Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How to decrypt Windows XP encrypted files

Posted on 2007-08-03
10
Medium Priority
?
13,451 Views
Last Modified: 2013-11-05
I need assistance to decrypt backed up data files (mostly word & pdf) that have been encrypted using windows XP utility to keep them private.
All files have been copied to an external disk, then the computer was reformatted and restored to factory condition using the restore software provided by Toshiba.  I found out that I no longer have access to these files (they appear green in windows explorer).
I tried a couple of software packages demos to try to gain access, they were
1. elcomsoft advanced efs data recovery (aefsdr) that works in 2k/xp.
2.  passware efskey that works similarly to aefsdr,
I was not able to decrypt my data files.
0
Comment
Question by:abugaighis
9 Comments
 
LVL 3

Expert Comment

by:AymanAdam
ID: 19630318
Did you backup your encryption certificate before reinstalling?
If not, you won't be able to access it anymore (as this is the point of
encryption).

If the issue is only NTFS permissions (and not encryption), you'll need to
take ownership of the files and give yourself permission to access the
files.

See Help and Support for details on how to restore encryption certificates
and to take ownership of your files.
0
 

Author Comment

by:abugaighis
ID: 19630442
It maybe an NTFS permissions issue.  How can I find out?  Where can I get info on taking ownership of files in this case?
0
 
LVL 3

Expert Comment

by:AymanAdam
ID: 19630486
if that is the case follow this link to know how:


http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q308421&


wish you luck,,
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 

Accepted Solution

by:
ashu324 earned 1000 total points
ID: 19632123
If you have not backed up your or system encryption keys, you won't be able to decrypt it.

There is a tool "Advanced EFS data Recovery", but for using it also you need your system keys.

What happens is, when you encrypt the first file from your user account, a key pair is created for you. you need to backup these keys.

You can follow these steps for future...

Follow these steps to backup:
1) Open mmc.exe
2) From the file menu, choose "Add/Remove snap in"
3) click on the Add button
4) Select Certificates and click add
5) Select "My User account"
6) click close and then ok
7) In the tree view select
    Console root\Certificates - Curren t User\Personal\Certificates\
8) on the right hand side you should see on certificate listed with "intended purpose" value of "Encrypting File System".
9) Selcet it, right click and select All task\Export
10) Select, "Yes, export the private key"
11) click next twice,
12) Enter a password
13) choose a file name for export and click next
14) you will get a warning, just allow the access.


For import, follow steps 1-7, then
8) click on the right hand side, right click  all taks\Import
9) selcet the certificate, and follow the wizard.




0
 
LVL 1

Assisted Solution

by:FPerito
FPerito earned 1000 total points
ID: 19644065
From the looks of it, you did not back up the certificate and the encryption keys of your files.  Thus, unfortunately, you cannot decrypt the files anymore.
0
 
LVL 26

Expert Comment

by:souseran
ID: 19656651
If you're in a networked Windows environment, you might try these steps from Microsoft:

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/encrypt_to_recover_encrypted.mspx?pf=true

Otherwise, have you tried restoring them to a FAT32 partition?
0
 
LVL 6

Expert Comment

by:ashutosh_kumar
ID: 19656697
The method mentioned by souseran won't work...(for standalone system) it works only when the machine/system certificate is intact...

in this case the system was formated...so nothing can be done...
0
 
LVL 1

Expert Comment

by:FPerito
ID: 19910553
any updates from your end?  I believe that the files cannot be decrypted anymore as the keys were both lost...
0
 
LVL 1

Expert Comment

by:Computer101
ID: 20211984
Forced accept.

Computer101
EE Admin
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses
Course of the Month20 days, 23 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question