Recovering Check Point Endpoint FDE Encrypted Hard Drives

We have been involved in recovering files from several hard drive’s encrypted using the Endpoint Full Disk Encryption product by Check Point. This is a strong encryption product that is turning up on more and more systems.

We are proficient at recovering the data from such systems and the following is a case study about a recent recovery we completed.

We received a HGST (HTS725050A7E635) 500GB 2.5 inch drive which had come out of a Lenovo ThinkPad laptop. The hard drive was completely encrypted using Check Point Software’s Endpoint Full Disk Encryption (FDE), and would not boot.

FDE securely encrypts all the data on a hard drive, including the operating system making the hard drive’s data extremely secure. For further information, read Check Point’s PDF about FDE here: https://www.checkpoint.com/downloads/product-related/datasheets/ds-endpoint-full-disk-encryption.pdf

Our examination showed that the hard drive powered up successfully but had additional protection layer in the form of a BIOS lock. Once this was bypassed we used Ubuntu to clone the hard drive which completed without error. We now had an exact clone of the encrypted hard drive. The next step was to decrypt it. A force decrypt operation was tried which resulted in 0% progress, even when left to run overnight.
The Endpoint Dynamic Mount Utility was used to attempt to access the data. This resulted in an error where no partitions could be found. When the .rec file was tried the whole system crashed.
We then tried to use the Dynamic Mount Utility (DMU) again using BartPE, a Pre-Boot application with the Endpoint Plugin introduced, this again resulted in the same annoying crash.
We then obtained the recovery media on a USB stick which requires an admin username and password to execute a decryption. This information allowed us to decrypt the data on the hard drive to a second hard disk.

Other Hard Disk Encryption Programs

Checkpoint’s FDE is not the only hard drive encryption program on the market, other popular products include Symantec Endpoint, Sophos Safeguard, McAfee Complete Data Protection and Dell’s Data Protection / Encryption. Both Microsoft and Apple also have their own products, namely File Vault and Bitlocker. An interesting article that explores the fundamentals of full disk encryption and compares the various products available can be found on the SearchSecurity web site at http://searchsecurity.techtarget.com/feature/The-fundamentals-of-FDE-Comparing-the-top-full-disk-encryption-products.

If you are having problems recovering the data from a hard drive encrypted with Check Point FDE or similar, please contact us, we should be able to rescue your data.

checkpoint, encryption, HDD

Abby Farndon

10:29 29 Apr 22

Honestly could not fault the customer service of this company! So friendly and helpful on the phone, they arranged dpd to collect my water damaged phone from my place of the work the very next day of my initial enquiry.The following day they contacted me to let me know they had received it which was very reassuring and a lovely touch.They managed to restore all of my data which I was so thrilled about as I honestly thought I would never get my sons baby photos back. They put the data on a memory stick and sent it by next day delivery. Amazing service and so thankful for all their help!! Would definitely recommend this company!!

Nilesh Ruda

16:21 27 Apr 22

Thank you and your team for a Brilliant service. You have saved our holiday memories.Highly recommend service. Excellent communication and Very fast turnaround

Raj beniwal

22:31 06 Mar 22

Salutation
First Name *
Last Name *
Phone *
Email *
Device Type *
Description *
GDPR Opt-in *


User Type *