your CD/DVD drive, and restart your computer.
Note: This feature cannot be used to restore the header of a hidden volume within which a
hidden operating system resides (see the section Hidden Operating System). To restore
such a volume header, click Select Device, select the partition behind the decoy system
partition, click OK, select Tools -> Restore Volume Header and then follow the instructions.
WARNING: By restoring key data using a VeraCrypt Rescue Disk, you also restore the
password that was valid when the VeraCrypt Rescue Disk was created. Therefore,
whenever you change the password, you should destroy your VeraCrypt Rescue Disk and
create a new one (select System -> Create Rescue Disk). Otherwise, if an attacker knows
your old password (for example, captured by a keystroke logger) and if he then finds your
old VeraCrypt Rescue Disk, he could use it to restore the key data (the master key
encrypted with the old password) and thus decrypt your system partition/drive.
If Windows is damaged and cannot start, the VeraCrypt Rescue Disk allows you to
permanently decrypt the partition/drive before Windows starts. In the Rescue Disk screen,
select Repair Options > Permanently decrypt system partition/drive. Enter the correct
password and wait until decryption is complete. Then you can e.g. boot your MS Windows
setup CD/DVD to repair your Windows installation. Note that this feature cannot be used to
decrypt a hidden volume within which a hidden operating system resides (see the section
Hidden Operating System).
Note: Alternatively, if Windows is damaged (cannot start) and you need to repair it (or
access files on it), you can avoid decrypting the system partition/drive by following these
steps: If you have multiple operating systems installed on your computer, boot the one that
does not require pre-boot authentication. If you do not have multiple operating systems
installed on your computer, you can boot a WinPE or BartPE CD/DVD or you can connect
your system drive as a secondary or external drive to another computer and then boot the
operating system installed on the computer. After you boot a system, run VeraCrypt, click
Select Device, select the affected system partition, click OK , select System > Mount
Without Pre-Boot Authentication, enter your pre-boot-authentication password and click
OK. The partition will be mounted as a regular VeraCrypt volume (data will be on-the-fly
decrypted/encrypted in RAM on access, as usual).
Your VeraCrypt Rescue Disk contains a backup of the original content of the first drive
track (made before the VeraCrypt Boot Loader was written to it) and allows you to restore it
if necessary. The first track typically contains a system loader or boot manager. In the
Rescue Disk screen, select Repair Options > Restore original system loader.
Note that even if you lose your VeraCrypt Rescue Disk and an attacker finds it, he or she will not
be able to decrypt the system partition or drive without the correct password.
To boot a VeraCrypt Rescue Disk, insert it into your CD/DVD drive and restart your computer. If the
VeraCrypt Rescue Disk screen does not appear (or if you do not see the ‘Repair Options’ item in the
‘Keyboard Controls’ section of the screen), it is possible that your BIOS is configured to attempt to
boot from hard drives before CD/DVD drives. If that is the case, restart your computer, press F2 or
Delete (as soon as you see a BIOS start-up screen), and wait until a BIOS configuration screen
appears. If no BIOS configuration screen appears, restart (reset) the computer again and start
pressing F2 or Delete repeatedly as soon as you restart (reset) the computer. When a BIOS
configuration screen appears, configure your BIOS to boot from the CD/DVD drive first (for
