Decrypt Files - No Keys
Experts,
I have a serious problem. I have a client that had a bunch of personal data on his work laptop. He retired and sent the laptop back , only before I copied over his documents and music...etc. Well I just went to copy back his data to his new computer and found out that the files are encrypted. I have no way to decrypt them as the laptop was sent back and most likely the HDD was destroyed. So is there any hope of decrypting the files? I have already tried Advnaced EFS Data Recovery but it says the files are not decryptable.
Thanks,
--Steve
I have a serious problem. I have a client that had a bunch of personal data on his work laptop. He retired and sent the laptop back , only before I copied over his documents and music...etc. Well I just went to copy back his data to his new computer and found out that the files are encrypted. I have no way to decrypt them as the laptop was sent back and most likely the HDD was destroyed. So is there any hope of decrypting the files? I have already tried Advnaced EFS Data Recovery but it says the files are not decryptable.
Thanks,
--Steve
ChopOMatic
How did you copy the files off of the old computer?
ASKER
drag and drop. copied the directories needed and pasted them onto a USB HDD.
And now you see what on the USB HDD? You see the directory structure and files, as you copied them, but when you try to open them they're encrypted?
ASKER
Correct the files are all there but when you try and copy or open anything it does not allow you.
Any chance you could record a screencast so I can see what you're seeing?
ASKER
ASKER
Were you able to look at the screencast?
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
this is another useful references but it states much to get info from the user machine. if it is not functioning, forensic of machine would be last resort or brute force which may not be logical as final resort. see its "r e c o v e r y w i t h n o i n f o r m a t i o n a t a l l - s p e c i a l i s t m e t h o d s"
http://www.beginningtoseethelight.org/efsrecovery/
http://www.beginningtoseethelight.org/efsrecovery/
ASKER
I'm still in need of getting info if this will be possible to remedy.....
--Steve
--Steve
without the user private key in his machine, it is tough to decrypt his data esp when the HDD is not available. Otherwise if there is backup of the issued keyset certificate, we can try to setup in new machine. Likewise, if copying can be done through network or into non-NTFS storage, there can be some hope.
Else suggest professional support to recover HDD, there is such expertise to reconstruct as long as it is not of intense physical damage on key sector storing those data or even keyset.
There is also data recovery agent such as local admin or domain admin as the contigencies. They would be transparent when efs is enabled.
But the above is possibilities relying on the efs fundamentals but from the Advanced EFS Data Recovery website, its professional (not trial) does share it is capable to handle this situation. As consumer, can consider dropping them an email on this, they would be able to assist or minimally, confirmed it is "non-decryptable"
http://www.elcomsoft.com/aefsdr.html
Just some thoughts.
Else suggest professional support to recover HDD, there is such expertise to reconstruct as long as it is not of intense physical damage on key sector storing those data or even keyset.
There is also data recovery agent such as local admin or domain admin as the contigencies. They would be transparent when efs is enabled.
But the above is possibilities relying on the efs fundamentals but from the Advanced EFS Data Recovery website, its professional (not trial) does share it is capable to handle this situation. As consumer, can consider dropping them an email on this, they would be able to assist or minimally, confirmed it is "non-decryptable"
http://www.elcomsoft.com/aefsdr.html
Just some thoughts.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.