So, I did a thing - accidentally selected my 5TB external NTFS hard drive (encrypted with VeraCrypt) as the target for writing an ISO. The moment I noticed that “Impression” had switched the drive letter, I immediately killed the process. But yeah… damage done.
Now, the situation:
- Currently shows up as:
- 6 MB FAT
- 4.3 GB
- 2 TB unallocated
- 2.6TB unallocated
- The VeraCrypt volume obviously no longer mounts.
- Drive was somewhat crucial - lots of structured data I’d really prefer to recover with the original file system intact.
I know chances are slim, especially with encrypted volumes, but has anyone had luck recovering from something like this? I’m open to commercial recovery tools or command-line wizardry. Would love to hear from anyone who’s been down this road.
Any thoughts or recommendations?
VeraCrypt Volume Format Specification:
It may be possible to recover the encryption key. You might try asking on VeraCrypt forums/mailing lists or contacting a commercial data recovery service which understands VeraCrypt. Though I’m not familiar with VeraCrypt so I may be misunderstanding the cited documentation.
This is in all likelihood the way to go. These instructions from VeraCrypt might lead the way.
Of course, OP should create an exact duplicate of the disk to another drive before making any changes to it.
As an aside, I know that GPT partition tables likewise come with a backup header at the end of the disk. Whether LUKS encrypted devices also have backup headers, I don’t know, but it doesn’t seem so. So, my fellow LUKS users, perhaps you would like to run the following:
sudo cryptsetup luksHeaderBackup /dev/LUKSDEVICE --header-backup-file ~/nas/backups/lenovo_x280.luks.bin