How to recover data from an encrypted harddisk on boot failure with Ubuntu 14.04

Version 1.0
Author: Srijan Kishore
Last edited 27/Aug/2014

This document describes how to recover an encrypted harddisk in a failed boot device for Ubuntu 14.04 Server. This method will work for Ubuntu Desktop also. This is a very havoc situation when the distro fails to boot and we have our important data inside the distro. If the harddisk is not encrypted then we can easily retrieve our data with the help of live-cds or live-USB boot devices, but if the harddisk was encrypted then situation becomes little hectic. I will cover the topic for encrypted harddisk data retrieval from Ubuntu distros.

I do not issue any guarantee that this will work for you!

1 Preliminary Note

This tutorial is based on Ubuntu 14.04 server, so you should set up a basic Ubuntu 14.04 server installation before you continue with this tutorial. The system should have a static IP address. I use 192.168.0.100 as my IP address in this tutorial and server1.example.com as the hostname. Again my harddisk is encrypted, its ecryption password is howtoforge.

2 Scenario

Suppose you have a working Ubuntu Server 14.04 with some website hosting and other data in the Ubuntu Server, any how the system fails to boot and your data is critical and you want it to get recover the data back so that you can get the setup in working condition again. In my case I have Ubuntu 14.04 with some data at /root as shown below, it is just an example your data content may vary according to your usage.

cd /root
ls -l
root@server1:~# ls -l
total 804868
-rw-r--r-- 1 root root 232783872 Aug 26 08:27 debian-7.5.0-amd64-netinst.iso
-rw-r--r-- 1 root root         0 Aug 26 08:37 test.doc
-rw-r--r-- 1 root root         0 Aug 26 08:37 test.jpg
-rw-r--r-- 1 root root         0 Aug 26 08:37 test.odt
-rw-r--r-- 1 root root         0 Aug 26 08:37 test.txt
-rw-r--r-- 1 root root 591396864 Aug 26 08:28 ubuntu-14.04-server-amd64.iso
root@server1:~#

And the folder size in my case was 787Mb:

du -sh
root@server1:~# du -sh
787M    .
root@server1:~#


Suppose my device encounter in a non booting situation and I am very much consistent for the data in folder /root, I will boot the device with a live USB/CD of Ubuntu 14.04 Desktop from this iso http://releases.ubuntu.com/14.04.1/ubuntu-14.04.1-desktop-amd64.iso.

Next we need to make its either CD/USB bootable device. Now we will boot the failed Ubuntu server 14.04 with the CD/USB device, Proceed to boot it from the bootable device as follows:



Choose Try Ubuntu:




You will get the window as shown above for the default desktop, now open the terminal and get into the root terminal as follows:

sudo -i
apt-get update

Now we need to install cryptsetup as it is responsible for encryption/decryption of data. As we have booted the machine in Ubuntu 14.04 desktop so might be in your case it would be pre-installed, if not then install it as:

apt-get install cryptsetup

Now we need to mount the internal harddisk, firstly we will check which drive was encrypted. We will check it as follows:

blkid | grep crypto



So we have /dev/sda5 available as encrypted drive, now we need it to mount it as follows:

cryptsetup luksOpen /dev/sda5 unlock

You can use any arbitrary value, as in my case I am using unlock. Further it will ask for passphrase which was the encryption password for the harddisk, in my case it was howtoforge:

After putting the password it will get decrypted, now we need to mount the drive as follows:

mount /dev/mapper/server1--vg-root /mnt

In my case there was lvm configured at /dev/mapper/server1--vg-root, you can check yours in the directory /dev/mapper. After successful mounting you can see the contents as before in the drive /mnt/root

cd /mnt/root
ls

It is the same data as before the boot failure. Now you can either use scp or usb copy for the data and you have successfully recovered your data.

Congratulations! We have successfully recovered the data from the encrypted harddisk in Ubuntu 14.04 :)

Share this page:

1 Comment(s)