|
My old motherboard died. The hard drive works fine but there are files which were encrypted (possibly even from an earlier computer) and I no longer have the encryption key. Is there any way to recover it from the old hard drive or can I use my computer password to decrypt the files? When I try to decrypt it just says access is denied.
|
#
?
Nov 8, 2015 15:19
|
|
|
|
| # ? Apr 26, 2024 10:01 |
|
|
Did you export the key when asked when you originally turned on encryption for those files? If not I think you're boned. I'm not at work to check my doco but EFS is pretty strong and I think your decryption key is tied to your user account and that changes if you reinstall.
|
|
#
?
Nov 12, 2015 02:44
|
|
|
Gromit posted:Did you export the key when asked when you originally turned on encryption for those files? If not I think you're boned. I'm not at work to check my doco but EFS is pretty strong and I think your decryption key is tied to your user account and that changes if you reinstall. womp womp 
|
|
#
?
Nov 12, 2015 03:10
|
|
|
If I remember I'll check my password crackers to see what they need to hit EFS. I'm almost certain it'll want registry data (ntuser.dat or the like) from the old installation though. fake edit - I'm looking at the help file for Password Recovery Toolkit and it says you need the SAM and SYSTEM Registry hives which it will attack to try and get the syskey/login password. I think it's safe to say that if all you have is the files themselves and no other data from that old installation then you are not going anywhere. However, if you have all the old data including the user folders with the registry poo poo in it then we could get somewhere. I'm happy to crack stuff for you if you care that much and have all the data we need. real edit - this is part of my job but I haven't cracked EFS for a long time so sorry I can't be more specific.
|
|
#
?
Nov 12, 2015 06:59
|
|
|
Gromit posted:If I remember I'll check my password crackers to see what they need to hit EFS. I'm almost certain it'll want registry data (ntuser.dat or the like) from the old installation though. Is there any freeware available to do the cracking? I think the old install should be there so I could recover the files. I have the login password from the account, just not the file you're supposed to save when you encrypt stuff. I appreciate the offer to do it for me but the password and the files both contain a lot of privacy sensitive info.
|
|
#
?
Nov 15, 2015 22:14
|
|
|
Sorry, I've no idea. Hopefully someone else might know as all my tools are paid for, and not at all cheap.
|
|
#
?
Nov 16, 2015 07:57
|
|
|
Gromit posted:Sorry, I've no idea. Hopefully someone else might know as all my tools are paid for, and not at all cheap. So I have a very similar problem. However have the entire C drive of the computer with the encrypted files slaved to a PC. There was no backup certificate made of the EFS before the user was unable to log in. I tried going to the user certificates at C:\Users\username\AppData\Roaming\Microsoft\SystemCertificates\My on the slaved HD, and importing them to the personal store in certmgr.msc on the desktop, but this is just a system file and not the proper certificate backup and it is still unable to open the encrypted files. Is there any easy action to resolve this, or I take it this type of file copying is what EFS was designed to prevent?
|
|
#
?
Nov 23, 2015 22:22
|
|
|
scavok posted:So I have a very similar problem. However have the entire C drive of the computer with the encrypted files slaved to a PC. This is my situation but better explained.
|
|
#
?
Nov 24, 2015 02:56
|
|
|
|
| # ? Apr 26, 2024 10:01 |
|
|
I'm happy to receive an EFS-encrypted file from anyone if you just want me to test to see if I can crack it? Hopefully you have something small and innocuous that you don't care I'd have, like a binary data file that is part of a program install or an ini file or anything at all. I'll probably need the password and/or SAM file as well, but loading the file into my cracker should tell me what's needed and that might help you decide to buy something. You could try the EFS key recovery tool on Passware yourself in demo mode (I've got it licensed at home here, and other stuff at work) and if it worked you could decide if it's worth the $200. The page says it supports only up to XP, but I imagine it'll be fine for Win 7 too. I don't think EFS changed significantly or at all, but I'm not 100% sure. If you're interested in sending me something to try I'll post my email address, or you can point me to a cloud store somewhere via PMs or whatever you like.
|
|
#
?
Nov 27, 2015 12:18
|
|