Recovering Check Point Endpoint FDE Encrypted Hard Drives

We have been involved in recovering files from several hard drive’s encrypted using the Endpoint Full Disk Encryption product by Check Point. This is a strong encryption product that is turning up on more and more systems.

We are proficient at recovering the data from such systems and the following is a case study about a recent recovery we completed.

We received a HGST (HTS725050A7E635) 500GB 2.5 inch drive which had come out of a Lenovo ThinkPad laptop. The hard drive was completely encrypted using Check Point Software’s Endpoint Full Disk Encryption (FDE), and would not boot.

FDE securely encrypts all the data on a hard drive, including the operating system making the hard drive’s data extremely secure. For further information, read Check Point’s PDF about FDE here: https://www.checkpoint.com/downloads/product-related/datasheets/ds-endpoint-full-disk-encryption.pdf

Our examination showed that the hard drive powered up successfully but had additional protection layer in the form of a BIOS lock. Once this was bypassed we used Ubuntu to clone the hard drive which completed without error. We now had an exact clone of the encrypted hard drive. The next step was to decrypt it. A force decrypt operation was tried which resulted in 0% progress, even when left to run overnight.
The Endpoint Dynamic Mount Utility was used to attempt to access the data. This resulted in an error where no partitions could be found. When the .rec file was tried the whole system crashed.
We then tried to use the Dynamic Mount Utility (DMU) again using BartPE, a Pre-Boot application with the Endpoint Plugin introduced, this again resulted in the same annoying crash.
We then obtained the recovery media on a USB stick which requires an admin username and password to execute a decryption. This information allowed us to decrypt the data on the hard drive to a second hard disk.

Other Hard Disk Encryption Programs

Checkpoint’s FDE is not the only hard drive encryption program on the market, other popular products include Symantec Endpoint, Sophos Safeguard, McAfee Complete Data Protection and Dell’s Data Protection / Encryption. Both Microsoft and Apple also have their own products, namely File Vault and Bitlocker. An interesting article that explores the fundamentals of full disk encryption and compares the various products available can be found on the SearchSecurity web site at http://searchsecurity.techtarget.com/feature/The-fundamentals-of-FDE-Comparing-the-top-full-disk-encryption-products.

If you are having problems recovering the data from a hard drive encrypted with Check Point FDE or similar, please contact us, we should be able to rescue your data.

checkpoint, encryption, HDD

Data Clinic Reviews

Data Clinic Ltd

4.5

Jacob Greenwood

14:38 30 Mar 18

5* customer service! Recovered my father's book from an old drive, also retrieved some long forgotten about photos. Simply cant put a price on something like that.

Jarek Roover

12:21 30 Jul 18

Go there if you lost your data

Tony Cowgill

15:56 10 Apr 13

We've used Data Clinic twice now - once for my son's laptop which held all his University work and suddenly seemed to just die, that was recovered with ease. And then secondly in connection with work when our office computer system backups were somehow corrupted. These people really know their stuff - they are very helpful and professional and quick! Thanks so much for everything.

Rob Deighton

11:33 09 Dec 16

Happy to recommend Data Clinic to anybody that suffered Data Loss on storage Media. The guys were extremely helpful and knowledgeable and made the recovery of our valuable data a stress free experience.

George Thorpe

12:19 20 Feb 14

My company provides IT support to approximately 60 Yorkshire based companies ranging from small 10-15 users up to Enterprise sized organizations. Due to disk failure a client recently lost their entire database. We contacted Data Clinic and within hours a representative was onsite, several hours later the drive was returned, again in person by Data Clinic Manchester. I would not hesitate contacting them again, outstanding service in a market that can mean life or death to a business. 10 stars if there was an option!

Kieran Collins

21:02 25 Oct 18

Fantastic. Could not fault them at all, Brilliant, 10 year old iMac full of data and they had the data back to me in 72 hours. Communication via e-mail was fast, clear and superb.

David Tett

14:36 24 Aug 18

Sent them a 4tb WD Red hard drive to recover. They quoted me £588 incl VAT and recovery media. I was a bit sceptical so I asked for it to be returned. First they sent me the wrong hard drive (a 500GB WD Blue). Not too careful about data protection then. When I eventually got the drive back it had been totally stripped and outer casing binned (would have been nice to know about this beforehand). I decided to send it to Curry's PC World. They quoted £90 + recovery media. All data recovered and both hard drives returned within a week. What more is there to say.

Elle Sweet

22:12 20 Aug 18

Awful communication, I was constantly chasing them for updates on my device. My device was with them days before work was started on it. The data this company couldn’t retrieve was later retrieve by Apple. Waste of a £110.

Next Reviews

Salutation
First Name
Last Name
Primary Phone*
Primary Email
Device Type*
Description
GDPR opt in