Recovering Data From An Old Encrypted Time Machine Backup

Recovering data from a backup should be an easy thing to do. At least this is what you expect. Yesterday I had a problem which should have been easy to solve, but it was not. I hope this blog post can help others who face the same problem.

The problem

1. I had an encrypted Time Machine backup which was not used for months
2. This backup was not on an official Apple Time Capsule or on a USB HDD, but on a WD MyCloud NAS
3. I needed files from this backup
4. After running out of time I only had SSH access to the macOS, no GUI

The struggle

By default, Time Machine is one of the best and easiest backup solution I have seen. As long as you stick to the default use case, where you have one active backup disk, life is pink and happy. But this was not my case.

As always, I started to Google what shall I do. One of the first options recommended that I add the backup disk to Time Machine, and it will automagically show the backup snapshots from the old backup. Instead of this, it did not show the old snapshots but started to create a new backup. Panic button has been pressed, backup canceled, back to Google.

Other tutorials recommend to click on the Time Machine icon and pressing alt (Option) key, where I can choose "Browse other backup disks". But this did not list the old Time Machine backup. It did list the backup when selecting disks in Time Machine preferences, but I already tried and failed that way.

YAT (yet another tutorial) recommended to SSH into the NAS, and browse the backup disk, as it is just a simple directory where I can see all the files. But all the files inside where just a bunch of nonsense, no real directory structure.

YAT (yet another tutorial) recommended that I can just easily browse the content of the backup from the Finder by double-clicking on the sparse bundle file. After clicking on it, I can see the disk image on the left part of the Finder, attached as a new disk.
Well, this is true, but because of some bug, when you connect to the Time Capsule, you don't see the sparse bundle file. And I got inconsistent results, for the WD NAS, double-clicking on the sparse bundle did nothing. For the Time Capsule, it did work.
At this point, I had to leave the location where the backup was present, and I only had remote SSH access. You know, if you can't solve a problem, let's complicate things by restrict yourself in solutions.

Finally, I tried to check out some data forensics blogs, and besides some expensive tools, I could find the solution.

The solution

Finally, a blog post provided the real solution - hdiutil.
The best part of hdiutil is that you can provide the read-only flag to it. This can be very awesome when it comes to forensics acquisition.

To mount any NAS via SMB:

mount_smbfs afp://<username>@<NAS_IP>/<Share_for_backup> /<mountpoint>

To mount a Time Capsule share via AFP:

mount_afp afp://any_username:password@<Time_Capsule_IP>/<Share_for_backup> /<mountpoint>

And finally this command should do the job:

hdiutil attach test.sparsebundle -readonly

It is nice that you can provide read-only parameter.

If the backup was encrypted and you don't want to provide the password in a password prompt, use the following:

printf '%s' 'CorrectHorseBatteryStaple' | hdiutil attach test.sparsebundle -stdinpass -readonly

Note: if you receive the error "resource temporarily unavailable", probably another machine is backing up to the device

And now, you can find your backup disk under /Volumes. Happy restoring!

Probably it would have been quicker to either enable the remote GUI, or to physically travel to the system and login locally, but that would spoil the fun.Related word

1. Pentest Tools For Windows
2. Hacking Tools Name
3. Hacking Tools 2019
4. Pentest Tools Android
5. Ethical Hacker Tools
6. Hacking Tools Kit
7. Hacking Tools Online
8. Hack Tools Mac
9. Pentest Tools Subdomain
10. Pentest Tools Framework
11. Hacking Tools For Windows 7
12. Blackhat Hacker Tools
13. Hacker Tools 2020
14. Pentest Automation Tools
15. Hacker Tools Free Download
16. Hacking Tools Kit
17. Hak5 Tools
18. Hack App
19. Android Hack Tools Github
20. Hacker Tools Hardware
21. Free Pentest Tools For Windows
22. Hacker Search Tools
23. Hacker Search Tools
24. Pentest Tools Apk
25. Bluetooth Hacking Tools Kali
26. Hacker Tools
27. Hacking Tools Online
28. Nsa Hack Tools
29. Hacking Tools
30. How To Make Hacking Tools
31. Hack App
32. Hacking App
33. Pentest Tools For Android
34. Hacking Tools Online
35. Hacking Tools Windows
36. Hacking Tools For Kali Linux
37. Top Pentest Tools
38. Hacking Tools For Mac
39. Tools Used For Hacking
40. Pentest Tools For Ubuntu
41. Hacker
42. Underground Hacker Sites
43. Free Pentest Tools For Windows
44. Kik Hack Tools
45. Hacking Tools For Beginners
46. Pentest Reporting Tools
47. New Hacker Tools
48. Hacker
49. Hacking Tools For Windows 7
50. Hacker Tools List
51. Pentest Tools Download
52. Top Pentest Tools
53. Hacker Tools Windows
54. Pentest Tools Apk
55. Pentest Tools Nmap
56. Pentest Automation Tools
57. Hack Tools
58. Nsa Hacker Tools
59. Pentest Tools Framework
60. How To Hack
61. Pentest Tools For Windows
62. Hacking App
63. Hack Rom Tools
64. Growth Hacker Tools
65. Computer Hacker
66. Pentest Tools Website
67. Hack Tools
68. Pentest Tools Nmap
69. Hacking Tools Windows
70. Pentest Tools Port Scanner
71. Tools 4 Hack
72. Hack Tools Mac
73. Hacking Tools For Pc
74. Hacking Tools Online
75. Github Hacking Tools
76. Hacking Tools Kit
77. Hackers Toolbox
78. Pentest Tools Website Vulnerability
79. Pentest Tools Kali Linux
80. What Is Hacking Tools
81. Hacker Tools
82. Hack Tools Pc
83. Hacker Tools For Pc
84. Hack Website Online Tool
85. Pentest Tools Framework
86. Pentest Tools List
87. Pentest Tools Port Scanner
88. Hack Tools Download
89. Hacker Tools Apk
90. Hacker Tools Apk
91. Hacker Techniques Tools And Incident Handling
92. Hacker Tools Apk
93. Pentest Tools For Windows
94. Hack Tools For Ubuntu
95. Hack Tools Online