Question Lost Data on BitLocker-Encrypted HDD after NVMe Windows install - - is recovery possible ?

[ankido]

I'm facing a serious issue after attempting to upgrade my computer's storage. I decided to install a Samsung 990 NVMe SSD, replacing my 860 EVO. I backed up all my data to a traditional HDD, which remained connected in my computer during the installation process. That was my mistake, I neglected to unplug the other hard drives.

The problem arose when Windows wouldn't install on the NVMe, which was listed as Disk 0. After troubleshooting with assistance from Grok, I ran some disk cleanup commands. I was careful not to touch the other disks, as I knew Disk 0 was the NVMe. Eventually, I unplugged the three HDDs and the Drobo external storage device, which allowed me to successfully install Windows 11 Pro on the NVMe.

Unfortunately, the HDD containing my critical data was partially overwritten with a Windows setup, wiping all my files. I never attempted to install Windows on that HDD, my focus was solely on the 990 NVMe. My question is, Can my data be recovered? Complicating matters, the HDD is encrypted with BitLocker, and I was unaware it was enabled. I was never prompted to set up BitLocker or given an encryption key or password. The data on this HDD is incredibly important to me. I'm a singer, and my master recordings were stored there, my entire collection of songs, with no other copies. If these files can't be recovered, it would be a devastating loss. Windows has really let me down here.

Can I recover my data? If not, can professionals or specialized software retrieve my files in their original form, despite the BitLocker encryption?

 

[SkyNetRising]

with assistance from Grok, I ran some disk cleanup commands.
I was careful not to touch the other disks, as I knew Disk 0 was the NVMe.

What commands exactly?
Drive numbers can be different in windows OS and windows installation/recovery environment.

Unfortunately, the HDD containing my critical data was partially overwritten with a Windows setup, wiping all my files.

Only way this could happen, if you manually wiped wrong drive.
Or used windows media creation tool on wrong drive.

Can you show screenshot from Disk Management with all drives connected?
Add notes with drive model names.
(upload screenshot to imgur.com and post link)

Can my data be recovered? Complicating matters, the HDD is encrypted with BitLocker

You'd have to remove bitlocker first.
Then try data recovery software.

 

[rgd1101]

clone the hdd. then try any recovery

2c. important data should have more than 1 backup. and in different place

 

[evermorex76]

If part of the data was wiped by the install, then all the partition data was wiped. You aren't going to recover this data yourself, in all likelihood. If it was unencrypted, you might be able to run recovery software to scan for files, but without the drive's partitioning you can't run a normal decryption to make that data available. If you have the recovery key maybe recovery services could extract the data and decrypt whatever wasn't overwritten. If you used a Microsoft account the key ought to be stored there. If not, then you're just flat out screwed. This isn't the fault of Windows, it's your fault.

 

[USAFRet]

A corrupted or partially overwritten BitLocker volume is gone gone gone.

 

[evermorex76]

A corrupted or partially overwritten BitLocker volume is gone gone gone.

I would think that potentially, the right software could extract the remaining blocks/sectors and decrypt those, recovering the data that was in those sectors, but then whether it could be assembled properly to recover files is questionable.

 

[USAFRet]

I would think that potentially, the right software could extract the remaining blocks/sectors and decrypt those, recovering the data that was in those sectors, but then whether it could be assembled properly to recover files is questionable.

Sectors... maybe, probably.
Actual usable "files"? Probably not. And thats all we care about...the files.

If a hurricane rolls over my house, the fact that I can recover an individual 2x4 is irrelevant.


and all could have been prevented with a simple automated backup routine.

 

[evermorex76]

If you can just do a bit for bit read of the data on the right sectors and decrypt it, those sectors might contain enough data to rebuild a file just like any other scan for files when there is no file table. Of course with the way SSDs work, there's no telling which actual physical blocks were used for each logical partition, and no way to ensure that you could actually read all the blocks that were in use at the time as the controller may have remapped many of them due to things like wear-leveling.

But I was reading more and I was reminded that the recovery key isn't the actual encryption/decryption key. It just decrypts the actual encryption key which is stored in encrypted form on the drive itself in the BitLocker metadata area for that partition. In OP's case, that metadata was almost certainly wiped for the C drive, which means the actual key that can decrypt it is completely gone. Brute force decryption would then be the only possible way to recover the encrypted data that wasn't wiped, if you happen to have 32 trillion years or so to work on it.

Now, if there was a second partition on the drive that wasn't overwritten, then the BitLocker encryption key for that drive would still be on the disk, I believe. So you could plug it into a working machine and enter the recovery key to access it.

Incidentally, on every system I've worked on, SATA drives are enumerated before NVMe drives. So "Disk 0" was almost certainly the 860 EVO drive in the initial install attempt.

 

[ankido]

Thank you for the feedback. The wiped hard drive was Disk 4 or 5, nowhere near Disk 0, so I’m unsure why it was targeted. Currently, I’m using R-Studio, which seems to have located my files. Extraction will take another six hours, and I’m hopeful it works.


It’s surprising that in 2025, technology still struggles to prevent or recover accidentally wiped files. Ideally, systems could restore drives to their original state after such incidents, but that technology doesn’t exist yet. My mistake was not backing up to my Drobo, which has been reliable for nearly 20 years. The ability to replace a failed drive and rebuild data is impressive, and I recommend everyone consider a personal storage device like Drobo.


To clarify, this wasn’t my fault. I didn’t select the drive, and it wasn’t near Disk 0. I suspect Windows may have targeted it due to an EFI partition. With six hours left, I’m optimistic about recovering my files. This looks promising.

 

[USAFRet]

Ideally, systems could restore drives to their original state after such incidents, but that technology doesn’t exist yet.

Yes it does exist.
Its called a backup.

If any or all of the 6x physical drives in my system were to die right now, I could to a 100% recovery, to the state they were in the wee hours of this morning.

What happened with your drives is....the actual data got overwritten. There is no magic to undo that.

 

[USAFRet]

The ability to replace a failed drive and rebuild data is impressive, and I recommend everyone consider a personal storage device like Drobo.

Long ago, I seriously considered the Drobo.

The horror stories led me away from those, into a regular NAS box.
The proprietary nature of the (now-defunct) Drobo file system and its pseudo-RAID lead to many complications.

 

[evermorex76]

To clarify, this wasn’t my fault.

Yes, it was, because you weren't paying attention and didn't follow proper procedures. The fact that there's no technology to magically revert what you did wrong is irrelevant. Every time something is made foolproof, nature invents a better fool. (I don't mean you were stupid, you just made a mistake.) Technology and software can only do so much. Users have to be responsible at some point. Otherwise you wouldn't be allowed to use your own computer because inevitably you'll make a mistake, and it's impossible for the technology to stop you from making every possible mistake or be able to recover from it without some work on your part.

You seem to have gotten lucky in that the BitLocker metadata was not overwritten, so R-Studio is able to decrypt the rest of the data. How much may have been lost, if any, would depend on just what the Windows install actually replaced. Maybe all it did was change the EFI System Partition which made it look like the other data wasn't accessible since you couldn't boot to it.

FYI, by default, Windows 11 non-Pro does enable "Device Encryption" when you install it, unless you use workarounds to only use a local account instead of a Microsoft Account. (With a local account the option will be "on" but the encryption doesn't occur until an MS account is connected so that the recovery key can be stored there.) So your new installation is probably also encrypted. Device Encryption uses BitLocker technology but doesn't provide the full BitLocker interface and capabilities that Pro has. For example it just encrypts every fixed drive rather than letting you select which drives to encrypt.

 

[rgd1101]

you main issue is believe MS doesn't mess up because "they know better". the only one care about your data is you.