From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pd0-x233.google.com (mail-pd0-x233.google.com [IPv6:2607:f8b0:400e:c02::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Tue, 21 Apr 2015 07:16:27 +0200 (CEST) Received: by pdbqd1 with SMTP id qd1so230803649pdb.2 for ; Mon, 20 Apr 2015 22:16:24 -0700 (PDT) Message-ID: <5535DD24.9040609@gmail.com> Date: Tue, 21 Apr 2015 10:46:20 +0530 From: Sitaram Chamarty MIME-Version: 1.0 References: In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Data recovery recomendations needed List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: David Backer , dm-crypt@saout.de On 04/21/2015 10:08 AM, David Backer wrote: > Even if they just copied off the raw sectors, I could use > them to recover the data if I moved it to a new drive > provided that the LVM info and the LUKS headers are intact > right? This may be very naive of me, but it seems to me you need to do it in 3 steps: - get the raw data off (maybe DIY using 'ddrescue' or some such program, or farm it out). - assuming the LUKS headers etc are ok, mount the rescued data as a "drive" (or figure out some way of applying the same decryption that dm-crypt's block-by-block enc/dec does). Read off the raw blocks, this time unencrypted, and write them to another device. - use that device to recover the actual data. This is where knowledge of the internals of your filesystem will be needed, and you will probably need to farm it out. I'm assuming that's why those specialists exist.