Kroll Ontrack revolutionizes the decryption process

The new method, called decryption-on-the-fly, has been developed by our R&D department and has dramatically reduced decryption timeframes for hard drives. The procedure only scans the part of the drive where data is stored; a higher volume of data is imaged and decrypted in less time, with better and faster results for the customer.

Call us +9714275 7433 Require your free consultation and quote Create your own data recovery quote

How does the recovery of encrypted data work?

Our engineers have the necessary experience and know-how to recover data encrypted with the most popular encryption software (BitLocker, SafeBoot, CheckPoint among others).

Software encryption adds complexity to the recovery, but does not prevent it. It will be necessary to provide the user key, password, pass-phrase or key file for the encryption software. In some cases, companies use a challenge/response method.

If company policies do not allow the credentials to be provided Kroll Ontrack will recover the data anyway with standard processes and will copy the contents to a new backup device. The data will be returned still encrypted and the authorized personnel will be able to access with their credentials.
However, if Kroll Ontrack is denied access to the encryption credentials, it will not be possible to provide a list of recoverable files and to perform an evaluation of the integrity of the data.

Important: in case of CryptoLocker malware encryption you should contact our Customer Service directly.

Most common encryption softwares

See below a few examples of supported encryption softwares and the information required to decrypt the files. If your software is not listed, please contact our data recovery specialists.

SoftwareWhat to provide to assist recovey
SafeGuard Easy
  • Emergency drive
  • Administrator username and password

or

  • SafeGuard Easy version
  • Administrator username and password

or

If username and password are not available you should be able to provide an alternative username capable of generating a Challenge code, and a contact that can generate a Response code for authentication.

SafeBoot/EndPoint
  • Emergency disk
  • Username and password

or

  • SafeBoot version
  • the specific Safeboot .sdb file for the hard drive to be recovered
  • Username and password

or

  • If Safeboot File System (SBFS) authentication is available, you should provide username and password, or one of the user accounts’ details, or the SafeBoot administrator account’s details.
  • Safeboot’s latest version uses an .xml file instead of an .sdb
PointSec/CheckPoint
  • Restore disk
  • Pointsec administrator username and password
  • Kroll Ontrack can accept the files only from the restore drive, and copy them on an existing Pointsec boot drive; it is not necessary to send in the physical restore drive.

or

  • File .rec e versione Pointsec e il nome utente e le password dell’amministratore

or

  • The Dynamic Mount utility can be used in Windows or BartPE drive in order to mount the encrypted drive and access the data. You will need to provide access details.

Please note: Pointsec allows an ‘authentication on response’ configuration so the administrator’s password is not strictly necessary. Kroll Ontrack can use the Pointsec administrator’s username and authentication (or Challenge) code and provide a Response code.

During the Challenge/Response authentication procedure we will need to be on the phone with your IT department as the information needs to be entered immediately.

PGP
  • PGP version
  • Passphrase
BitLocker
  • Numeric recovery password
  • USB key for Windows startup

It is possible to use the restore key (example: F:\RecoveryKey.bek) or send the Key Package with the device or via email. The Key Package is necessary only when the keys or the drive are missing or damaged.

Guardian Edge
  • Guardian Edge version
  • Administrator username and password

Please note: less recent versions of Guardian Edge use a Challenge/Response method for safe access.

TrueCrypt
  • Rescue Disk
  • Username and password
BeCrypt
  • Emergency disk
  • Passphrase

or

  • version
  • Passphrase
Windows EFS
  • Windows domain name
  • Username and password of the local computer which configures the EFS  passwords

or

  • user security certificate