How to recover data from a LUKS-encrypted volume
LUKS is one of the most popular cryptographic techniques used on Linux-powered computers and laptops which is considered to be nearly impossible to break using brute-force methods. No doubt, it makes the crucial information stored on the disk well-protected from prying eyes, but unfortunately, this has nothing to with the safety of the data itself, which can get unintentionally deleted or disappear without any obvious reasons.
By luck, files lost from partitions which employ this format can be recovered if the correct password is known and the "key material" section on the disk of up to several megabytes has not been damaged or overwritten. Yet, in order to obtain intact files, one needs to decrypt the storage before making any data recovery attempts. UFS Explorer Professional Recovery allows decrypting such volumes directly in the program’s interface, provides prompt access to their data as well as means to regain deleted or lost information. Follow the given guidelines to decipher your LUKS-encrypted partition and salvage the missing files using this software tool.
- Connect your storage encrypted with LUKS to the computer.
Attach the encrypted portable device to the computer. If you are going to deal with an encrypted system partition, due to very high chances of overwriting, it is advisable to remove the dive from the machine and connect it to another PC as an additional disk or boot the computer from UFS Explorer Backup and Emergency Recovery CD. It also worthy of note that if LUKS was used in combination with a TPM, the chip must be present in the computer during the process of data recovery, so in case it is built-in, the procedure is only possible on that very PC.
- Install UFS Explorer Professional Recovery and run the program.
Launch the program with elevated privileges by entering the right login/password upon request. All the attached drives will be listed among the connected storages in the left panel. Logical volumes will be displayed under the corresponding physical devices.
- Choose the needed LUKS partition from the list of storages detected by the software.
Check out the tree of storages and select the necessary encrypted volume. You can recognize it by a yellow padlock icon.
- Tell the program to decrypt the volume.
Open its context menu and pick the “Dercypt encrypted storage” option. Choose the “LUKS metadata” decryption technique and enter the correct decryption password. If the password for some reason includes unprintable symbols, you will need to specify it as the corresponding hexadecimal code and enable the “Decode Hexadecimal” option. Also, if you are working with a NAS unit of QNAP, you will have to activate “QNAP transform” and enter the password simply as it is.
- Scan the decrypted partition to locate deleted or lost data.
On completion of the decryption process you can explore the intact file system directly in the software interface. To find the deleted or lost folders and files you will need to perform storage scan. For this pick up the respective tool from the toolbar, deselect all unwanted file systems and press “Start scan”.
- Choose the needed recovered items and copy them to another storage device.
After the end of the operation you can take a look at the files and folders restored by the software and decide on the ones you want. To specify the items which items need to be saved press “Define selection”, place ticks next to them and click “Save selection”. After that, define a safe destination location for the restored data.
The whole course of action is also explained in the following video:
Last update: October 09, 2019