Solved

EFS Recovery

Posted on 2006-10-20
8
537 Views
Last Modified: 2008-02-01
Hello.

I've encypted some files under Windows XP about a while ago, and I very recently FORMATTED my drive (after backing up the data, and dumbly enough, I didn't backup the encryption key for the files) and installed Windows Vista RC2.

I've tried about 4 solutions found here on experts-exchange, I'm losing hope that software might help decrypt them if I had my old username/password, so it looks to me like I'm gonna have to brute-force it.

I've also read somewhere that having the SID too might do great help in recovering the data.

If there's no easier way, I'd like to brute-force it with rainbow tables, even if it takes too long, I've got time. Only problem is, I'm not at all familiar with that procedure.

NOTE: I've also read that copying the encrypted files on a FAT32 drive will recover them. Except, I've tried that, and it said that I needed permission from "S-1-5-21-1078081533-117609710-725345543-1003", which supposedly is my old SID. Here's a screenshot: http://www.myroomstore.com/denied.jpg

So here's all I have that might help my case: username, password, and SID.
0
Comment
Question by:WilimarLynwood
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 59

Expert Comment

by:LeeTutor
ID: 17776689
If you didn't designate a Recovery Agent or export your certificate and private key, according to Microsoft you cannot restore the encrypted file:

http://support.microsoft.com/default.aspx?scid=kb;en-us;308993
HOW TO: Remove File Encryption in Windows XP

However, I've seen Previously Answered Questions on this site that say this program (which is, unfortunately, not free) will work:

http://www.elcomsoft.com/aefsdr.html
0
 
LVL 1

Author Comment

by:WilimarLynwood
ID: 17776840
I've heard that you are able to brute-force the whole process, try every possible password, and as long as its less than 32-characters long, it will eventually get the right encryption key. (using software for that, of course)
0
 
LVL 1

Author Comment

by:WilimarLynwood
ID: 17776856
Plus, I like to think what Microsoft says is usually bs. :)
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 59

Expert Comment

by:LeeTutor
ID: 17776974
That is probably what the program does.  But here is another page I found on EFS recovery:

http://articles.techrepublic.com.com/5100-6346_11-5035070.html

contains this interesting quotation:

EFS protects data stored on a local NTFS partition. It does not protect data when it is sent across a network. This is a big issue. Because EFS was designed to be transparent to end users, when the user who encrypted the file copies it across the network or sends it via e-mail, the file is automatically decrypted before it is sent across the network so that it can be readable on the target system. For a user who does not understand this, and believes that his or her sensitive data is secure, the mistake can be costly.
0
 
LVL 1

Author Comment

by:WilimarLynwood
ID: 17777344
I forgot to add that I tried that program, and it didn't give me any results. I tried adding my username and password, the admin password, etc.. but nothing (I'm guess due to the fact that I formatted my primary drive that had the OS).

And about that part in the article, that's not possible for me since it gives me an "Access denied" message whenever I try to copy the files, even to the same drive.

I've also tried doing it in MS-DOS before loading Windows, and I couldn't copy any files.
0
 
LVL 59

Accepted Solution

by:
LeeTutor earned 275 total points
ID: 17777558
Have you tried taking ownership to see if the "access denied" message can be eliminated?  Go to Documents and Settings on the old drive
Right Click the user folder and select Properties
Go to the Security Tab
Select Advanced
Go to the Owner tab
Select "take ownership"
Once ownership is taken, you can give yourself permissions.

Note: this only works if you are an administrator on the machine.

More info: see these MSKB articles:

http://support.microsoft.com/default.aspx?scid=kb;en-us;308421
HOW TO: Take Ownership of a File or Folder in Windows XP

http://support.microsoft.com/default.aspx?scid=kb;en-us;308418
HOW TO: Set, View, Change, or Remove File and Folder Permissions in Windows XP

If you don't see the Security tab, you will have to first disable Simple File Sharing in Windows XP Pro by clicking the Tools menu in Windows Explorer, selecting Folder Options, then the View tab, and then removing the check mark next to Use Simple File Sharing.  If you are using XP Home, then you will need to boot into Safe mode and login as Administrator to access the Security tab.
0
 
LVL 1

Author Comment

by:WilimarLynwood
ID: 17777593
For your first comment, I changed the ownership to "v\Wilimar Lynwood" which is the account I'm currently on, but still, when I try to copy a file to the other drive, it gives me an error message saying "You require permission from v\Wilimar Lynwood to make changes to this file" (even though I'm not making any changes, and oddly enough, I am "Wilimar Lynwood" on "v" (computer name is v)
0
 
LVL 1

Author Comment

by:WilimarLynwood
ID: 17825242
I guess there's no solution to this. I've decided to just suck it up and delete my encrpted files =).

But, thanks alot for your input anyway, the points are yours.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

cPanel is a Unix based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. cPanel utilizes a 3 tier structure that provides functionality for administrators, rese…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question