Solved

EFS file decrypting

Posted on 2010-08-26
4
568 Views
Last Modified: 2013-12-04
Have a laptop with 2 80 GB disk drives. Had to replace both drives and reinstall XP MCE. Had all user files backed up with Carbonite and recovered all my files to corresponding drive.Restored was user documents crypto folders which have different user numbers and machine codes. Tried using Elcomsoft AEFSDR full with all remembered passwords with no luck.

I have winhex so can get to $efs records.

I sure would like to unencrypt my 10000+ files
0
Comment
  • 2
4 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 33536870
You had to backup/export the user's EFS certificates.
Do you have the full backup of both drives on carbonite that you can restore onto the system?
I think this is your only option.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 33537987
AEFSDR is an excellent tool, but requires the original EFS certificate, which is stored in the user's profile. unless you have access to that profile, your files are not going to be recoverable.
0
 

Author Comment

by:JonathanLivingstonSeaGull
ID: 33543560
I have found a possible solution at http://www.beginningtoseethelight.org/efsrecovery/ but I am having difficulty in understanding all of the steps. In your opinion is this a viable solution since I do have the required folders with files as restored by Carbonite ?
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 33544056
Yes. for a viable recovery, you need the user hive (ntuser.dat and ntuser.dat.log from c:\documents and settings\<username> ) and the keystore (c:\documents and settings\<username>\application data\microsoft\crypto\)
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question