How to make sector level copy of external hard drive with FileVault 2 enabled

data-recoveryencryptionfilevaulthard drive

How do I make a "sector level" copy of a 4TB external hard drive that contains Filevault 2-encrypted partitions? The hard drive has three partitions each encrypted using Filevault 2. I have all three of the filevault keys if it matters. I case I'm using the wrong term, by "sector level" I mean an exact copy of the drive bit for bit including deleted information.

For background – I am working to recover some photos. I want to recover a subfolder and files contained within using data recovery software. When I run a scan using disk recovery software on my external drive I'm told I get erroneous results because Filevault 2 is on. I had used the partition cloning feature contained within the data recovery software I am using but am told by the software company who makes it that it won't work accurately with Filevault drives/partitions. An independent data recovery professional told me I need to first make a sector level copy of the external drive, then decrypt that copy, then run the scan with the data recovery software to see correct results.

Thank you for your assistance!

P.S. Adding specific drive info. /dev/disk6/ is input disk (4 TB with the 3 FileVault 2 partitions) and /dev/disk3 is output disk (labelled 4-output which is a blank 4TB) (FYI: disk2, disk4, and disk5 are within the same JBOD now which I'll unmount other disks or physically pull when I do DD to be safe).

Mikes-MacBook-Pro-3:~ mikej$ diskutil list
/dev/disk0 (internal, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *251.0 GB   disk0
   1:                        EFI EFI                     209.7 MB   disk0s1
   2:          Apple_CoreStorage Mike HD                 250.1 GB   disk0s2
   3:                 Apple_Boot Recovery HD             650.1 MB   disk0s3
/dev/disk1 (internal, virtual):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:                  Apple_HFS Mike HD                +249.8 GB   disk1
                                 Logical Volume on disk0s2
                                 6E587EBB-2506-41F2-85D2-8F6997BF22D6
                                 Unlocked Encrypted
/dev/disk2 (external, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *4.0 TB     disk2
   1:                        EFI EFI                     209.7 MB   disk2s1
   2:                  Apple_HFS 2a-MirrorIncremental    4.0 TB     disk2s2
/dev/disk3 (external, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *4.0 TB     disk3
   1:                        EFI EFI                     209.7 MB   disk3s1
   2:                  Apple_HFS 4-output                4.0 TB     disk3s2
/dev/disk4 (external, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *4.0 TB     disk4
   1:                        EFI EFI                     209.7 MB   disk4s1
   2:                  Apple_HFS 1-MasterStorage         4.0 TB     disk4s2
/dev/disk5 (external, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *4.0 TB     disk5
   1:                        EFI EFI                     209.7 MB   disk5s1
   2:                  Apple_HFS 3-scratch               4.0 TB     disk5s2
/dev/disk6 (external, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *4.0 TB     disk6
   1:                        EFI EFI                     314.6 MB   disk6s1
   2:          Apple_CoreStorage Clone                   1.0 TB     disk6s2
   3:                 Apple_Boot Boot OS X               134.2 MB   disk6s3
   4:          Apple_CoreStorage MJTimeMachine           499.8 GB   disk6s4
   5:                 Apple_Boot Boot OS X               134.2 MB   disk6s5
   6:          Apple_CoreStorage Media                   2.5 TB     disk6s6
   7:                 Apple_Boot Boot OS X               134.2 MB   disk6s7
/dev/disk7 (external, virtual):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:                  Apple_HFS MJTimeMachine          +499.4 GB   disk7
                                 Logical Volume on disk6s4
                                 268E67C3-6199-4E50-99FA-E85322903D95
                                 Unlocked Encrypted
/dev/disk8 (external, virtual):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:                 Apple_HFSX CloneMikeHD            +1000.0 GB  disk8
                                 Logical Volume on disk6s2
                                 DAA42A81-D781-4B45-A516-0342CB137788
                                 Unlocked Encrypted
/dev/disk9 (external, virtual):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:                 Apple_HFSX Media                  +2.5 TB     disk9
                                 Logical Volume on disk6s6
                                 BE5B9EBC-6DCB-49C5-B055-B00C49864795
                                 Unlocked Encrypted
Mikes-MacBook-Pro-3:~ mikej$ sudo gpt -r show disk3
Password:
       start        size  index  contents
           0           1         PMBR
           1           1         Pri GPT header
           2          32         Pri GPT table
          34           6         
          40      409600      1  GPT part - C12A7328-F81F-11D2-BA4B-00A0C93EC93B
      409640  7813365344      2  GPT part - 48465300-0000-11AA-AA11-00306543ECAC
  7813774984      262151         
  7814037135          32         Sec GPT table
  7814037167           1         Sec GPT header
Mikes-MacBook-Pro-3:~ mikej$ sudo gpt -r show disk6
      start       size  index  contents
          0          1         PMBR
          1          1         Pri GPT header
          2          4         Pri GPT table
          6      76800      1  GPT part - C12A7328-F81F-11D2-BA4B-00A0C93EC93B
      76806  244231258      2  GPT part - 53746F72-6167-11AA-AA11-00306543ECAC
  244308064      32768      3  GPT part - 426F6F74-0000-11AA-AA11-00306543ECAC
  244340832  122021070      4  GPT part - 53746F72-6167-11AA-AA11-00306543ECAC
  366361902      32768      5  GPT part - 426F6F74-0000-11AA-AA11-00306543ECAC
  366394670  610318797      6  GPT part - 53746F72-6167-11AA-AA11-00306543ECAC
  976713467      32768      7  GPT part - 426F6F74-0000-11AA-AA11-00306543ECAC
  976746235          4         Sec GPT table
  976746239          1         Sec GPT header

Best Answer

At least Carbon Copy Cloner is just a wrapper for either dd or rsync. I suspect that it's the same with SuperDuper!.

Since both tools (of which rsync is not needed here) are already included in OS X you don't have to buy it.

To clone one drive to another you have to prepare the source and the target drive.

Most sizes and commands containing sizes, disk identifiers or paths etc. below are just examples. You have to replace them by respective values found in your set up/listings.

Mark the source drive with a red sticker, if the source and target drive have identical cases!
Attach both drive but don't mount the encrypted FileVault volume. If it is already mounted unmount it. Detach all other external drives.

Open Terminal and enter diskutil list to get an overview. You will get a list of all attached drives similar to this one - your output may slightly differ):

/dev/disk0
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *121.3 GB   disk0
   1:                        EFI EFI                     209.7 MB   disk0s1
   2:          Apple_CoreStorage                         121.0 GB   disk0s2
   3:                 Apple_Boot Boot OS X               134.2 MB   disk0s3
/dev/disk1
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *3.0 TB     disk1
   1:                        EFI EFI                     209.7 MB   disk1s1
   2:          Apple_CoreStorage                         3.0 TB     disk1s2
   3:                 Apple_Boot Recovery HD             650.0 MB   disk1s3
/dev/disk2
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:                  Apple_HFS Macintosh HD           *3.1 TB     disk2
/dev/disk3
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *4.0 TB     disk3
   1:                        EFI EFI                     314.6 MB   disk3s1
   2:          Apple_CoreStorage Encrypted               4.0 TB     disk3s2
   3:                 Apple_Boot Boot OS X               134.2 MB   disk3s3
/dev/disk4
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *4.0 TB     disk4
   1:                        EFI EFI                     314.6 MB   disk4s1
   2:                  Apple_HFS Data                    4.0 TB     disk4s2

Now you have to analyze the output. Here disk0 and disk1 are a 3.1 TB Fusion drive with the CoreStorage volume mounted as disk2. Disk3 is obviously the encrypted disk with deleted data which should be cloned. Disk4 is a spare drive and the target of the clone task. Disk4 has to have at least the same size as disk3! Check this with diskutil info disk3 and diskutil info disk4.

Below I assume disk3 is the source and disk4 is the target of the clone task. Your disk identifiers may be different (e.g. disk2 and disk3)

Check the device block sizes with
```
diskutil info disk3 | grep "Device Block Size:"
diskutil info disk4 | grep "Device Block Size:"
```
Usually the Device Block Size of ≥4 TB drives is 4096 Bytes. If the block sizes of disk3 and 4 are equal you are fine.

Now get the partition tables of the external drives with sudo gpt -r show diskX. The output should be similar to the one below:

sudo gpt -r show disk3
      start       size  index  contents
          0          1         PMBR
          1          1         Pri GPT header
          2          4         Pri GPT table
          6      76800      1  GPT part - C12A7328-F81F-11D2-BA4B-00A0C93EC93B
      76806  976636661      2  GPT part - 53746F72-6167-11AA-AA11-00306543ECAC
  976713467      32768      3  GPT part - 426F6F74-0000-11AA-AA11-00306543ECAC
  976746235          4         Sec GPT table
  976746239          1         Sec GPT header
sudo gpt -r show disk4
      start       size  index  contents
          0          1         PMBR
          1          1         Pri GPT header
          2          4         Pri GPT table
          6      76800      1  GPT part - C12A7328-F81F-11D2-BA4B-00A0C93EC93B
      76806  976636711      2  GPT part - 48465300-0000-11AA-AA11-00306543ECAC
  976713517      32768         
  976746285          4         Sec GPT table
  976746289          1         Sec GPT header

Start and size values are block numbers or blocks. Block numbering starts at block 0! In my example disk4 is slightly bigger (50 blocks) than disk3.

First you have to create identical "mirror" partition entries on disk4 (with the same values as those on disk3).
Unmount the target drive:
```
diskutil umountDisk disk4
```
Destroy and recreate the GUID partition table (and/or remove an MBR partition table) of the target drive:
```
sudo gpt destroy disk4
sudo gpt create -f disk4
```

get an overview of disk4 with sudo gpt -r show disk4. It should look like this:

      start       size  index  contents
          0          1         PMBR
          1          1         Pri GPT header
          2          4         Pri GPT table
          6  976746279
  976746285          4         Sec GPT table
  976746289          1         Sec GPT header

Now recreate the first two partitions of disk 3 with the values of disk3 on disk4:
```
sudo gpt add -i 1 -b 6 -s 76800 -t C12A7328-F81F-11D2-BA4B-00A0C93EC93B disk4
sudo gpt add -i 2 -b 76806 -s 976636661 -t 53746F72-6167-11AA-AA11-00306543ECAC disk4
```
This will only modify the GUID partition table (the first 6 and the last 5 blocks) of disk4.

Recheck the partition table of disk4 with sudo gpt -r show disk4. It should look like this now:

      start       size  index  contents
          0          1         PMBR
          1          1         Pri GPT header
          2          4         Pri GPT table
          6      76800      1  GPT part - C12A7328-F81F-11D2-BA4B-00A0C93EC93B
      76806  976636661      2  GPT part - 53746F72-6167-11AA-AA11-00306543ECAC
  976713467      32818         
  976746285          4         Sec GPT table
  976746289          1         Sec GPT header

Now clone the content of disk3s1 and disk3s2 to disk4s1 and disk4s2:
```
sudo dd if=/dev/disk3s1 of=/dev/disk4s1 bs=1m
sudo dd if=/dev/disk3s2 of=/dev/disk4s2 bs=1m
```
Clone disk3s3 to a file:
```
sudo dd if=/dev/disk3s3 of=/Users/user_name/Desktop/bootosx.cdr bs=1m
```
Replace user_name by your short user name.

Cloning the first partition (300 MiB) is fast (~3.5 seconds). Cloning the second partition (4 TB) will take about 11 hours (USB3/Thunderbolt) or 30-50 hours (USB2).
Unmount the source drive:
```
diskutil umountDisk disk3
```
and detach it. Check if the target drive still is disk4: diskutil list.

add the third partition on disk4:

sudo gpt add -i 3 -b 976713467 -s 32768 -t 426F6F74-0000-11AA-AA11-00306543ECAC disk4

Clone bootosx.cdr to disk4s3:

sudo dd if=/Users/user_name/Desktop/bootosx.cdr of=/dev/disk4s3 bs=1m

After the cloning to the last partition on the target disk is done, you should be asked for the FileVault password.
Don't attach the source and the target drive at the same time on one Mac. They have identical UUIDS for the LVG/PV/LVF/LV (the CoreStorage Volume Group containing the FileVault container) and I don't know if and how they "coexist".

Adaption to the actual set up of the OP

The target disk (disk3) has a different Device Block Size (512 Byte). The source disk has several FileFault2 volumes.

Under these circumstances some partition table values of the target disk (disk3) have to be adjusted and only one of the CoreStorage partitions has to be cloned with dd.

Unmount the target drive:
```
diskutil umountDisk disk3
```
Destroy and recreate the GUID partition table (and/or remove an MBR partition table) of the target drive:
```
sudo gpt destroy disk3
sudo gpt create -f disk3
```

get an overview of disk3 with sudo gpt -r show disk3. It should look like this:

       start        size  index  contents
           0           1         PMBR
           1           1         Pri GPT header
           2          32         Pri GPT table
          34  7814037101         
  7814037135          32         Sec GPT table
  7814037167           1         Sec GPT header

Now recreate the first and the sixth partition of disk 6 with modified values on disk3. Since the Device Block Sizes of the two disks are different you have to recalculate start blocks and sizes (usually by multiplying with 8):
```
sudo gpt add -i 1 -b 40 -s 614400 -t C12A7328-F81F-11D2-BA4B-00A0C93EC93B disk3
sudo gpt add -i 2 -b 614440 -s 4882550376 -t 53746F72-6167-11AA-AA11-00306543ECAC disk3
```
This will only modify the GUID partition table of disk3.

Recheck the partition table of disk3 with sudo gpt -r show disk3. It should look like this now:

       start        size  index  contents
           0           1         PMBR
           1           1         Pri GPT header
           2          32         Pri GPT table
          34          40
          40      614400      1  GPT part - C12A7328-F81F-11D2-BA4B-00A0C93EC93B
      614440  4882550376      2  GPT part - 53746F72-6167-11AA-AA11-00306543ECAC         
  4883164816  2930872319
  7814037135          32         Sec GPT table
  7814037167           1         Sec GPT header

Now clone the content of disk6s1 and disk6s6 to disk3s1 and disk3s2:
```
sudo dd if=/dev/disk6s1 of=/dev/disk3s1 bs=1m
sudo dd if=/dev/disk6s6 of=/dev/disk3s2 bs=1m
```
Clone disk6s7 to a file:
```
sudo dd if=/dev/disk6s7 of=/Users/user_name/Desktop/bootosx.cdr bs=1m
```
Replace user_name by your short user name.

Cloning the first partition (300 MiB) is fast (~3.5 seconds). Cloning the FileVault partition (2.5 TB) will take about 7 hours (USB3/Thunderbolt) or 20-35 hours (USB2).
Unmount the source drive:
```
diskutil umountDisk disk6
```
and detach it. Check if the target drive still is disk3: diskutil list.

add the third partition on disk3:

sudo gpt add -i 3 -b 4883164816 -s 262144 -t 426F6F74-0000-11AA-AA11-00306543ECAC disk3

Clone bootosx.cdr to disk3s3:

sudo dd if=/Users/user_name/Desktop/bootosx.cdr of=/dev/disk3s3 bs=1m

After the cloning to the last partition on the target disk is done, you should be asked for the FileVault password.
If you don't get a password prompt, you can mount it by entering diskutil cs list and diskutil cs unlockVolume LVUUID (with LVUUID: UUID of the encrypted CoreStorage volume - in your case probably BE5B9EBC-6DCB-49C5-B055-B00C49864795)

Please add a comment (with @klanomath) if you don't get a password prompt or run into problems.

Related Solutions

Have /Volumes/Storage Drive

Chances are, it's just a folder created randomly by some app or another at some point to use as a mount point and it was never deleted. It should be perfectly safe to rm -rf it, especially if it is empty.

Note: If you rm -rf in /Volumes, make sure you specify which directory to operate on (i.e. DON'T JUST rm -rf /Volumes!) otherwise you will delete everything on every mounted disk, including your root drive (granted, it will throw permissions errors before doing anything to your OS first but still). Try to delete things in Finder if you’re not sure of your rm skills or if you don’t have a backup or time now to restore from that backup.

I think I messed up the Fusion Drive on the 1TB iMac (with BootCamp)

Theoretically everything is fine with your Fusion Drive. Fusion Drives look like this. Disk0 is your SSD with 121 GB and disk1 is your HDD with ~1 TB (~1.121 TB summed up).

The larger parts of your SSD (disk0s2) and your HDD (disk1s2) are pooled to a CoreStorage LVG (Fusion Drive: disk3) with a size of 967.8 GB. The rest is reserved for EFIs, a Recovery HD (alltogether ~1.3 GB) and your old Windows partition - now probably free space (~152 GB).

The logical volume 'Macintosh HD' (967.8 GB) spans disk0s2 and disk1s2. This is the first 'Macintosh HD' in picture 1. The volume 'Macintosh HD' - it's the one visible on the desktop - should ideally also have about 967.8 GB. This is the second 'Macintosh HD' in picture 1.
In fact it has only 852.67 GB (see picture 3).

In the second picture the logical volume 'Macintosh HD' is the first listed in black, the volume 'Macintosh HD' is the second listed in black, the other two 'Macintosh HD's listed in grey are the parts of your SSD and HDD dedicated to the logical volume 'Macintosh HD'.

In my opinion something went wrong after deleting various partitions with the Bootcamp Assistant/Disk Utility or in Windows.

Preparation:

Detach any external drive (especially your external Time Machine backup drive)
Restart to Internet Recovery Mode by pressing alt cmd R at startup.
The prerequisites are the latest firmware update installed, either ethernet or WLAN (WPA/WPA2) and a router with DHCP activated.
On a 50 Mbps-line it takes about 4 min (presenting a small animated globe) to boot into a recovery netboot image which usually is loaded from an apple/akamai server.

I recommend ethernet because it's more reliable. If you are restricted to WIFI and the boot process fails, just restart your Mac until you succeed booting.

Alternatively you may start from a bootable installer thumb drive (preferably Mavericks or Yosemite) or a thumb drive containing a full system (preferably Mavericks or Yosemite).

Now you may either repair CoreStorage or rebuild your Fusion Drive:

'Repair CoreStorage' (not recommended):

First i would try to check the volume 'Macintosh HD' with Disk Utility. If the volume is corrupted consider a reinstall of Mac OS X.
If the volume is ok quit Disk Utility
Open Terminal and enter diskutil unmountDisk /dev/LVIdentifier and both diskutil unmountDisk /dev/DiskContainingApple_CoreStorageIdentifier
In your case: first diskutil unmountDisk /dev/disk3 then diskutil unmountDisk /dev/disk0 and diskutil unmountDisk /dev/disk1
remove the EFI NO NAME partition with gpt remove -i IndexNumberOfEFINoName DiskIdentifier:
gpt remove -i 4 disk1
Remount the CoreStorage disks and then the Logical Volume:
In your case: first diskutil mountDisk /dev/disk0 and diskutil mountDisk /dev/disk1 and then diskutil mount /dev/disk3.

enter gpt -r -vvv show /dev/diskIdentfierOfApple_CoreStorage to get infos of your HDD CoreStorage disk.
In your case: gpt -r -vvv show /dev/disk1
It should look like this:

-bash-3.2# gpt -r -vvv show /dev/disk1
gpt show: /dev/disk1: mediasize=1000204886016; sectorsize=512;         blocks=1953525168
gpt show: /dev/disk1: PMBR at sector 0
gpt show: /dev/disk1: Pri GPT at sector 1
gpt show: /dev/disk1: GPT partition: type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B, start=40, size=409600
gpt show: /dev/disk1: GPT partition: type=53746F72-6167-11AA-AA11-00306543ECAC, start=409640, size=1671210848
gpt show: /dev/disk1: GPT partition: type=426F6F74-0000-11AA-AA11-00306543ECAC, start=1671620488, size=1269760
gpt show: /dev/disk1: Sec GPT at sector 1953525167                               
     start          size  index contents                                        
         0             1        PMBR                                            
         1             1        Pri GPT header                                  
         2            32        Pri GPT table                                   
        34             6
        40        409600      1 GPT part - C12A7328-F81F-11D2-BA4B-00A0C93EC93B
    409640    1671210848      2 GPT part - 53746F72-6167-11AA-AA11-00306543ECAC
1671620488       1269760      3 GPT part - 426F6F74-0000-11AA-AA11-00306543ECAC
1672890248     280634887
1953525135            32        Sec GPT table
1953525167             1        Sec GPT header

The free space on your HDD has 280634887 blocks. Please calculate the biggest block number dividable through 8. That's 280634880 blocks (á 512 bytes) which equals 143685058560 B or ~143.7 GB. Add the size of your HDD CoreStorage Physical Volume (852666400768 B) The result is 143685058560 B + 852666400768 B = 996351459328 B
Resize your HDD CoreStorage physical volume with diskutil cs resizeDisk HDDPVUUID newsize
In your case: diskutil cs resizeDisk 93892BE8-2B7F-4ABD-A4C3-984495DCD98D 996351459328b
Calculate the maximal size of your CoreStorage Logical Volume in diskutil cs list: (size disk0s2) + (size disk1s2) In your case that's 120988852224 B + 996351459328 B = 1117340311552 B. That should be the size of your refreshed Logical Volume Group.
Resize your Logical Volume with diskutil cs resizeVolume LVUUID LVGSize-128 MB In your case that's diskutil cs resizeVolume D237FFDC-7DA4-41D7-AC13-4CC7E5E8C0A0 1117212311552b. If you get an error (There is not enough free space...) choose a smaller size like 1117148311552b.
Quit Terminal and open Disk Utility.
Check your expanded CoreStorage Volume for errors.
Quit Disk Utility, choose your CS volume as startup disk and restart your Mac

'Rebuild Fusion Drive' (recommended if you have a Time Machine backup)

Booted to Internet Recovery Mode open Utilities → Terminal in the menubar and enter:
diskutil cs list to get the CoreStorage listing.
Copy the Logical Volume UUID, it's the fifth listed.
Now delete the Logical Volume with diskutil cs deleteVolume LVUUID.
In your case: diskutil cs deleteVolume D237FFDC-7DA4-41D7-AC13-4CC7E5E8C0A0.
Copy the Logical Volume Group UUID, it's the first listed in the listing of diskutil cs list.
Then delete the Logical Volume Group with diskutil cs delete LVGUUID.
In your case: diskutil cs delete 1EFE58BC-3613-44C4-86EE-D816F3B66E3E
Enter exit and quit 'Terminal'
Open 'Disk Utility'. Enter 'Ignore' if you are asked to fix the drives.
Choose your SSD and partition it: 1 Partition Mac OS X Extended (Journaled), hit the Options button and choose GUID Partiton table and hit OK and Apply.
Please check that the size is ~121 GB

Example:
Choose your HDD and partition it: 1 Partition Mac OS X Extended (Journaled), hit the Options button and choose GUID Partiton table and hit OK and Apply.
Please check that the size is ~1 TB

Example:
Quit Disk Utility and open Terminal
Enter diskutil list

Example (your disk identifiers and sizes are different of course: Your volume SSD probably has the Identifier disk0s2 and the size 121 GB and your volume HDD probably has the Identifier disk1s2 and the size 1.0 TB):
Enter diskutil cs create "Name" IdentifierSSD IdentifierHDD
In your case probably diskutil cs create "Macintosh HD" disk0s2 disk1s2.

Copy the resulting LVGUUID

Example:
Enter diskutil cs CreateVolume LVGUUID jhfs+ "Macintosh HD" 100%.

Example:
Enter diskutil cs list
Check the size of your Logical Volume. It should have the size ~1.121 TB

Example:
Quit Terminal
Open 'Disk Utility' and check your newly created volume for errors
Quit 'Disk Utility'
Attach your external Time Machine backup drive or check this answer if you use NAS or another network share.
Open 'Restore from Time Machine Backup'
Choose the appropriate Time Machine backup and restore your system
Reboot to your restored system.
Unmount and detach your Time Machine backup drive
Open 'Terminal' and enter 'diskutil list'
Check if your 'Recovery HD' is listed.
If your 'Recovery HD' is missing, usually reinstalling your current system with the latest available system installer (e.g. 'Install OS X Mavericks (10.9.5)' if Mavericks is currently installed) will recreate it without loosing any data. AFAIK Recovery Partition Creator 3.8 will NOT create a Recovery HD on CoreStorage volumes.
After reinstalling the system with the latest available system installer open App Store and install the latest security fixes.

Best Answer

Related Solutions

Have /Volumes/Storage Drive

I think I messed up the Fusion Drive on the 1TB iMac (with BootCamp)

Related Question