Linux (Mint/Ubuntu) – Live CD how to access/recover user’s encrypted data

How to recover your (user’s) data from the encrypted partition (HDD/USB) using the LiveCD Linux Mint/Ubuntu:

  1. Boot the Linux from the LiveCD
  2. Find your encrypted partition and mount it (providing the decryption password):
  3. You shouldn’t be able to access user’s data. If attempt to access any directory from the user’s home directory you should see an error like this:
  4. Mount user’s directory as a separate partition:
    sudo mount --bind /dev /media/mint/50949def-303f-41e1-9974-79f67bcd4cc5/dev &&
    sudo mount --bind /dev/pts /media/mint/50949def-303f-41e1-9974-79f67bcd4cc5/dev/pts &&
    sudo mount --bind /proc /media/mint/50949def-303f-41e1-9974-79f67bcd4cc5/proc &&
    sudo mount --bind /sys /media/mint/50949def-303f-41e1-9974-79f67bcd4cc5/sys

    and chroot into mounted partition:
    sudo chroot /media/mint/50949def-303f-41e1-9974-79f67bcd4cc5c5/sys
    as a result, you should become a root:
  5. Recover the encrypted data from your (encrypted) partition by running this command:
    sudo chroot /media/mint/50949def-303f-41e1-9974-79f67bcd4cc5c5/sys
    It will tell you which partition/data has been found and will ask you the user’s (Linux login/pass) password:
    ecryptfs-recover-private /home/USERA_NAME/.Private
    INFO: Found [/home/USERA_NAME/.Private].
    Try to recover this directory? [Y/n]: Y
    INFO: Found your wrapped-passphrase
    Do you know your LOGIN passphrase? [Y/n] Y
    INFO: Enter your LOGIN passphrase...
    Inserted auth tok with sig [b472ca3b01f29904] into the user session keyring
    INFO: Success! Private data mounted at [/tmp/ecryptfs.YPb2CmMH].

    The success messages tells you where you can access the decrypted data: /tmp/ecryptfs.YPb2CmMH
  6. If you navigate into that directory /tmp/ecryptfs.YPb2CmMH and list its content you’ll see the user’s data which can be accessed through terminal:
    cd /tmp/ecryptfs.YPb2CmMH
    ls -al
  7. In order to access this data and to copy it from one partition to another, let’s use Nautilus tool.
    Install Nautilus:
  8. Launch Nautilus application (you can launch more instances by using CTRL+N shortkey):
  9. Go to the suggested path (/tmp/ecryptfs.YPb2CmMH) and there should be the content of the user’s /home/USERNAME directory:

You can copy user’s files/directories between Nautilus windows. This way you can recover your files.

More details:

Useful tools: