Recovering Data From An Old Encrypted Time Machine Backup

Recovering data from a backup should be an easy thing to do. At least this is what you expect. Yesterday I had a problem which should have been easy to solve, but it was not. I hope this blog post can help others who face the same problem.

The problem

1. I had an encrypted Time Machine backup which was not used for months
2. This backup was not on an official Apple Time Capsule or on a USB HDD, but on a WD MyCloud NAS
3. I needed files from this backup
4. After running out of time I only had SSH access to the macOS, no GUI

The struggle

By default, Time Machine is one of the best and easiest backup solution I have seen. As long as you stick to the default use case, where you have one active backup disk, life is pink and happy. But this was not my case.

As always, I started to Google what shall I do. One of the first options recommended that I add the backup disk to Time Machine, and it will automagically show the backup snapshots from the old backup. Instead of this, it did not show the old snapshots but started to create a new backup. Panic button has been pressed, backup canceled, back to Google.

Other tutorials recommend to click on the Time Machine icon and pressing alt (Option) key, where I can choose "Browse other backup disks". But this did not list the old Time Machine backup. It did list the backup when selecting disks in Time Machine preferences, but I already tried and failed that way.

YAT (yet another tutorial) recommended to SSH into the NAS, and browse the backup disk, as it is just a simple directory where I can see all the files. But all the files inside where just a bunch of nonsense, no real directory structure.

YAT (yet another tutorial) recommended that I can just easily browse the content of the backup from the Finder by double-clicking on the sparse bundle file. After clicking on it, I can see the disk image on the left part of the Finder, attached as a new disk.
Well, this is true, but because of some bug, when you connect to the Time Capsule, you don't see the sparse bundle file. And I got inconsistent results, for the WD NAS, double-clicking on the sparse bundle did nothing. For the Time Capsule, it did work.
At this point, I had to leave the location where the backup was present, and I only had remote SSH access. You know, if you can't solve a problem, let's complicate things by restrict yourself in solutions.

Finally, I tried to check out some data forensics blogs, and besides some expensive tools, I could find the solution.

The solution

Finally, a blog post provided the real solution - hdiutil.
The best part of hdiutil is that you can provide the read-only flag to it. This can be very awesome when it comes to forensics acquisition.

To mount any NAS via SMB:

mount_smbfs afp://<username>@<NAS_IP>/<Share_for_backup> /<mountpoint>

To mount a Time Capsule share via AFP:

mount_afp afp://any_username:password@<Time_Capsule_IP>/<Share_for_backup> /<mountpoint>

And finally this command should do the job:

hdiutil attach test.sparsebundle -readonly

It is nice that you can provide read-only parameter.

If the backup was encrypted and you don't want to provide the password in a password prompt, use the following:

printf '%s' 'CorrectHorseBatteryStaple' | hdiutil attach test.sparsebundle -stdinpass -readonly

Note: if you receive the error "resource temporarily unavailable", probably another machine is backing up to the device

And now, you can find your backup disk under /Volumes. Happy restoring!

Probably it would have been quicker to either enable the remote GUI, or to physically travel to the system and login locally, but that would spoil the fun.

Continue reading

1. Hack And Tools
2. Hacking Tools Usb
3. Hack Tools For Games
4. Hacker Tools Apk
5. Hacker Tools 2019
6. Blackhat Hacker Tools
7. Pentest Automation Tools
8. Hacking Tools Kit
9. Pentest Tools List
10. What Is Hacking Tools
11. Physical Pentest Tools
12. New Hack Tools
13. Pentest Automation Tools
14. Hacking Tools For Beginners
15. Hacking Tools Free Download
16. Game Hacking
17. Pentest Tools Open Source
18. Pentest Tools Online
19. Hacking Tools For Windows
20. Hacking Tools For Mac
21. Hacker Security Tools
22. Hackers Toolbox
23. Pentest Tools Download
24. Hacking Tools For Mac
25. Hacking Tools Usb
26. Hacking Tools Software
27. Pentest Tools Bluekeep
28. Hacker Tools
29. What Are Hacking Tools
30. Hack Tools
31. Pentest Tools Kali Linux
32. Hacking Tools 2019
33. Hacking Tools For Pc
34. Nsa Hacker Tools
35. Computer Hacker
36. Best Hacking Tools 2019
37. Hacker Tools For Mac
38. Hacking Tools Software
39. World No 1 Hacker Software
40. Hacking App
41. Hacking Tools And Software
42. Hack Tool Apk No Root
43. Pentest Tools Open Source
44. Kik Hack Tools
45. Pentest Tools Find Subdomains
46. Pentest Tools For Mac
47. Pentest Tools Windows
48. Hak5 Tools
49. Hack Tools For Mac
50. Pentest Tools Website
51. Pentest Tools Subdomain
52. Hacker Tools Apk Download
53. How To Install Pentest Tools In Ubuntu
54. Tools 4 Hack
55. Hack Website Online Tool
56. Pentest Tools Nmap
57. Hacker Tools Apk
58. Best Pentesting Tools 2018
59. Hacking Tools For Pc
60. Hacker Tools Software
61. Hacking Tools For Windows
62. Hacker Tools Linux
63. Hacker Security Tools
64. Hack Apps
65. Hack Tools 2019
66. Hacker
67. Hacker Tools Windows
68. Hacking Tools 2020
69. Pentest Tools Tcp Port Scanner
70. Nsa Hacker Tools
71. Hack Tools For Windows
72. Top Pentest Tools
73. Hacking Tools For Games
74. New Hack Tools
75. What Is Hacking Tools
76. Hack Website Online Tool
77. Pentest Automation Tools
78. Hacking Tools 2020
79. Best Hacking Tools 2019
80. Pentest Tools Tcp Port Scanner
81. Pentest Tools Alternative
82. Hack Tools Pc
83. Pentest Automation Tools
84. Beginner Hacker Tools
85. What Is Hacking Tools
86. Hacking Tools Download
87. Hacker Tools List
88. Tools Used For Hacking
89. Best Pentesting Tools 2018
90. Termux Hacking Tools 2019
91. Hacking Tools For Windows 7