General discussion


Need help with EFS encrypted files!

By thehebrew ·
So I have efs encyption on for my hard drive, then i reformatted. So ibacked up all my videos, music, and 10 years worth of family photos on my external hard drive. I reformat, get all my programs and everything together and then go to my external hard drive to get the files, AND THEY ARE STILL ENCRYPTED!!!!!! windows forgot to take the flippin' encryption off the files. I talk to microsoft and the guy on the phone freakin' tells me to find a good! I have searched ALL of the internet and have found that if i move the files to a hard drive that is formatted to FAT the files lose all encryption. But i can't move the dam files!!!! I have tried all the EFS recovery programs but they only get the original key and that drive has already been formatted. SOMEONE, FOR GOD SAKES PLEASE PLEASE PLEASE HELP ME!!!!! I have years and years of family photos and hundreds of dollars worth of music that i can't access. I can even see all the thumbnails to the pictures, MICROSOFT IS TAUNTING ME!!!!!!!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

A quick question

by neilb@uk In reply to Need help with EFS encryp ...

Are you able to log on as Administrator and take ownership of the files? You should be able to do that and then move the files.

Collapse -

If you

by zlitocook In reply to Need help with EFS encryp ...

Can not get passed the encryption after a few weeks let me know. If you don?t mind letting some one else seeing your files, I may be able to decrypt them for you.
But first you should have decrypted the files before formatting because the key was on the drive and under your profile. There are programs out there that will do this but most that you D/L will also have Trojans or virus attached to them. You could also send it to a data recovery company. But it will cost and they may ether not be able to help or destroy the data.
Try the UDCD and see if you can move the files to a second drive with fat32 or load Kloppix or another Linux distro on a second drive and move them from there.
I don?t like doing this and have to stay away from it, but if you don?t get any where let me know.
But there are alot of great people here and they might have a better thought about it.

Collapse -

copy, not move

by jdclyde In reply to If you

boot to a live distro of linux. It will completely ignore the windows security.

COPY your data to another drive. This gives you multiple attempts to screw it up.... I mean to unencrypt it.

Collapse -

You need to understand your situation

by TechExec2 In reply to Need help with EFS encryp ...


You need to understand your situation.

"I have searched ALL of the internet and have found that if i move the files to a hard drive that is formatted to FAT the files lose all encryption."

This is true, but only if you did that BEFORE you reformatted the original hard drive. The encryption key was stored on your original hard drive. All you can do now is copy the encrypted version around.

Your situation now: To decrypt the files now, you must BREAK the encryption. And, the encryption is designed to be difficult to break. In effect, when you chose to use encryption, you chose to put a powerful lock on your files. Now, you must break your own powerful lock.


Another idea: If you just freshly reformatted the original hard drive and have not done anything else to it, you might (desperately) try to use a utility to recover that drive. If this were successful, you could decrypt your files.


This may be a hard lesson for you. Having just ONE copy of your system and files is dangerous. If the hardware fails, the software fails, or the user fails (i.e. makes an error as in this case), that one copy is lost. So, the thing to learn from this is that you must have multiple backups to protect yourself.

Good luck to you.

edit: spelling

Collapse -


by thehebrew In reply to Need help with EFS encryp ...

Thank you guys so much, this has been the most helpful site; everyone else just says I'm stupid. I did turn encryption on a while ago but when ever I moved file/folders onto my external drive it always used to take the encryption off, so I assumed (<-- stupid) that it did it like usual. I really didn't know anything about the certificates or about the encryption when I was using it or I would have definitely backed up the certificates. Anyway, I can change the ownership like suggested but there are only 2 options and I don't know which one is right. I tried both and then tried to copy and move the file after I did it but it didn't work. Do i have to restart after changing ownership? It just gives me an access denied error message. I think I'll try running a Linux distro off a thumb drive and then copy the files to the thumb drive. Anyone have any suggestion of a really small Linux distro that would run off a thumb-drive? Also, I heard that if copied to a FAT32 drive the encryption is completely useless, but I was thinking; once I have them on the FAT32 drive how do I get the encryption off so I can transfer them back onto a NTFS drive? Should copying just do the trick? And if someone wants to try and unencrypted some files i have a folder of Java programs ,b/c I'm a college student, that you could take a crack at; but that is assuming that I'm able to move or copy the folder. Thank you guys soooooo much, you're all life savers!!!!!!!!

Collapse -

You're still a little off-target

by TechExec2 In reply to Thanx

You're still a little off-target:


"I can change the ownership like suggested"

Changing ownership is not going to help you. The problem is that your data is scrambled by the encryption and you no longer have the key.


"Do i have to restart after changing ownership?"

No. But as above, changing ownership is not the problem.


"I think I'll try running a Linux distro off a thumb drive and then copy the files to the thumb drive."

Running Linux is not going to help either. You need to decrypt the data inside the files.


"once I have them on the FAT32 drive how do I get the encryption off"

You must BREAK the encryption. You must CRACK your own encryption.


"everyone else just says I'm stupid"

Did I forget to say you were stoopid? :-). Sorry about that :^0.

Everyone has done something stoopid before. Even me. Even JD. JD will deny this. You watch. :^0


Good luck to you.

Collapse -

Maybe and maybe not

by jdclyde In reply to You're still a little off ...

The first thing he should try is to reclaim the permissions. That is why I suggested the "COPY" option.

As he doesn't have permissions, how does he know if it is still encrypted?

He should try to reclaim them first (which he would have to do anyways before he could decrypt) and then get back to us.

Collapse -

I thought he already did. Maybe not.

by TechExec2 In reply to Maybe and maybe not

I thought he already reclaimed access and was failing to get access due to the encryption. Perhaps not. His language is not entirely clear.

Sometimes it is a matter of "reading between the lines". And, you might have done a better job of it here . We'll see what he says.

Collapse -

srry on clarity

by thehebrew In reply to I thought he already did. ...

Yeah, I should read over what I type before I submit so srry if any of my posts are unclear. I selected all the files/folders that are encrypted, then go to properties, security tab, and then I click on the Advanced button. On the window that pops up, i click on Owner tab; now I'm looking at 2 accounts. I select one then click the "Replace owner on subcontainers and object" box and hit Apply. After that I try to move and copy the folders/files but an error message pops up and says : "Cannot copy (name of the file im trying to move): Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use."

Collapse -

OK this is the proper way to take ownership

by HAL 9000 Moderator In reply to srry on clarity

And belatedly here is what you should have done to save your Encryption key it a good lesson none the less though a bit of a nasty one as well.

Now what many people are unaware of is that before any Encryption System can be released the Government Must Have the ability to break the encryption so they can recover the data possibly for evidence in Court Proceedings so while it's hard for the average Joe to do there is a Back Door Available.

When you use Encryption the files stay encrypted whenever you move them about and even if you had of backed up all of your Data the Files would still be encrypted no matter the format of the drive that they where copied to even a Nix Drive would store them as Encrypted from the original Windows Source. The reason that you could read these files is that you where working off the original computer with the Encryption Key so the encryption was effectively Transparent to you.

Now the easy answer to your current dilemma is to approach someone working for the Federal Crime Authorities and they'll be able to break the encryption in a matter of seconds but for some strange reason they don't hand out this information as it's fairly useful to them again for fairly obvious reasons.

There is another possibility here Get My Data Back is a company which was setup by several retired Fed Data Recovery Specialists so they have the knowledge and ability to break the encryption though they may not have the motivation but are worth a try here

Actually the person from MS gave you some very good advice as any decent Hacker will know the Back Door into the Encryption bypassing method and will be able to recover your data and most likely do it for free into the bargain though as they break things for fun you never actually know if they'll keep a copy and do with it as they please. However you may find someone who wants the Bragging Rights who is interested in performing the recovery.

Now I've never actually broken the encryption on any product to recover data but it is in Theory possible to perform I would recommend starting Hacking for Dummies as a starting point and work forward from there.

As the data is already scrambled I don't think that using something like Knoppix will actually do anything but keep coping garbage admittedly a perfect copy of the garbage but garbage none the less.

Now if you had performed a Backup and at the same time backed up the Encryption Key which is a Must Do item you wouldn't be in the predicament that you are in now as you could use the Encryption Key to recover your data and turn it from Garbage to readable Data once again. The fact that you have 10 years worth of Data Encrypted I think is marvellous and borders on the unbelievable as that's a long time for any computer program to be running and even longer for a computer as you must have changed it at least once if not more in the meantime. Do you still have the working old computer? If you do the Encryption Key will be there and will have been transfered along with your data so you could recover it from there quite easily and have your data back to normal easily.

While it is a Dumb Thing to do it is also a fairly common thing to do by many who don't know any better and think that they are making their system more secure. The Really Dumb Thing that you have done here is not to research your procedures for a proper Backup and you haven't been keeping any proper Backup in place which is something that you should Change Immediately!

If you wish to use any form of Encryption you should be at the very least using an Image of the Boot Drive to restore from as that keeps everything that you need in place and gives you at only a small cost an easy and fast recovery method.

Whenever I run into domestic situations who have turned on the Encryption I immediately save their data and turn off the encryption and I also do this even in small business that I do work for as the costs involved in recovering the encryption key is just so expensive as not to be worth the cost in most cases.

This reminds me of a One Man Show who I built a computer for and told him to Save All His Data regularly. Well he insisted that he was backing up his data and when the HDD failed an old one from his previous computer as he was too cheap to spring for the $100.00 drive he lost all of his data but for the Company Financial Records which was what he was religiously backing up after every entry session. He didn't seem to grasp that he had other data on the drive that he wanted to keep. But on the other side of the coin he did save about $25.00 when I eventually had to fit a new HDD to the computer and he passed up the opportunity to get one of the data recovery houses to recover all his data as it was only going to cost at a minimum of 3K and possibly more to get all his photos and the like back.

So the easy answer is if you know someone who works for the Feds who has access to the Computer Crimes Side of things you can ask them to make your Encrypted files usable, or you can start reading up on breaking Encryption Keys and find some of the tools that are used to hack these Keys. If you get lucky you may even find the back Door into the Files and recover them all. But I wouldn't be holding my breath waiting for a Lucky Break.

By the way don't feel bad about doing a Dumb Thing as we all manage to do Dumb Things during our lives my worst mistake was to start working with computers and it's something that I've never recovered from though a close second would be using MS Software in the form of OS's. :)


Related Discussions

Related Forums