
Registered: Jun 2013
Posts: 9

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by haertig View Post
That's because the df command can only return data for mounted filesystems. And you haven't been able to mount the filesystem yet.
Well that makes sense.
 
Old 06-21-2013, 01:47 PM   #9
yancek
Guru
 
Registered: Apr 2008
Distribution: PCLinux, Slackware
Posts: 5,100

Rep: Reputation: 811Reputation: 811Reputation: 811Reputation: 811Reputation: 811Reputation: 811Reputation: 811
Quote:
That's because the df command can only return data for mounted filesystems
I keep forgetting that. Try the command below, need to be root. You may need to install parted??:

parted /dev/sda print all
 
Old 06-28-2013, 01:38 PM   #10
crazypoker
LQ Newbie
 
Registered: Jun 2013
Posts: 9

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by yancek View Post
I keep forgetting that. Try the command below, need to be root. You may need to install parted??:

parted /dev/sda print all
Still no dice here. Been looking for some type of command that indicates the drive I want to work with is encrypted and then prompted for a pass phrase. I found something in terms of "luksOpen /Dev/sda1 encrypted" but as I don't have a luks device, that doesn't work. Any thoughts?
 
Old 06-28-2013, 03:28 PM   #11
jazz5150
LQ Newbie
 
Registered: Jun 2013
Location: NL
Distribution: Kali-Linux, Debian
Posts: 20

Rep: Reputation: 15
Why the insistence on using Linux/Knoppix? Make a boot.iso (you can get it from the symantec site). Boot from the cd you just made. In the PGP boot screen go to Advanced or press F4, decrypt the disc. Boot Knoppix, mount the decrypted disc, save what you want to save.
Another option is to use tools as Parted Magic or Casper Secure Drive Backup.
 
Old 06-28-2013, 08:28 PM   #12
crazypoker
LQ Newbie
 
Registered: Jun 2013
Posts: 9

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by jazz5150 View Post
Why the insistence on using Linux/Knoppix? Make a boot.iso (you can get it from the symantec site). Boot from the cd you just made. In the PGP boot screen go to Advanced or press F4, decrypt the disc. Boot Knoppix, mount the decrypted disc, save what you want to save.
Another option is to use tools as Parted Magic or Casper Secure Drive Backup.
I looked at Symantec but that said I needed to use the same version that was used to encrypt, which I can't remember. Also, I don't have a cd drive, could I make the boot.iso to a usb drive or does it have to be CD?
 
Old 06-29-2013, 02:57 AM   #13
jazz5150
LQ Newbie
 
Registered: Jun 2013
Location: NL
Distribution: Kali-Linux, Debian
Posts: 20

Rep: Reputation: 15
Assuming you are working from Knoppix you can use the dd command to write the iso to create a bootable usb device.
How to use dd is described in earlier postings in these forums.

If you can remember the time when the software was purchased you can deduct which version it should be.
Since the downloads are free and writing to USB is also free there is no harm in trying until you've got the correct version.
 
Old 06-29-2013, 12:52 PM   #14
crazypoker
LQ Newbie
 
Registered: Jun 2013
Posts: 9

Original Poster
Rep: Reputation: Disabled
I tried the Symantec option, I was able to find the version when I started the computer and accessed the pgp advanced options. However, this was not successful, when I booted with the bootg.iso image pgp presented and error stating it couldn't find the recovery. I'll try some of the other options you indicated next.
 
Old 06-29-2013, 01:48 PM   #15
jazz5150
LQ Newbie
 
Registered: Jun 2013
Location: NL
Distribution: Kali-Linux, Debian
Posts: 20

Rep: Reputation: 15
Just to make things clear: You created a bootable usb with the Symantec boot.iso? You then booted from this USB: was this succesful?
If it was: did you go to the advanced screen - Do not try to boot the disc but go to advanced and decrypt it.
Then you can boot Knoppix or whatever you like and save the data that needs to be saved to an external source, i.e. a USB device.

Can you explain where the error did occur?
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Recovering data from password encrypted volume akumarkind Fedora 6 03-09-2010 02:16 AM
Recovering data from password encrypted volume akumarkind Linux - Enterprise 3 03-06-2010 02:35 AM
Recovering data from password encrypted volume akumarkind Linux - Desktop 1 03-04-2010 09:42 AM
Recovering data from password encrypted volume akumarkind LQ Suggestions & Feedback 1 03-04-2010 09:41 AM
Recovering data from password encrypted volume akumarkind Linux - General 1 03-04-2010 09:40 AM


All times are GMT -5. The time now is 10:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration