Re: EFS encrypted file recovery (yet again)
From: Steven L Umbach (n9rou_at_nscomcast.net)
Date: 02/01/04
- Previous message: Paul Matear: "Re: limit login connections"
- In reply to: Dennis Adams: "EFS encrypted file recovery (yet again)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 01 Feb 2004 21:59:57 GMT
I have successfully recovered encrypted files in a test situation where I
had a copy of the user profile at a point after the users files were
encrypted by using the old administrators profile which was the recovery
agent for the computer. I was able to do it with a program from Elcomsoft
which has a free download that you can try that will at least show you if it
is possible, but will only decrypt very small files in the trial version.
The full verion is $99.
http://www.elcomsoft.com/prs.html#aefsdr
In my test situation, I had encrypted files on a separate drive partition
from the system. I reinstalled the operating system and then logged on
creating the administrator account with the same password as was used on the
old operating system. Of course initial attempt to decrypt the files failed.
I then logged off the computer and back on as another user in the local
administrators group, and then copied the \documents and
settings\administrator\application data folder from the old profile over to
the new administrator profile. I logged back on and tried to decrypt files
again with no luck. So then I downloaded the Advanced EFS Data Recovery
trial program while logged on as the administrator. I first scanned for keys
under the "EFS related files" page where it found the keys. I then selected
add user password where a box pops up and entered administrator as user name
and the password for the old administrator profile. I then went to the
"Encrypted Fles" page where I scanned the appropriate drive for EFS file and
it found the four test files I created and was able to sucessfully decrypt
them all as they were very small files. So you may want to try the free
download and if it finds your keys and files, you may have a good chance for
recovery if the files are worth $99 to you. --- Steve
"Dennis Adams" <makisupa@cox.net> wrote in message
news:2C0BD805-9A88-4F68-A66D-439C9DB7D864@microsoft.com...
> I'll start buy noting I have learned my lesson, export your public keys.
and make an ERD disk.
> Well here's my situation I'm running Windows 2k sp4. I ran into a problem
did some registry edits and managed to foobar my registry software hive. So
I decided to format the C: drive and re-install windows 2k.
>
> Well before I formatted the drive I was able to copy all the data from the
> "C:\Documents and Settings\Administrator\Application Data\Microsoft\"
directory
>
> so I have a copy of he files used for private/public keys. So far from
what I read there is no way to import these files unless they were exported
via secpol.msc
>
> is there anyway to import my old keys that I have on disk ??
> that are in the Crypto / Protect / SystemCertificates directories ??
>
> I've read that there is a program called reccerts.exe that might allow me
to recover these keys
>
> thanks in advance
> Dennis
- Previous message: Paul Matear: "Re: limit login connections"
- In reply to: Dennis Adams: "EFS encrypted file recovery (yet again)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
