Solved

EFS file decrypting

Posted on 2010-08-26
4
592 Views
Last Modified: 2013-12-04
Have a laptop with 2 80 GB disk drives. Had to replace both drives and reinstall XP MCE. Had all user files backed up with Carbonite and recovered all my files to corresponding drive.Restored was user documents crypto folders which have different user numbers and machine codes. Tried using Elcomsoft AEFSDR full with all remembered passwords with no luck.

I have winhex so can get to $efs records.

I sure would like to unencrypt my 10000+ files
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 33536870
You had to backup/export the user's EFS certificates.
Do you have the full backup of both drives on carbonite that you can restore onto the system?
I think this is your only option.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 33537987
AEFSDR is an excellent tool, but requires the original EFS certificate, which is stored in the user's profile. unless you have access to that profile, your files are not going to be recoverable.
0
 

Author Comment

by:JonathanLivingstonSeaGull
ID: 33543560
I have found a possible solution at http://www.beginningtoseethelight.org/efsrecovery/ but I am having difficulty in understanding all of the steps. In your opinion is this a viable solution since I do have the required folders with files as restored by Carbonite ?
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 33544056
Yes. for a viable recovery, you need the user hive (ntuser.dat and ntuser.dat.log from c:\documents and settings\<username> ) and the keystore (c:\documents and settings\<username>\application data\microsoft\crypto\)
0

Featured Post

Turn Insights Into Action

You’ve already invested in ITSM tools, chat applications, automation utilities, and more. Fortify these solutions with intelligent communications so you can drive business processes forward.

With xMatters, you'll never miss a beat.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question