[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

EFS file decrypting

Posted on 2010-08-26
4
Medium Priority
?
611 Views
Last Modified: 2013-12-04
Have a laptop with 2 80 GB disk drives. Had to replace both drives and reinstall XP MCE. Had all user files backed up with Carbonite and recovered all my files to corresponding drive.Restored was user documents crypto folders which have different user numbers and machine codes. Tried using Elcomsoft AEFSDR full with all remembered passwords with no luck.

I have winhex so can get to $efs records.

I sure would like to unencrypt my 10000+ files
0
Comment
  • 2
4 Comments
 
LVL 81

Expert Comment

by:arnold
ID: 33536870
You had to backup/export the user's EFS certificates.
Do you have the full backup of both drives on carbonite that you can restore onto the system?
I think this is your only option.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 33537987
AEFSDR is an excellent tool, but requires the original EFS certificate, which is stored in the user's profile. unless you have access to that profile, your files are not going to be recoverable.
0
 

Author Comment

by:JonathanLivingstonSeaGull
ID: 33543560
I have found a possible solution at http://www.beginningtoseethelight.org/efsrecovery/ but I am having difficulty in understanding all of the steps. In your opinion is this a viable solution since I do have the required folders with files as restored by Carbonite ?
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 2000 total points
ID: 33544056
Yes. for a viable recovery, you need the user hive (ntuser.dat and ntuser.dat.log from c:\documents and settings\<username> ) and the keystore (c:\documents and settings\<username>\application data\microsoft\crypto\)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses
Course of the Month19 days, 5 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question