locked
Lightning Zapped PC and Bitlocked HDD but I have an external USB HDD copy - but wont copy over- what to do?? RRS feed

  • Question

  • I decided to use Bitlocker to encrypt a 2nd internal SATA data HDD (all folders and subfolders) on my PC (Win 7 Pro) containg sensitive financial and personal data.  I assumed that when the encrypted SATA HDD was unlocked with my Bitlocker password that any file(s) copied to an external (USB) backup HDD drive would be non-encrypted files.  I tested my assumption and it seemed to be confirmed because I was able to open any of the copied files on the USB HDD drive even if the Bitlocker protected internal SATA HDD was locked.  

    We had a T-storm event and my PC motherboard got zapped along with other things like some TVs, cable box, router, etc.  After, the PC powered up but no BIOS messages, etc appeared.  I removed the C:/ drive and that seems readable from a USB HDD SATA caddy on another PC but the encrypted data HDD was literally fried with a dark scorch line across the PCB and would not power up.  The PC motherboard also had scorch marks.  Fortunately I have the external backup drive which was not connected at the time.  I thought I was in luck.  

    I plugged the backup USB hdd into my new Win 7 Pro box and found some strange things.  I could not copy many of the data files from the USB HDD onto the new PC HDD (another new 2nd internal SATA).  I got an error message saying "You need permission from S-1-5-21-405074475-1107139141-5430-etc etc to make changes to this file. 

    Those files that cannot be copied appear in green color type in Windows Explorer and when checked they have the "e" encryption attribute set which I could not uncheck.  What I found strange was that many subfolder have files and executables that seems perfectly fine without encryption.  At first I thought the good ones were old files created before I ever used Bitlocker but looking at dates it appears somewhat random.

    I do have my dead encrypted SATA drive's Bitlocker Recovery key ID and the Full recovery key ID plus the Bitlocker Recovery key.  How do I un-encrypt the individual files on the USB backup drive?

    I opened bitlocker on the new PC and it says no certificates found.  So I created a new certificate and then try to update one subfolder on the backup HDD containing non-critical data with the new certificaTE. I thought it would ask me for the old recovery key but all I got was the same

    error for each file:

    [ERROR]   0x80071771: file location and file name

    I assume, the S-1-5-21, etc is the id of my old PC.  Any advice would be greatly appreciated

    Thanks in advance.

    Jerry
    Tuesday, July 26, 2016 1:03 AM

All replies

  • Hi,

    are you sure you have them encrypted with bitlocker ? Bitlocker is not file based so you cannot encrypt a specific file. Maybe you have used EFS ?

    /Oliver

    Tuesday, July 26, 2016 5:57 AM
  • Yes, green means EFS. If you did not create a certificate backup (you were reminded to do this, so it might exist), those green folders and files are lost. Has nothing to do with bitlocker.
    Tuesday, July 26, 2016 1:33 PM
  • Well, its then very strange.  I never invoked encryption in any HDD.  I made two backup HDDs, each with about 2 Tb data (~650,000 files).  On one of the HDD b/u I have ~21,000 encrypted files while on the other HDD b/u only has ~2000 files.  I am doing a comparison between the files to see if random or overlap.  I do have the original C: boot HDD - can that be used in a new PC to recreate the certificates?

    jerry

    Tuesday, July 26, 2016 2:44 PM
  • You have 2 backup hdds? And on both, the same files are green?

    If it is really EFS (assuming you used it for whatever reason without even knowing), then you'd have to boot the old system, otherwise you'll find no way to extract the certificates.

    Tuesday, July 26, 2016 2:58 PM
  • The two backups should be identical copies of my bitlocked data hdd.  The green files may have some in common but there are 20,000+ on one backup and only 2000+ on the other.  I can only assume the backup program I used somehow corrupted the attributes during the copy process.  I am comparing now to see how many in common.  Can you advise on my steps to recover?

    1) take old C: boot drive which has the Win7 OS and put into new PC (I bought the same one that blew up for $100)

    2) use microsoft certificate manager to generate the certificates.

    3) what program do i use to take the certificates and unlock the green files?

    thanks

    jerry

    Tuesday, July 26, 2016 3:19 PM
  • If the backup corrupted the attributes, then these files are corrupt, not EFS-encrypted. Having the correct certificate will not help, then, but a chkdsk /r should be tried instead.

    If it were EFS, you would boot the old drive, rightclick such a file - properties - advanced - details - backup keys. These keys can be transported to the new computer to read the files after installing the keys (=certificate).

    Tuesday, July 26, 2016 3:34 PM
  • will running chkdsk /r first harm them further in any way or would you first try the certificaters?
    Tuesday, July 26, 2016 4:10 PM
  • You never know what checkdisk does. If you have the disk and pc ready, try the certificates.

    Edit: [know]

    Tuesday, July 26, 2016 4:56 PM