How to remove full disk encryption

1 minute read

Assuming you have full access to the system and don’t have an ‘official’ way to remove it.

First, dump the partition with microsoft’s disk2vhd. Do it off a live system, so the data is saved after decryption To copy it back onto the physical system:

  1. Convert vhd to the raw disk format
  2. Boot into a linux based recovery disk and dd the raw disk over the partition you dumped.
  3. Boot into a safe mode, disable the full disk encryption services/drivers, so they don’t try to reencrypt your plain data and boot normally

To copy it into a VM:

  1. Convert that image to vdi
  2. Mount it as a second disk
  3. Boot into linux, copy the mounted disk over the encrypted partition (dd if=/dev/sdb of=/dev/sda1)
  4. You might need to fix the partition table with testdisk
  5. Boot into a safe mode, disable the full disk encryption services/drivers, so they don’t try to reencrypt your plain data and boot normally
Licensed under CC BY-NC-SA 4.0
Based off the Stack theme.