What is encryption and what types of encryption exist?
Encryption is a technology that uses a complex algorithm, or cipher, to convert information into an unreadable code that cannot be deciphered (in other words unlocked) by anyone without the secret key or password that was applied to encrypt it. This helps to prevent unauthorized people from accessing the data stored on the device.
An external drive can be encrypted on the software or hardware level (or both). Additionally, you can decide whether to perform full disk encryption (FDE) or file-level encryption (FLE). In the first case, the entire volume is encrypted and every bit of data on the device is protected against unauthorized access. In contrast to the full one, file-level encryption is performed on the level of the device’s file system and protects an individual file or directory. Both types of encryption can be used simultaneously.
As for the ways of encryption, you can choose between using a built-in encryption tool of the OS or a third-party encryption program (software-based encryption), or saving files on a hardware-encrypted drive (hardware-based encryption).
Encryption with software
Recent versions of popular operating systems have built-in encryption programs to protect your USB peripheral. For instance, BitLocker on Windows, FileVault on macOS and LUKS on Linux. Yet, please mind that they don’t work across operating systems. So, if you encrypt your external data storage device with BitLocker of Windows, you won’t get access to it on macOS, unless you have a special program installed.
There are also third party free and premium products for encryption, such as VeraCrypt, TrueCrypt, AES Crypt, AxCrypt, Gpg4win and others.
Hardware-encrypted external drives
As a rule, the devices with hardware-based encryption are encrypted on both the software and hardware level and have physical keypads to enter a passcode in order to get access to the data.
Although the encryption of external hard drives and USB thumbs seems to be an excellent way to protect the data on them, the problem is that in case you lose or forget the password, the chances to restore access to the drive will be minimal.
Is it possible to recover files from an encrypted external hard drive or USB stick?
First of all, note that it’s impossible to access an encrypted drive without the decryption credentials (a password or a so-called decryption key), neither for the authorized user nor for a data recovery utility. In addition, most encryption tools create a separate area on the drive that contains metadata necessary for the decryption. If this area happens to be corrupted or overwritten, no data recovery program will manage to convert the ciphered data back to its legible form. Nevertheless, if you have the password or key and the metadata area wasn’t severely damaged, the chances to restore data from an encrypted drive are quite high.
Still, there are several important things to mention in this context:
- No matter whether the data is encrypted or not, when it is overwritten or wiped out by the system, a user or a special file shredding utility, it becomes irrecoverable.
- If you are not sure if your encrypted drive has been damaged physically, you’d better show it to a specialist of a reliable data recovery center.
- In case there are bad sectors on your external drive, it is highly recommended that you clone it and work with the disk image instead of a physical device. The same applies to a low-performing disk of large capacity, as it may not withstand the workload and fail during the data recovery procedure. However, please mind that the cloning of damaged data storages requires certain technical skills, so it should be performed only by a qualified specialist or a person who has some expertise in dealing with such drives.
Restoring files from an external hardware-encrypted drive
Hardware-encrypted external drives are typically protected against brute-force search (systematically checking all possible passwords/keys). After a certain number of consecutive incorrect password entries, the encryption key is deleted and the drive is blocked, so its data becomes inaccessible neither for users, nor for data recovery software. Some devices may have a self-destruct or hard reset feature that is enabled after exceeding the maximum password entry attempts.
Due to the specifics of the protection mechanisms and the impossibility to access the hardware encryption key, data restore programs cannot decrypt such disks, nor can they read or detect them. Thus, if you don’t have the correct password, there is no chance to recover files from a hardware-encrypted external data storage device.
Restoring files from an external software-encrypted drive
When it comes to external USB-connected drives encrypted with BitLocker, LUKS, FileVault, APFS encryption or some third-party program, the lost or deleted data can be recovered, provided you have the correct password (or at least the recovery key in case of BitLocker or APFS encryption) and the area which holds the encryption metadata ("key material") wasn’t severely damaged or overwritten. The recovery key is a numerical password that is automatically generated by the system when you activate the encryption, and that can be saved to a safe place and used in case you forgot your password.
And when it comes to recovering files from an encrypted external device, some data recovery programs let you decrypt the storage directly in the interface and then process it like an ordinary external hard drive. So, there is no need to decrypt it beforehand in the OS.