Knowledge Base

These articles provide basic information and helpful recommendations concerning data access and recovery.

Download software

How to recover data from an encrypted Apple APFS volume

Recover data from encrypted APFS

In contrast to HFS+, the modern Apple’s APFS file system employed in macOS 10.13 High Sierra and later has native support for disk encryption, which makes it capable of protecting critical user data at the file system level, without the need for an extra layer of abstraction provided by Core Storage. Still, in spite of its modern security features, the technology certainly does not guarantee the prevention of data loss which may happen as a result of various factors, like human error or power failure. Fortunately, files lost from an encrypted APFS volume on the internal disk or an external device can be decrypted with the correct password or recovery key and restored to any safe location, unless severe damage has destroyed the parts of the disk which keep the information essential to decrypt the data (encryption key file, metadata, etc.). Follow the offered instruction to decrypt your Apple storage and rescue the encrypted data using UFS Explorer Professional Recovery.

  1. Connect your encrypted Apple APFS device to the computer.

Plug the encrypted external disk into the Mac. If you need to work with the system disk, in order to get access to it, you will have to extract it from the machine and attach it to another computer as a secondary disk or boot your Mac in a safe environment using UFS Explorer Backup and Emergency Recovery CD. It is also possible to work on the same Mac if you disable System Integrity Protection as described in HOW TO: Handle macOS storage inaccessibility, but this option is not recommended in view of a high risk of data overwriting.

  1. Install and launch UFS Explorer Professional Recovery.

Start the program with administrative privileges by entering the correct user/password in the pop-up window. The application will display all the attached drives in the list of connected storages in the left pane. Each physical device will have its logical volumes placed under it.

  1. Choose the necessary encrypted APFS volume from the list of storages.

Explore the list to find the needed encrypted APFS partition labeled with a yellow padlock icon.

  1. Use the decryption tool provided by the software to open the data.

Even though the partition is marked as accessible, the data within it cannot be read until deciphered. Open the volume context menu, select the "Decrypt encrypted storage" option and then choose the "APFS volume decryption" method. Enter the correct user password or copy the recovery key into the field, including all the dashes.

  1. Scan the decrypted storage to regain deleted or lost files.

After decryption is completed, the available files will become accessible in the software interface. You can also find the deleted or lost ones by scanning the storage. To run the scan choose the respective tool from the toolbar, unselect all extra file systems excepts APFS and click "Start scan".

  1. Select the needed recovered items and copy them to another disk.

When the operation is finished off, you can run through the file system restored by the program to find the needed folders and files. To define the ones to be saved click "Define selection", mark them with ticks and click "Save selection". After that, choose a safe destination folder for the rescued items.

The whole procedure is also demonstrated in the following video:

Last update: October 09, 2019

Rating: 4.8 - 5 votes