Romex Software Forum

Based on my search in previous posts, I was under the impression that that data was stored in an encrypted state in the cache.

My OS NVME and HDD storage drives all have FDE enabled. I wanted to see for myself whether or not data could be recovered from the caching drive. I used 7zip to checksum some files on a folder to trigger the caching function, with a formerly bitlocker encrypted USB drive as a cache. I monitored the completion of caching via process monitor. When it was complete, I deleted the cache task from primo drive.

I then formatted the usb drive via disk manager and mounted it as a lettered volume. I initially used Recuva, which just gave me thousands of junk files. I tried Ease and with that, I was able to successsfully recover files up until the free 2GB limit. Videos were playable. I ensured that caching of encrypted data, at least as I understand it by using the stack 0 command posted in an old post.

Command below makes PrimoCache caches encrypted data (volume level)
rxpcc stack 0 -r

If you want PrimoCache to cache decrypted data (default)
rxpcc stack 1 -r

Am I doing something wrong or is this working as designed. If it is as designed, I feel like it should be more clearly disclosed.

Hi pcusr14506, what's your Windows OS and PrimoCache version?

Version 10.0.19043 Build 19043
GUI Version 4.1.0
Kernel Version 4.1.0.1

Could you open the registry editor and then locate to the branch "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}, then upload a screenshot of its values? We'd like to check the values in "LowerFilters" and "UpperFilters".

And same operations to the branch "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}".

FYI, I did do some disabling and re-enabling of the cache to purge and recreate the cache as I'm in the process of ensuring the cache only touches media/games drives and nothing more sensitive. Not sure if that may have changed values.

The settings seems no problem. We have arranged a test to verify this problem and will keep you updated. Thanks.

Any follow-up on this?

I think it is a material security issue if people are operating under the assumption that their data is encrypted when it is not.

I updated the information in the thread viewtopic.php?p=17016#p17016. I'm sorry that I forgot update here too. We did a test case with Bitlocker before and we can confirm that the the cached data are encrypted.