I have a Laptop, on which the OS has got corrupted and gives a system32\config not found error.
To recover my data, I can boot it using Knoppix but I am not able to mount my partition.
My partition is NTFS encrypted with McAfee Endpoint encryption. is there any way I can mount this partition specifying the password?
Mounting it without specifying the password you be a bit silly, don't you think? The people at McAfee would be out of a job sooner than one would deem possible, even with the current crisis...
Mounting it with a password would require you to either load the McAfee software or have some compatible program. The latter seems rather unlikely, because again, McAfee is probably trying to tie you in, meaning proprietary algorithms are probably used.
Knoppix is very powerful, but it cannot do magic.
I read Endpoint uses AES, which is an algorithm "we" can do, but it's not so simple as piping your filesystem through a program that decrypts it: you want the files, not the raw filesystem blocks.
Your best option, I think, is to connect the disk to a machine that has Windows running, with the McAfee software...
(I'm just thinking out loud.)
Next time, use something like TrueCrypt, which is (a) free and (b) works on other platforms, so this cannot happen again...
I think that you need an another HDD with Windows and your McAfee Endpoint encryption. Then mount your broken HDD in slave, and you will can mount it with this soft. I hope it will help you. Good luck. ;)
the only way to get at the data on a drive encrypted with mcafee endpoint protection is to use mcafee's utilities. depending on the options used to encrypt the drive, you can either boot with their recovery program (which i think is called safetech) and type in your username and password, or you will need the recovery file generated during the original encryption process.
I can confirm longneck's answer -- I'm the technical lead on a McAfee Endpoint Encryption deployment where I work. If an encrypted machine will not boot, the only way to recover the data is to use the McAfee recovery tools (SafeTech or WinTech) and either the damaged machine's configuration file (exported from the McAfee server) or using the ID and password already defined for login to McAfee on the damaged machine.
It all depends on his McAfee works. If you type the password into McAfee after the computer has booted, in order to get to your data - then you could use Linux or another OS to in turn use McAfee to decrypt your data.
If you type your password into McAfee in order to boot then you have other problems. You need to decrypt the drive using McAfee, and then shunt to another OS. Which is (most likely) impossible because your computer starts "booting" your hard drive, and the boot process is McAfee asking for your password to continue. So you can't shunt after that because you've already picked what place to boot from. So! You would need to use McAfee on another OS to look at the drive and decrypt it without booting that drive. I would expect McAfee to have this capability, but I don't know for sure.
You will need your password no matter what, and you **will need* McAfee (the install program you used when you first set this up) to get your data.
I think you'd need to find a way to mount the drive (or image the drive to another disk) and mount it in a computer with McAfee's product installed.
Another possibility...image the drive with DD to another system, and use a virtual machine to boot Windows with McAfee installed and mount your encrypted disk as another drive and try mounting it from there.