• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

TC on EHD & lost access to hidden

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Software and Hardware

View previous topic :: View next topic  
Author Message
wguru
Just Arrived
Just Arrived


Joined: 28 May 2006
Posts: 0


Offline

PostPosted: Sat Jul 26, 2008 7:31 pm    Post subject: TC on EHD & lost access to hidden Reply with quote

Hi, I had prof's install latest TrueCrypt running in travel mode on my external hard drive. I 1st copied files to the hidden drive (stayed under the max cap for that partition), then copied files to the unhidden partition, but later I could only access the unhidden partition.

The shop 'said' they had no idea why it happened. I'm convinced they just don't know enough about TC.

The shop said all they could do was to do a full format on the EHD, re-install TC in travel mode again, so now I'm re-loading the EHD with hopes the issue doesn't reappear.

Unlike before, this time I've added a small folder first in the unhidden drive and now I'm adding to the hidden drive.

I think I read there's a bug in TC or Windows that causes my past issue in that supposedly the hidden partition/files get corrupted.

I ran across what I think was a TC feature that protects the hidden partition's data from the un-hidden partition's being added to, but I can't find that tick box again (eg TC's properties or settings?).

I'd just like to know if there's anything I need to be doing to prevent my issue from repeating.

Maybe backing up the key or pathway, I don't know as I'm nearly an idiot when it comes to reading up on these technical issues.

Edit:

If afforded share expertise, I'm sure many would appreciate some tips on using TC in travel mode (do's & don'ts).

Likely in one's Windows (eg; like my XP Home) use, when such TC users are accessing the TC drives, probably it's wise to disable our AV?

Another couple of likely potential causes for TC travel mode issues might also be the Windows 'safely remove hardware' related setting of configuring the EHD's properties for quick removal (not requiring use of the 'safely remove hardware' feature?

If so, would the user need to open each partion's drive separately and tick it for 'quick removal', or is setting the EHD that way perhaps problematic in the event of potential power drops and/or the USB being bumped (shorted) during writing to the EHD, maybe the user can be locked out of a partition on the drive?

With respect to 'safely removing hardware' (the EHD's TC drives), since I frequently see Windows telling me there's a program still accessing the EHD and it I'm prompted that the drive can't be removed then', while there should be a way to ferret out what program is causing it (I may or may not be capable of doing that), I see a feature in TC's settings or properties that 'forces the dismount' and I did it seemingly w/o issue after my bumping the USB and my download onto the hidden drive was stopped.

As such, might that 'force dismount' be relatively safe when 'safely remove hardware' balks?

That last question assumes users have taken advantage of some TC features that back up the key or volume pathway or stuff like those TC features afford, but again which of those 'backup' like features does the user need to get set up (and how)?







with respect to how users set up the recycle bin's properties, global or individual maintenance?

Edit:

Oops, overlooked that last post's rambo sentence before closing iexplorer.

It dealt with a potential cause for why Windows 'safely remove hardware' sometimes balks at doing so.

I'm assuming that one setting or another for the Windows recycle bin is best for use with an EHD having TC set up in travel mode.

As for what happened my first go around with losing access to the hidden drive, all I can add is that it seemed to mount (as there was a size indicated) but when I then clicked on My Computer's listed drive (for the hidden folder's drive) a pop up indicated something (sorry) that ended with 'do I want to format the drive'.

Likely what I did to screw that drive up was in that I couldn't get it to 'safely remove hardware', I used (ahem) file unlocker on the drive so I could get Windows to prompt it was safe to remove the hardware.

One other possibility might be is that for my EHD (a 'My Book' 1GB), maybe the TC travel mode's unhidden drive corrupted the hidden one by my having first downloaded some 400GB onto the hidden drive, then of course I dismounted it, then opened the unhidden drive and added some 350GB of files, as thereafter dismounting and all attempts at remounting the hidden drive failed, even though the unhidden drive would mount.

Man I sure need some tips here and the questions I'm asking sure need to be on some FAQ list but I'm not finding one.

Edit:

Apologies for dragging this post out, but last thoughts concern (again) the Windows recycle bin's likely propensity for maybe causing issues in either drive removal and/or later re-access, ref. 'safely removing hardware' and/or corrupting the hidden drive's partition or other attributes.

I suspect that depending on how one configures the Windows recycles bin(s), maybe the bin needs emptied before dismounting and/or closing drives?

Or if that's not the right methodolgy for managing the bin under these circumstances, might emptying the bins 'before' dismounting or closing EHD's actually be creating potential issues?

But as for how should configure the Windows recycles bin, I still don't know if each drive's 'bin' properties need be set individually or might my C's drive set for global or independant mgmt of the bins?

Moderator note: Please don't double (or triple, or quadruple) post, use the Edit button instead - capi
Back to top
View user's profile Send private message
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Sat Jul 26, 2008 9:42 pm    Post subject: Reply with quote

My, that's a lengthy post... Smile

If you ask too many questions in a row, it becomes harder to help you. You should try to think about what you want to ask beforehand, and synthesize it all in a way that's more succinct and easier to follow.

Remember, you want people to stay focused when reading your questions. If it's too hard to follow you (and 2 pages worth of successive questions goes a good way towards making it hard to follow you) then people are more likely to go read something else.

If you've already posted your question and remember something new afterwards, don't be afraid to use the Edit button - that's what it's there for. It is better to rewrite your original post to add the new information in a coherent way that fits in with the rest of your question, and delete anything made obsolete by this new information, than it is to make 3 or 4 consecutive posts saying "oh by the way apart from what I already asked, how about this and that and the other and the next".

It also helps to try and stay more or less on a single topic for a given thread. If you pose many unrelated questions together then it becomes harder to answer without just referring you to an encyclopedia. One thing at a time Wink


wguru wrote:
Man I sure need some tips here and the questions I'm asking sure need to be on some FAQ list but I'm not finding one.

You mean like the TrueCrypt FAQ?

The TrueCrypt Beginner's Tutorial has a lot of useful information to learn about using the program, explained in a simple way with screenshots and step-by-step guides. You will want to read at least the Hidden Volume section, in particular the subsection about Protection of Hidden Volumes Against Damage.

What happened to you is that you mounted the outer volume without protecting the hidden one and therefore, when you wrote data to the outer volume, that data overwrote the contents of the hidden volume. Like the documentation linked above explains, if you're going to mount the outer volume, you need to tell TrueCrypt that there's a hidden volume inside there so that it can avoid writing over it.

TrueCrypt has no way of knowing whether a given container has a hidden volume inside or not (that's the whole point of it being hidden, it's impossible to know if it's there). You need to tell TrueCrypt that the hidden volume is there when you mount the outer one, and you need to give it the hidden volume's password so that it can decrypt its header and find out exactly which areas of the outer container are occupied by the hidden container and which areas are safe to write.

The above-mentioned documentation contains detailed instructions (with screenshots) on how to do this.
Back to top
View user's profile Send private message
wguru
Just Arrived
Just Arrived


Joined: 28 May 2006
Posts: 0


Offline

PostPosted: Fri Jul 03, 2009 12:40 am    Post subject: TC partitioning hidden drive lost access Reply with quote

Much appreciation for your reply and again sincere apologies for the lengthy post. I just include everything potentially going to be asked of me and then of course, the questions.

I had seen several articles about protection from overwriting, but it was too confusing, so I posted here with all details (hoping to band-aid the resulting issues).

As for your kind reply, I'm afraid I'm either so sick of TC and/or trying to understand how to do as you suggest, I'm just going to 'hang it up' or give up on having a hidden drive, at least with TC.

Roght now I've ended up (I think) using TC's format.exe utility and while all the TC files I later accumulated still remain on the still partitioned EHD (albeit they're again mis-conboobulated, see later in this reply), for a year I've been able to at least access the once inaccessible space on the once encrypted and hidden drive (w/o issues until recently).

Again, as the still partitioned EHD now no longer hides the one drive, just recently while using my (Vista's) laptop and merely plugging in this EHD, whatever Windows utility(s) it is that detects new hardware and if it senses an issue, resulted in the prompt to perform a disk check.

Long story short, made mistake of allowing the disk check w/option of 'correct any errors found', that as opposed to canceling or exiting that popup and instead simply re-trying accessing the EHD (which works when I sometimes see the same 'disk check' prompt when using a 512MB Sony memory stick pro). Likely an intermittant Vista or Windows bug I'm guessing.

That disk check of the partitioned EHD resulted in some five pages of listing supposed errors and corrections which basically hid all the files, yet left all folders in place.

Tore my hair out for three days over that, eventually finding the missing files (hidden in a "found001" folder containing a folder named dir0000.chk).

So now I'm trying to figure out how to remove the partition and wipe this troublesome EHD (to have best chances of stopping issues with it even though I'm tempted to try and make sense out of the tutorial you referred me to).

Thanks again and apologies for taking so long getting back, but I lost track of this post (and a year ago, gave up on getting help, and even now, hopes of understanding how to do as you suggested).
Back to top
View user's profile Send private message
wguru
Just Arrived
Just Arrived


Joined: 28 May 2006
Posts: 0


Offline

PostPosted: Sun Jul 05, 2009 2:55 am    Post subject: Formatting EHD's Reply with quote

After the fiasco w/TrueCrypt, what with the instructions that I couldn't follow so as to protect the hidden partition for being corrupted (suppoedly) by adding too many files on it, and after all the time involved in accessing the files there (so's to copy-paste the files onto a reliable EHD by using PC Inspector File Recovery freeware), then yet another fiasco trying to format the problem EHD, I think I finally got the EHD back to a useful state. Problem there was when I formatted it, it seems EHD's must thereafter have a partition installed, but I neglected to do that and when finding 'safe removal' not working, figuring it was set for quick removal anyway, I dimply shutdown. Then the drive wouldn't list, seems it's properties said files I sstarted putting on it (before I shutwdown) wer RAW, that and disk managment said the drive was "unallocated" which seems why the drive failed to list in My Computer. So after formatiting it again, this time choosing to add new partition, only then did disk manager end up leaving me w/an EHD capable of usefulness. Whatever I did wrong the first time I formatted it, seems Googling the formatting of EHD's, led me to no simple explanation of what I'd domne wrong, nor any simple explanations as to what 'people' need to do when formatting a EHD. Hence this post's title which will hopefully help someone (unlike the inadequate Windows Disk Management UI and it's so called help feature which is so exacerbated it fails to simply disclose the 'how to'.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Software and Hardware All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register