[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

EFS file decrypting

Posted on 2010-08-26
4
Medium Priority
?
606 Views
Last Modified: 2013-12-04
Have a laptop with 2 80 GB disk drives. Had to replace both drives and reinstall XP MCE. Had all user files backed up with Carbonite and recovered all my files to corresponding drive.Restored was user documents crypto folders which have different user numbers and machine codes. Tried using Elcomsoft AEFSDR full with all remembered passwords with no luck.

I have winhex so can get to $efs records.

I sure would like to unencrypt my 10000+ files
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 80

Expert Comment

by:arnold
ID: 33536870
You had to backup/export the user's EFS certificates.
Do you have the full backup of both drives on carbonite that you can restore onto the system?
I think this is your only option.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 33537987
AEFSDR is an excellent tool, but requires the original EFS certificate, which is stored in the user's profile. unless you have access to that profile, your files are not going to be recoverable.
0
 

Author Comment

by:JonathanLivingstonSeaGull
ID: 33543560
I have found a possible solution at http://www.beginningtoseethelight.org/efsrecovery/ but I am having difficulty in understanding all of the steps. In your opinion is this a viable solution since I do have the required folders with files as restored by Carbonite ?
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 2000 total points
ID: 33544056
Yes. for a viable recovery, you need the user hive (ntuser.dat and ntuser.dat.log from c:\documents and settings\<username> ) and the keystore (c:\documents and settings\<username>\application data\microsoft\crypto\)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question