Using Rescue File

Besides of creating Rescue Bootable Disk for System/Boot volume, it is also recommended to save a Rescue File for all the volumes you have encrypted.

When the process of initial encryption of a disk volume finishes, the program displays a message box suggesting the user should save rescue information for the encrypted volume. If the user agrees, the program proceeds with saving rescue data. If a system or boot volume has been encrypted, the Save Rescue Data dialog window will appear, otherwise the program will ask the user to browse location where Rescue File should be saved. Information inside the Rescue File is protected exactly in the same way as on encrypted volume, so there is no risk that someone who does not know a proper password will be able to use the file to access data on encrypted volume.

The Rescue File can be used to recovery decrypt a volume if some accidental damage occurs. To run the recovery decryption process select the damaged volume in main window of the program and run the Rescue ->Decrypt with rescue file command.

The Rescue File contains information about all encrypted volumes, including System and Boot volumes. The file can be used in more complicated accidental cases, for example, if computer hardware is damaged but there is a hope that hard disk with encrypted volumes is still alive.

In this case, you could insert the hard disk to another computer, install BestCrypt Volume Encryption on the computer and run the Rescue->Decrypt with rescue file command. The program will ask you to browse Rescue File for the process. Browse the file you have saved from computer that is damaged and the program will then decrypt the volume.

Rescue file contains a backup copy of encryption key for every volume in your configuration. This backup copy is securely encrypted and requires authentication with your password to be used. This also applies when Two-Factor Authentication with USB/Yubikey/eToken is configured, which means that it is possible to run rescue decryption without the device, but in that case the rescue file itself is the second factor. Thus it should be kept in a safe place elsewhere.

See also: