Recover Data from Encrypted File Systems

In this exercise, you will recover an encrypted LUKS partition by using a backup LUKS header file.

*This course is not approved or sponsored by Red Hat.*

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Unlock the encrypted device.

Review the contents of /etc/crypttab:

cat /etc/crypttab

Check the mounts with lsbkl :

lsblk

Review the contents of /etc/fstab:

cat /etc/fstab

Attempt to mount /luks:

mount /luks

Look for the unlocked device in /dev/mapper:

ll /dev/mapper

Attempt to open manually:

cryptsetup luksOpen /dev/mapper/vg_1-lv_1 luks-vg_1-lv_1 --key-file /root/passphrase.key

View the key slots:

cryptsetup luksDump /dev/mapper/vg_1-lv_1

No key slots are in use. Locate the header backup in /root/:

ll /root/

Restore header file:

cryptsetup luksHeaderRestore /dev/mapper/vg_1-lv_1 --header-backup-file /root/vg_1-lv_1.header

Type uppercase YES.

Attempt to open manually again (using same key and name as /etc/crypttab:

cryptsetup luksOpen /dev/mapper/vg_1-lv_1 luks-vg_1-lv_1 --key-file /root/passphrase.key

Verify unlocked device:

ll /dev/mapper

Mount the encrypted device.

Mount the unlocked device:

mount /luks/

View the files on the device:

ll /luks/

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Recover Data from Encrypted File Systems

About this Hands-on Lab

Learning Objectives

Additional Resources

What are Hands-on Labs

Newsletter