How can I recover encrypted data without original EFS certificate?

By michelediaz ·
I have a user with a Seagate external drive which contains his entire portfolio. The original laptop used for the backup to the Seagate drive was XP SP3. The data was encrypted on the Seagate drive (listed in green). The original laptop has been upgraded to Windows 7 and the laptop hard drive was reformatted during the upgrade. Now the user wants to move the data from the Seagate external drive back to the upgraded laptop. The data cannot be moved due to the encryption. I thought the Seagate Manager was used to encrypt the data, but after checking the advanced attributes of the files, it appears EFS was used to encrypt. Under encryption details the user's cert from the XP SP3 version of the laptop is listed. I cannot add another 'User Who Can Transparently Access This File:' also no recovery agent is listed under "Data Recovery Agents For This File As Defined By Recovery Policy:"

The data on this hard drive HAS to be recovered. Any ideas of how I can get the files recovered?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

It sounds to me that unless you're willing to put

by Darryl~ Moderator In reply to How can I recover encrypt ...

out some big bucks for some recovery software, you may as well take it to someone that does data recovery....it's still going to cost lots of $$$....but if it HAS to be recovered, that's the cost of upgrading the OS & formatting the HDD before getting the data copied somewhere it could be accessed at a later date or by another computer.

Collapse -


by seanferd In reply to How can I recover encrypt ...

User didn't plan his upgrade, did he?

Since the drive was wiped, you can't go back to the XP installation to unlock the files. If you aren't positive, check for the Windows.old folder in the root directory.

Next stop: Very expensive data recovery from a recovery house like Kroll Ontrack.

Collapse -

I don't think you can

by CG IT In reply to How can I recover encrypt ...

not without the keys.

I don't think a decrypting service will be able to recover them, where the expense isn't into the 10s of thousands of dollars.

my try here, but I don't think they can get EFS files.


Collapse -

"HAS to be"

by santeewelding In reply to How can I recover encrypt ...

The only thing that has to be is death. And, this sure looks like it: the data, the user, and you.

Collapse -

And whoever didn't plan the OS upgrade properly (NT)

by Darryl~ Moderator In reply to "HAS to be"
Collapse -

Well if EFS was actually used and it wasn't some other

by OH Smeg Moderator In reply to How can I recover encrypt ...

Encryption utility it's easy to recover though you will need to be a very specialized service to do this. And no you can not get the software required so it has to go to a specalist.

Any of the better Data Recovery Places should be able to do this but I would recommend Kroll On Track as the First option they are really very good and as this Upgrade was not correctly planned you will be unable to unencrypt any EFS Files on Windows 7 anyway. If you read the Upgrade Notice from XP to 7 it specifically tells you to not try to use EFS Files on a 7 system as they will never be readable. EFS for XP is incompatible with Windows 7.


Or if you have someone in the Law Enforcement establishment who can do Data Recovery they could break the encryption M$ provides a tool to do this specifically to these places so it's a relatively easy job. But as the M$ tool is not widely know about and not freely available you need to be involved in Encryption Breaking in either the Security or Law Enforcement Industries to have access to this tool. You Can Not get it any other way so it's not worth trying and even as you don't know it's name it's impossible to begin looking. M$ will not acknowledge it's existence to outsiders of these places as it's not supposed to exist in the minds of the average user.

Or I suppose you could hand the drive over to the Feds and tell them that you believe that's it's full of Kiddy Porn and Treason and you want it's owner to be charged as they think that it's impossible to access the data. They'll then break the encryption but I'm not sure how they will react when they don't find any of that type of thing on the drive.

Or if you ask the right person at M$ they can suggest that you find a Friendly Cracker to break the encryption. The best is taking it to On Track as they can do this and then letting the owner pay for their lack of planning.


Related Discussions

Related Forums