Data recovery and disk repair questions and discussions related to old-fashioned SATA, SAS, SCSI, IDE, MFM hard drives - any type of storage device that has moving parts
November 29th, 2017, 13:22
I have a MacBook Air SSD drive in that has some corruption. I did make a clone of the drive, but the 'customer' partition is not showing up on the Mac so we can't decrypt the data. I have tried to mount the partition in many of the usual software such as R-Studio, DataRescue, UFS etc but nothing sees it.
Good news is I have been able to access the drive back in the original MacBook Air via the recovery partition and Disk Utility to make .dmg images of most of his data which open up fine, but the client really wants one of the apps which I cannot make an image of in the recovery partition.
So.... and ideas on how I might be able to mount and decrypt the full FileVault partition?
November 29th, 2017, 13:33
If you have a .dmg image of the user partition, just double click to mount it in MacOS.
Or am I missing something? Perhaps this is a case where the partition table was overwritten??? I know I've had to manually rebuild a few partition tables as of late for filevault encrypted drives with lost partition tables, since no software I've found can correctly detect the beginning/ending of an encrypted volume.
Last edited by
data-medics on November 29th, 2017, 13:36, edited 1 time in total.
November 29th, 2017, 13:34
November 29th, 2017, 13:42
data-medics wrote:If you have a .dmg image of the user partition, just double click to mount it in MacOS.
Or am I missing something? Perhaps this is a case where the partition table was overwritten??? I know I've had to manually rebuild a few partition tables as of late for filevault encrypted drives with lost partition tables, since no software I've found can correctly detect the beginning/ending of an encrypted volume.
Good question. I couldn't get a good image of the use partition as its keeps saying its corrupt when trying to mount it, but I did get smaller images of docs, pics, downloads etc.
November 29th, 2017, 13:43
Must admit I have never tries it. I will give it a go and report back.
November 29th, 2017, 14:02
If the partition table is correctly pointing to the encrypted partition, then R-Studio should be able to see it and decrypt it.
Unless of course, it's APFS formatted instead of HFS+, in which case you're probably in trouble. R-Explorer can work with APFS, but can't handle Filevault. R-Studio can handle Filevault, but not APFS. If only the two companies would agree to share notes and work together.
November 29th, 2017, 14:05
data-medics wrote:If the partition table is correctly pointing to the encrypted partition, then R-Studio should be able to see it and decrypt it.
Unless of course, it's APFS formatted instead of HFS+, in which case you're probably in trouble. R-Explorer can work with APFS, but can't handle Filevault. R-Studio can handle Filevault, but not APFS. If only the two companies would agree to share notes and work together.
Sorry I did forget to mention that. Its is APFS.
November 29th, 2017, 14:43
Sorry I did forget to mention that. Its is APFS.
You are out of luck with Diskwarrior....for the moment anyway.
They don't support APFS yet.
November 29th, 2017, 14:45
Thanks for the advice guys.
November 30th, 2017, 4:56
Couple of options:
1)Open image under R-studio , make FileVault decryption ( you wont get access to APFS)
Use that decrypted image under Recovery Explorer (R-explorer) to access APFS, scan it for lost files and folders.
2) Download R-eplorer for Mac and use it under original MacBook air, scan it.
November 30th, 2017, 15:33
DR-Kiev wrote:Couple of options:
1)Open image under R-studio , make FileVault decryption ( you wont get access to APFS)
Use that decrypted image under Recovery Explorer (R-explorer) to access APFS, scan it for lost files and folders.
Unfortunately R-Studio does not see the image as encrypted so the first option does not work.
2) Download R-eplorer for Mac and use it under original MacBook air, scan it.
R-Explorer for Mac sees the APFS file system and splits that down into the 3 folders (right side of screen). The main folder (Macintosh HD) is not accessible due to the encryption. I thought about making an image of that partition and go back into R-Studio, but as far as I can tell R-Explorer does not allow you to make an image from folders in the right side screen.
December 2nd, 2017, 17:40
Read my post, maybe it will help you:
https://forum.hddguru.com/viewtopic.php ... 89#p249089I solved a case where data was encrypted by FileVault, by reading this:
https://derflounder.wordpress.com/2011/ ... oot-drive/P.S.
i don't remember if partition was HFS+ or APFS
December 2nd, 2017, 18:26
Thanks, but this did not work. I think because its APFS we are getting the same errors as above.
December 2nd, 2017, 20:26
APFS does not use the FileVault-2, it is completely new, built-in to the APFS core encryption.
If that partition is not showing up on Mac OS High Sierra(currently the only OS that supports encrypted APFS volumes) then you kinda screwed, because I think there are no tools to work with encrypted APFS yet.
February 2nd, 2018, 20:32
Hi guys,
Have had similar issues and did not have a decent way to access user data due to APFS. However, we have found iBoySoft to give support where the typical solutions have failed. It gave us full APFS support on a logically damaged SSD from a High Sierra update.
`Regards
Powered by phpBB © phpBB Group.