How to recover data from your HP ProBook 450’s encrypted hard drive
Encryption, in its own right, is an extremely powerful way of securing your data from unauthorised access, but it can also be a pain when you need to perform data recovery if your laptop failed, and you don’t have any backups.
I have recently been tasked with the process of trying to recover data from an encrypted Hard Drive from an HP 450 G1 notebook. The notebook’s motherboard failed completely and there was no way of getting to power it on (without replacing the whole motherboard). Unfortunately, my client did not have a recent backup of his highly sensitive data, and that data needed to be retrieved. Knowing the drive is encrypted, it was going to be a very daunting, if not impossible task to recover his data.
The hard drive was encrypted using the HP Drive Encryption tools alongside the HP Security Manager software for the HP ProBook 450 G1. The drive was protected by a pre-boot password, as well as a Windows password (SSO was enabled from the pre-boot password). I have searched the web for any possible way to recover the data, but even on HP’s support forum, there was no way of a workaround to recover the data. It was quite obvious, as I asked myself “if there was a workaround, then the security regarding encryption was flawed and meant nothing”.
So, before I continue, I must mention that the “how-to” part of this article is NOT a workaround, but a mere alternative process followed to retrieve data located on the hard drive. This is not an article which should encourage novice cyber-criminals to steal data, as this is a legit process with the user’s consent (as they did provide the credentials which encrypted the hard drive which you will need, otherwise the rest of the article will be useless). You must also need to have some IT knowledge as this steps should not be attempted when you have little to no IT knowledge as you might completely destroy all the data on the drive.
Now, there are some pre-requisites which need to be in place before you can continue. You should need the following:
- The password the user used at the pre-boot to unlock the drive. Without this, you will not be able to continue as the password is the most important pre-requisite for making use of this article. Some encryption software might give limited attempts to enter the password correctly, and might completely lock up the drive if the attempts are exceeded.
- Another working notebook / desktop with UEFI BIOS (the brand name does not matter that much).
- External USB hard disk drive.
The steps to follow:
- Firstly, you would (obviously) need to remove the encrypted drive from the source laptop.
- You should then install the encrypted hard drive into a working laptop / desktop computer. I have used an Acer Aspire notebook with UEFI BIOS (as my desktop computer which does not have UEFI did not do the trick) as the alternative notebook or desktop.
- The hard drive which is encrypted, will need to be set as the primary boot device on the working laptop / desktop. I have tried other methods where the encrypted drive was a slave drive, but it will not allow you access to the drive at all and will prompt you to format it (which will be totally worthless then).
- You might need to configure the working notebook / desktop’s BIOS to read the drive as “legacy” to have it boot up properly – check what is working for you.
- Boot up the notebook / desktop, and the pre-boot encryption screen should appear. If not, continue to configure the BIOS so that the drive is bootable, or try another notebook / desktop.
- Enter the password associated with the encryption account, and after pressing enter, immediately start to press F8 to go to the Windows boot options.
- Enter the PC using Safe Mode. This will prevent the installation of most of the working notebook’s or desktop’s drivers in Windows, and as well is the safest way to access the data.
- Now when the notebook / desktop has fully started up, you can plug the external hard drive in and make your data backups.
If Windows is corrupt, or you get other prompts or weird stuff regarding Windows, you can search for the related articles on the web on how to fix those problems. The abovementioned scenario is purely where there was nothing wrong with the operating system, but where the laptop was faulty.
This process worked very well for me to recover the critical data. Most of you might say that it is obvious that you need the password etc. and this is a quite obvious troubleshooting way. The reason for this article is that I saw a lot of people not getting the data recovered even when they have the password for the drive. Not a lot of people tried placing the encrypted drive in a working machine and work from there.
Also, as you can figure out, encryption is very powerful, and other ways of encrypting a hard drive like with BitLocker or CheckPoint (which uses BitLocker), might make it more difficult (if not impossible) to recover the data. I have done recoveries in an Enterprise environment where CheckPoint Encryption was used and could be access with a BartPE CD/USB with the CheckPoint drive unlocker integrated into BartPE. And still, without any admin or user password, you will get nowhere of recovering the data.
Some encryption software might link to your computer’s chipset and therefore would require a similar motherboard, or the original for that matter, to have access to the drive. If the motherboard is damaged, then you should have made prior regular backups as you will not be able to recover any data (if there isn’t another workaround though).
I truly hope that this article will provide you with the information to recover data from your HP encrypted hard drive.
Some last words from my side. If you need to encrypt your desktop or laptop’s hard drive (if you require that security or if it is company policy), do make sure you have backups. Backup regularly as possible. You can never have enough backups of your data. If you don’t require encryption, my personal opinion is to not use it. Encryption will act as another layer of security for your sensitive data, but it will definitely decrease the potential to recover your data in case of an emergency.
Please feel free to leave your comments and opinions.
Leave a Reply