• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 613
  • Last Modified:

EFS file decrypting

Have a laptop with 2 80 GB disk drives. Had to replace both drives and reinstall XP MCE. Had all user files backed up with Carbonite and recovered all my files to corresponding drive.Restored was user documents crypto folders which have different user numbers and machine codes. Tried using Elcomsoft AEFSDR full with all remembered passwords with no luck.

I have winhex so can get to $efs records.

I sure would like to unencrypt my 10000+ files
0
JonathanLivingstonSeaGull
Asked:
JonathanLivingstonSeaGull
  • 2
1 Solution
 
arnoldCommented:
You had to backup/export the user's EFS certificates.
Do you have the full backup of both drives on carbonite that you can restore onto the system?
I think this is your only option.
0
 
Dave HoweSoftware and Hardware EngineerCommented:
AEFSDR is an excellent tool, but requires the original EFS certificate, which is stored in the user's profile. unless you have access to that profile, your files are not going to be recoverable.
0
 
JonathanLivingstonSeaGullAuthor Commented:
I have found a possible solution at http://www.beginningtoseethelight.org/efsrecovery/ but I am having difficulty in understanding all of the steps. In your opinion is this a viable solution since I do have the required folders with files as restored by Carbonite ?
0
 
Dave HoweSoftware and Hardware EngineerCommented:
Yes. for a viable recovery, you need the user hive (ntuser.dat and ntuser.dat.log from c:\documents and settings\<username> ) and the keystore (c:\documents and settings\<username>\application data\microsoft\crypto\)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now