Vanguard
Joined: 05 May 2007
Posts: 44
|
 What is the path to recover Encryption keys from Formatted..
"JonathanBVI" wrote in message
news:F7B2C927-9E73-4737-BD92-1490CF6167EE@microsoft.com...
>
> "Vanguard" wrote:
>
>> "JonathanBVI" wrote ...
>> >I have a customers' PC that has a folder that is encrypted and gives
>> >"Access
>> > denied" because of the XP (Pro SP2) Encryption (it is not an
>> > ownership
>> > issue). The HD that contained the windows installation has been
>> > reformatted,
>> > and the user had not backed up the certificates/keys, or put a RA
>> > in
>> > place. I
>> > have used a data recovery tool to recover the Documents & Settings
>> > folder
>> > from the reformatted drive and there are a number of certificates &
>> > keys that
>> > successfully import, but sadly the folder will still not decrypt.
>> > Q1 - Is Documents & Settings the only path I need to restore from
>> > the
>> > Formatted drive, or is there somewhere (something) else I need as
>> > well.
>> > Q2 - How can I find out what Key was used to encrypt the folder &
>> > ensure I
>> > have it imported.
>>
>> There is no backdoor to EFS other than a massive bank of number
>> crunching hosts to decode encrypted files, and you don't have access
>> to
>> that. Your customer lost their files by not knowing how to use EFS,
>> like exporting the EFS certificate or designating a recovery agent.
>> You
>> can't fix a tool improperly used by your customer.
>>
>> You mention "restore". So did the customer do backups?
>
> When I talk about Restore, I am talking about the files I recovered
> from the
> formatted hard drive using "EASEUS Data Recovery Wizard Professional
> 3.3.4"
> (a great tool). My fault for using the wrong word.
>
> My original questions were not looking to find a back door. Just to
> clarify
> where within the directory structure the keys are stored, so that I
> can
> ensure I have got everything.
>
> I am probably being very naive, but my understanding is that if I can
> recover the keys from the formatted HD (hence where are they kept),
> Apply the
> original password used (I know that) and I should be able to decrypt
> the
> folder. But after a lot of searching & Asking I still have no idea
> where the
> keys are kept, within a windows XP path structure.
> Maybee the answer is "there are no files held on the disk", because
> they are
> all held as data within the registry.
Ask your customer how much they are willing to recover the data. Then
look at http://www.elcomsoft.com/aefsdr.html. I believe the trial
version only tells you if you could recover the files but doesn't
actually recover them until you buy their product but you'll have to
check for yourself. I've heard of this one but never used it.
|
