I messed up

[Coaxalis]

hello...

I messed up.

decided to change distro and try Endeavour. Made a live flash, tried it a bit and decided to install.

on my laptop I have two SSDs. one is for OS [256gb] and other to keep important files, 1Tb size, encrypted.

So I chose btrfs and encryption during install the Endeavour and I don't know either I was innatentive, or wtf happened but the system somehow took both my ssds. they are both endeavor os now.

is there a way to recover my data from the second ssd?

turned off laptop and trying to find help.

P.S.
Was without sleep for more than 24 hours and idea "to do one last thing installing linux and then straight to bed" was worst thought of decade.

 

[APTI]

this may be a bit off topic for you but I may be able to help prevent future issue. Why are you encrypting the drive?

I have people come in to my shop often with encrypted drives that something went wrong and they no longer can get anything from the drive due to the encryption. The only solution I can offer them is my shotgun to have the final word on the drive. Encryption on the drive does nothing to prevent hacking it only makes it near impossible to access the drive when you physically have it. While the computer is on, the drive is accessible because you have the keys on the computer. So the only thing encrypting the drive does is stop people from stealing it and getting the information assuming they don't have password to get into computer.
Most people lose information because of encryption. I suggest not using it unless you are doing secret work.

As for the install, you may have to reinstall the system. And this time disconnect any drive other than the one you want to install on. Once you are done you can plug the other drives in and they should come up. This varies on your distro but most will pick up the new drive.

 

[KGIII]

It is good that you powered down the drive. You might be able to recover some data with this:

Digital Picture and File Recovery

PhotoRec is a free and open source file carver data recovery software tool.

www.cgsecurity.org

I'm not sure how well it's going to work as the drive was encrypted.

 

[bob466]

Years ago when I had internal storage Drives (don't now)...I always disconnected them to install...this avoids many problems and you know the install is installed to the correct Drive.

 

[f33dm3bits]

Why are you encrypting the drive?

on my laptop I have two SSDs. one is for OS [256gb] and other to keep important files, 1Tb size, encrypted.

OP has a laptop, laptops can get stolen, it's normal to want to encrypt your data on a laptop.

 

[wizardfromoz]

I messed up.

You also messed up with your age, you are not 124.

Do us a favour and go back to your Profile and change it.

You don't have to give us your real age if you don't want to, if that is the case, then make it blank.

You came here for help... do something to help us.

Chris Turner
wizardfromoz

 

[Coaxalis]

OP has a laptop, laptops can get stolen, it's normal to want to encrypt your data on a laptop.

With one small detail - I‘m in process to recovery at least any files, but if I succeed - then there is no point to encrypt them...

 

[Aristarchus]

OP has a laptop, laptops can get stolen, it's normal to want to encrypt your data on a laptop.

Just make encrypted partition that is decrypted on demand. Or keep sensitive data on separate media.
It is debatable though what is the best approach if system is compromised (in the case of compromised system, the only advantage of using detatchable media or decryption on demand is that user will realize that system is compromised before accessing secured data).
@OP: you did everything possible to destroy your data unfortunately. There are professional shops specializing in data recovery but this is expensive and data recovery is not be guaranteed.

 

[f33dm3bits]

Just make encrypted partition that is decrypted on demand. Or keep sensitive data on separate media.

That is not always an option since there can be sensitive data in /home as well, such as hidden folders like .ssh. Or the location where your web-browser's cookies are stored, I wouldn't want someone that stole my laptop that is able to get into my installation to start a shopping spree or something like that. Also if your entire os disk is encrypted you won't have to worry about that one file that you forgot to place on your encrypted partition.

 

[Coaxalis]

Just make encrypted partition that is decrypted on demand. Or keep sensitive data on separate media.
It is debatable though what is the best approach if system is compromised (in the case of compromised system, the only advantage of using detatchable media or decryption on demand is that user will realize that system is compromised before accessing secured data).
@OP: you did everything possible to destroy your data unfortunately. There are professional shops specializing in data recovery but this is expensive and data recovery is not be guaranteed.

I do understand what is the situation - I’m trying to recover data from a drive that was encrypted, then erased and encrypted again. And the data I need is down at the first layer ‍...
Have very little hope in advance anyway

 

[f33dm3bits]

GRC | Hard drive data recovery software

Hard drive data recovery software

www.grc.com

SpinRite v6.1 First time purchasers of SpinRite.
$ 89.00

Purchase & Download

www.grc.com

Worth the money if you get your data back with it, I've heard several people have good things to say about SpinRite including one person that I know in person.

 

[Trynna3]

That is not always an option since there can be sensitive data in /home as well, such as hidden folders like .ssh. Or the location where your web-browser's cookies are stored, I wouldn't want someone that stole my laptop that is able to get into my installation to start a shopping spree or something like that. Also if your entire os disk is encrypted you won't have to worry about that one file that you forgot to place on your encrypted partition.

Re shopping spree: to my knowledge, most payment platforms have a timeout, like 10 minutes and then the session cookie becomes obsolete if there was no activity. MFA should also help to prevent somebody getting into your accounts if they happened to get access to your logins and passwords. The biggest risk for data is your other personal data for identity fraud, but with the ever increasing hacks of the various databases left and right, there soon will be nobody not having at least some of their personal data leaked to the dark web. And so I find the ads for deleteme and similar dishonest at best, and scams at worst. Data brokers aren't the only ones having our data that get into the wrong hands.
Maybe if you do crypto you should be worried, but I never went that direction so I cannot tell. I just know that one guy once invested in bitcoin, like 10 years ago or so, then got rid of the computer where he had the password to his wallet, literally sent to the landfill and applied for digging in that landfill to retrieve his computer. His request was denied by the particular authority. Easy comes, easy goes LOL.

 

[f33dm3bits]

Re shopping spree: to my knowledge, most payment platforms have a timeout, like 10 minutes and then the session cookie becomes obsolete if there was no activity.

That is true and I agree with 2FA for accounts where it can be activated but It was just an example of what could be in hidden files that you would want encrypted anyways, the whole point is other important data can be stored in your hidden files which is located in /home.

 

[KGIII]

SpinRite

I have the new version and have kept SpinRite around for what must be at least in the realm of 'decades'. I think I even made a post about there being a new version.

It's worth trying but it might be a bit expensive for the OP. I just spent a few minutes at a search engine and can't find much of anything about its efficacy with encrypted data. It seems to me that recovering blocks is recovering blocks, but I'm not sure if those blocks would be recognized as data.

If the OP does go that route, I hope they follow up with us to let us know if it worked.

 

[GatorsFan]

Since you have used LUKS - I would first decrypt the drive it might make recovery a bit easier

First we need to find your LUKS Encrytped block run - lsblk - from the terminal and note it's location it looks like from your photo it is nvme1n1p2

If you want to permanently decrypt, you have to use cryptsetup-reencrypt:

sudo cryptsetup-reencrypt --decrypt /dev/LUKSLocation (i.e. sda2,sdb2, sbc2 etc)

Example: sudo cryptsetup-reencrypt --decrypt /dev/nvme1n1p2


This process can take several hours depending on the size of your drive which from your photo is 1TB - my 4TB drive took me 22 hours on my I7 Quad-Core with 16GBs of RAM

 

[Coaxalis]

Since you have used LUKS - I would first decrypt the drive it might make recovery a bit easier

First we need to find your LUKS Encrytped block run - lsblk - from the terminal and note it's location it looks like from your photo it is nvme1n1p2

If you want to permanently decrypt, you have to use cryptsetup-reencrypt:



Example: sudo cryptsetup-reencrypt --decrypt /dev/nvme1n1p2


This process can take several hours depending on the size of your drive which from your photo is 1TB - my 4TB drive took me 22 hours on my I7 Quad-Core with 16GBs of RAM

Great thanks, I'll try asap!

 

[Coaxalis]

If the OP does go that route, I hope they follow up with us to let us know if it worked.

Free and self managed tries first :-}

 

[Aristarchus]

That is not always an option since there can be sensitive data in /home as well, such as hidden folders like .ssh. Or the location where your web-browser's cookies are stored, I wouldn't want someone that stole my laptop that is able to get into my installation to start a shopping spree or something like that. Also if your entire os disk is encrypted you won't have to worry about that one file that you forgot to place on your encrypted partition.

is your browser leaving cookies after session is closed? No .ssh in home directory. And if your box is compromised all the data are at the disposal of bad actor (lets say local network with cload of GRUB vulnerabilities ).

 

[f33dm3bits]

is your browser leaving cookies after session is closed? No .ssh in home directory.

As I said before.

the whole point is other important data can be stored in your hidden files which is located in /home.

You might have logged sessions in your web-browser saved. For example I don't need to log into linux.org every time I open it up.

Many people will have private .ssh keys store there, many people have their Thunderbird open without credentials which is stored in .thunderbird, you might gpgkeys store in .gpg. You might have vpn connections saved and the certificates that come with that that are also stored somewhere on the file-system. Those are all types of things you wouldn't want others to get access to if your laptop got stolen.

And if your box is compromised all the data are at the disposal of bad actor (lets say local network with cload of GRUB vulnerabilities ).

Yes of course there could other ways for your files to get comprised as well, but that doesn't invalidate encrypting your entire /home for if your laptop were to get stolen to make it this much harder for the thief to get into your private files that could be stored in /home or other file-system locations.

 

[Deleted member 201381]

I am new here and don't want to be too bold out of the box, but I would like to suggest another option to encrypt sensitive data into select encrypted folders. You can right click the folder and select compress, then compress it as a .7z folder. With .7z there is an advanced option to also password encrypt that compressed folder.