Data Clinic - Data Recovery Services
  • Email
  • Facebook
  • Twitter
Call Us Free: 0800 151 2207
  • Data Recovery Home
  • Data Recovery Services
    • Hard Drive Recovery
    • External & USB Drives
    • RAID / Server Recovery
    • NAS
    • SSD
      • SanDisk SSD Data Recovery
      • Lenovo SSD Data Recovery
    • SD Cards
    • Mobile Phones & Tablets
      • >How The Process Works
      • Android Data Recovery
      • iPhone Data Recovery
      • Samsung Data Recovery
      • Sony Xperia Data Recovery
      • Nokia / Windows Data Recovery
      • Water Damaged Phones
    • CCTV & DVR
    • Macs
    • Windows Computers
    • Lost & Deleted Files
    • Advanced Forensic Data Recovery (ADR) Services
    • Forensic Investigation
    • Encrypted Volumes
      • Bitlocker
      • Check Point Endpoint
    • Tape Recovery
    • Tape eDiscovery & Conversion
    • Advanced Recovery Service
    • Spare Parts & Donor Drives
    • Disk Manufacturers
      • Seagate Hard Drive Data Recovery
      • Western Digital Hard Drive Data Recovery
      • Toshiba Hard Drive Data Recovery
    • SCSI Data Recovery
    • SQL Recovery
    • How Do Hard Drives Fail ?
  • Locations
    • Belfast
    • Birmingham
    • Glasgow
    • Leeds
    • Leicester
    • Liverpool
    • London – Chiswick
    • London – City
    • Manchester
    • Northampton
    • Sheffield
  • Help & Advice
  • News
  • About Us / Contact

Recovering Check Point Endpoint FDE Encrypted Hard Drives

March 9, 2016 / Chris Seeley / Data Clinic Ltd

Check Point Endpoint FDE screenWe have been involved in recovering files from several hard drive’s encrypted using the Endpoint Full Disk Encryption product by Check Point. This is a strong encryption product that is turning up on more and more systems.

We are proficient at recovering the data from such systems and the following is a case study about a recent recovery we completed.

We received a HGST (HTS725050A7E635) 500GB 2.5 inch drive which had come out of a Lenovo ThinkPad laptop. The hard drive was completely encrypted using Check Point Software’s Endpoint Full Disk Encryption (FDE), and would not boot.

FDE securely encrypts all the data on a hard drive, including the operating system making the hard drive’s data extremely secure. For further information, read Check Point’s PDF about FDE here: https://www.checkpoint.com/downloads/product-related/datasheets/ds-endpoint-full-disk-encryption.pdf

  • HTS7250 series hard driveOur examination showed that the hard drive powered up successfully but had additional protection layer in the form of a BIOS lock. Once this was bypassed we used Ubuntu to clone the hard drive which completed without error. We now had an exact clone of the encrypted hard drive. The next step was to decrypt it. A force decrypt operation was tried which resulted in 0% progress, even when left to run overnight.
  • The Endpoint Dynamic Mount Utility was used to attempt to access the data. This resulted in an error where no partitions could be found. When the .rec file was tried the whole system crashed.
  • We then tried to use the Dynamic Mount Utility (DMU) again using BartPE, a Pre-Boot application with the Endpoint Plugin introduced, this again resulted in the same annoying crash.
  • We then obtained the recovery media on a USB stick which requires an admin username and password to execute a decryption. This information allowed us to decrypt the data on the hard drive to a second hard disk.

Other Hard Disk Encryption Programs

Checkpoint’s FDE is not the only hard drive encryption program on the market, other popular products include Symantec Endpoint, Sophos Safeguard, McAfee Complete Data Protection and Dell’s Data Protection / Encryption. Both Microsoft and Apple also have their own products, namely File Vault and Bitlocker. An interesting article that explores the fundamentals of full disk encryption and compares the various products available can be found on the SearchSecurity web site at http://searchsecurity.techtarget.com/feature/The-fundamentals-of-FDE-Comparing-the-top-full-disk-encryption-products.

If you are having problems recovering the data from a hard drive encrypted with Check Point FDE or similar, please contact us, we should be able to rescue your data.

checkpoint, encryption, HDD

Comments are closed.

For an Immediate Quote
Call FREEPHONE
0800 151 2207

or, Request a Callback

Data Clinic Reviews

Data Clinic Ltd
Data Clinic Ltd
4.5
Based on 103 reviews
Write a review
Elliot Mikes
Elliot Mikes
06:29 14 Jan 21
Will Man
Will Man
15:45 13 Jan 21
Lost all my data on my iPhone, rang this company to see whether it was all retrievable. Within a week had my device backed up and all tracked with DHL courier. Definitely recommend to others who maybe experiencing issues with lost data.

LONDON
68 Lombard Street, EC3V 9LJ
Tel: 0207 111 0964

BELFAST
The Mount, Belfast BT6 8DD
Tel: 0800 151 2207

BIRMINGHAM
11 St Pauls Square, Birmingham B3 1RB
Tel: 0121 629 0436

GLASGOW
Tay House, 300 Bath Street, Glasgow, G2 4JR
Tel: 0141 301 1677

LEEDS
Building 3, City West Business Park, Gelderd Road, Leeds, LS12 6LN
Tel: 0113 254 9741

LEICESTER
3rd Floor, St. George's House, 6 St George's Way, Leicester LE1 1QZ
Tel: 0800 151 2207

LIVERPOOL
Horton House, Exchange Street East, Liverpool, L2 3PF
Tel: 0151 268 5255

MANCHESTER
The Pavilions, Bridge Hall Lane, Bury, BL9 7NX
Tel: 0161 761 0620

NORTHAMPTON
Victory House, 400 Pavilion Drive, Northampton Business Park, Northampton, NN4 7PA
Tel: 01604 529356

SHEFFIELD
The Balance, 2 Pinfold Street, Sheffield, S1 2GU
Tel: 0114 208 6027


(c) 2020 Data Clinic Ltd - Data Recovery Services. Click to visit Data Clinic's DATA RECOVERY homepage.