I've been trying to recover data from a damaged APFS file system that was encrypted by running a raw file scan after 'unlocking' it, but with no luck. With some more investigation it seems this may not be possible at all.

This seems to explain why doing a raw file scan on an encrypted APFS partition won't work.

https://www.blackbagtech.com/blog/ask-e ... ncryption/

It seems to say that 'unlocking' the drive decrypts the data based only on what is in the file system, instead of decrypting every sector of the partition like with other encryption types.

So if a file has been deleted or part of the file system is missing or corrupted, then 'unlocking' the drive will only decrypt the data that is listed within the file system. Hence doing a raw recovery for deleted files would only pick up useless encrypted data.

Does anyone know of a way around this?

Well ,
First of All Try The Tool Recovery Explorer ,Sometimes back i had a case the apfs was behaving as if it was encrypted ,but it was not ,The developer of recovery explorer was also amazed ,They have some videos on apfs also

_________________
Regards
Amarbir S Dhillon , Chandigarh Data Recovery Labs
Logical,Semi Physical And Physical Data Recovery
Website-> http://www.chandigarhdatarecovery.com

It is definitely encrypted. It was an accidentally reformatted drive, but some of the file system was damaged hence trying the raw recovery. Using the password the data still intact from the file system was recovered OK. Was using UFSExplorer