Restoring a deleted TrueCrypt partition

In connection with the termination of the project, the topic is less relevant, but still

At one time, installing Windows, I decided not to touch the system partition, but to encrypt the data partition.
As a result, the HDD looked like this:


')
The last section on 831.51 gb is a volume encrypted with TrueCrypt.
Due to an annoying error, I deleted all partitions from my HDD.
There are many programs restoring remote partitions (Paragon HDM helped me), but since the TrueCrypt volume cannot be distinguished from a set of random data, no program was able to detect it.

Below you will learn how to recover a deleted TrueCrypt volume (having a password / key file)

First you need to find the beginning of the TrueCrypt section.
I knew that my encrypted partition was located immediately after the first two, and went there:
WinHex, Tools -> Open Disk . Open your HDD. Having opened, we select the last existing section.



Section 2 begins in sector 206,848 and occupies 209,510,400 sectors.
Therefore, the next section should start in sector 209,717,248.
Go there: Navigation -> Go to Sector
At the beginning of the encrypted partition, the headers of the TrueCrypt partition are stored.
To check, save the first 200kb to a file (this can be done even in the WinHex demo version):
Edit -> Define block
In Beginning, we specify the offset at which our intended partition begins.
In End we specify it + 204800 (WinHex only worked correctly for me if OffSet is in Hex mode, you can switch the mode by clicking the Offset column).
In my case, these were 1900100000 (h) and 1900132000 (h)
The selected block must be saved to a file:
Edit -> Copy Block -> Into New File -> header.tc
The resulting file is mounted on a free letter using TrueCrypt:



If the file could be mounted, then the title really was located here.
Open the properties of the volume and write down its size: 892 826 550 272 bytes



Also, for verification, you can open a mounted partition using WinHex.
He, of course, curses - but we can see the beginning of our decoded partition:
Tools -> Open Disk -> select the letter where we mounted the file (I have Z:)



Ok, so far everything is working out.
Unmount the Z: drive, proceed to repair.

WARNING:
At this stage, it is better to make a sector copy of the HDD in case something goes wrong!

The size of the TC partition, as we found out earlier, was 892,826,550,272 bytes (you will have another one). To this number you need to add the standard size of the TrueCrypt-header: 262144 bytes.
Total, the size of the created partition should be 892826812416 bytes
Twice we divide by 1024 - we get the size in megabytes. Now you can create a partition with the usual Windows Disk Manager (it allows you to specify the size only in megabytes).

When creating a section, DO NOT assign a letter to it and DO NOT FORMAT it:



During the creation of the section, its beginning was overwritten - but we have a copy.
Start WinHex with administrator rights and put it into edit mode:
Option -> Edit Mode -> Default Edit Mode
Open the beginning of the created section - there should be zeros:



Now open the saved copy of the section header, select and copy the missing blocks from there:
Edit -> Copy Block -> Normally



Go back to our section, click on its first block and insert the data:
Edit -> Clipboard Data -> Write
File -> Save Sectors
Done, now the partition should be mounted using TrueCrypt

PS Once I had the headers extracted into the file mounted, but the partition was not mounted.
The creation of a slightly smaller partition helped.