General discussion


Need help with EFS encrypted files!

By thehebrew ·
So I have efs encyption on for my hard drive, then i reformatted. So ibacked up all my videos, music, and 10 years worth of family photos on my external hard drive. I reformat, get all my programs and everything together and then go to my external hard drive to get the files, AND THEY ARE STILL ENCRYPTED!!!!!! windows forgot to take the flippin' encryption off the files. I talk to microsoft and the guy on the phone freakin' tells me to find a good! I have searched ALL of the internet and have found that if i move the files to a hard drive that is formatted to FAT the files lose all encryption. But i can't move the dam files!!!! I have tried all the EFS recovery programs but they only get the original key and that drive has already been formatted. SOMEONE, FOR GOD SAKES PLEASE PLEASE PLEASE HELP ME!!!!! I have years and years of family photos and hundreds of dollars worth of music that i can't access. I can even see all the thumbnails to the pictures, MICROSOFT IS TAUNTING ME!!!!!!!

This conversation is currently closed to new comments.

56 total posts (Page 2 of 6)   Prev   01 | 02 | 03 | 04 | 05   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -


by thehebrew In reply to OK this is the proper way ...

sounds like someone really knows what they're talking about. Yeah, the only reason the encryption was on was b/c I saw in one of my magazines about it and just randomly turned it on......not knowing what it was, or specifically what it did. When I turned it on I already had a couple years worth of data, so I haven't been using the encryption for 10 years. I've been searching everywhere on the web but this site has been the hands down BEST site. I guess i'll start reading up on hacking efs encryption but, like you said im pretty much waiting that one genious or erally nice hacker. And hey, if they want to keep copies of the files, i dont give a dam. What are they going to do with Java programs that sort things and family photos?........or what COULD they do with them? lol

Collapse -

Cracking EFS encryption

by douahe In reply to You're still a little off ...

I was reading your post about cracking EFS encryption. Do you have some suggestions to how to go about cracking the encryption? My situation is a little different in a this post "Need help with EFS encrypted files!". I clone my hard drives so I have all the same information. When restoring my hd from the clone, I can access all my files that are on that hd. But, I also have a significant number of encrypted documents on an external hd. The files on the external hd I cannot access. The files were all encrypted at the same time as the ones on the hd. Do you have any suggestions on how to gain access to my files? Thank you for your help.


Collapse -

The Encryption Key should be the same in that case

by HAL 9000 Moderator In reply to Cracking EFS encryption

But if you are just unable to access your data that is open the Folder that it is in you need to Take Owner Ship of the Files by following the directions here

If you have a Cloned Bootable HDD and need a copy of the Encryption Key you need to set up the Drive with the Key on it as a Bootable Drive and then follow the directions here to copy the Encryption Key


Collapse -


by TechExec2 In reply to Thanx

JD's reply to me prompts some questions. In your posts you have said some things that appear to contradict each other. So, it's really not completely clear where things stand.



"when ever I moved file/folders onto my external drive it always used to take the encryption off"

Are you saying you are SURE that the files on the external hard drive were not encrypted before you reformatted the system HDD?

If the answer is "yes", then they are STILL not encrypted and security is locking you out, not encryption. In that case, all you need to do is reclaim ownership of the files on the new system you installed.



"I can change the ownership like suggested"

Have you already changed ownership successfully? Or, not? I thought this meant you had already reclaimed access but were still being denied access.



It just gives me an access denied error message.

Please provide the exact error message text. Recreate the problem if you didn't write it down the first time. We must know the exact error message in order to understand what is going on.


I have more to say but I'll wait for your reply to this.

edit: clarity

Collapse -

srry about clarity again

by thehebrew In reply to Questions

I meant that before I formatted, that when I moved files/folders to my external hard drive it usually automatically took the encryption off. But for some reason it did not do that for the files/folders; I know for sure that they are encrypted. Srry for the confusion and thanx for your help!

Collapse -

How do you know that the Encryption was removed?

by HAL 9000 Moderator In reply to srry about clarity again

Did you try reading this HDD on another computer to make sure that you could actually read your files?

I very much doubt that the Encryption was ever removed when you copied the files to an external storage device it's just that because you used the same computer to read them the Encryption became Transparent to your and you forgot about it.

Even MS accepts Well Actually Warns you that when you copy Encrypted Files they remain encrypted. So I can not see how the Encryption Would be removed just by a simple Data Copy.

Even on a Big Business/Government machines where Data Encryption is a Must Use the files always remain encrypted no matter where they are copied to or how that they are copied unless it is in plain text format.

Once you Encrypt files they stay that way till you remove the encryption and there is no way around this.

Just one thing here you'll at the very least need to make another copy of these files before attacking them with hacking tools, make sure that you always have an untouched copy available to refer back to should something go wrong and you loose the original data. As you already have the files on an External Storage Device copy them from there and then unplug that device and place it in a safe place where it can not be wiped as you may need the data on it at some stage in the future. This is really Important! Once you have your data readable you can then proceed to wipe the Encrypted Files but don't consider doing this before you have usable data present. This may require another External Storage Device to be purchased but it's needed as you never attack the original data if you make a mistake you'll loose everything with No Hope Of Recovery.


Collapse -


by thehebrew In reply to How do you know that the ...

Well, for one thing; when I used to move files onto my external drive a window popped up and said that if I moved the files that they would have to lose their encryption and I clicked yes. I guess this time the window popped up, i dont remember. I was busy backing up and saving all my data and I assumed it either did it automatically or that I just clicked the box away like usual. And i know they were unencrypted b/c thats how I would transfer files to other computers. Also, thats one of the big problems im running into now; I CAN'T COPY THE DATA. I've been trying everything but it just throws me an error. If I was able to copy it I would have posted some files to see if anyone wanted to take a crack at it. Thanx

Collapse -


by thehebrew In reply to Need help with EFS encryp ...

Also, recovering the drive where windows was originally installed was the first thing I though of when I found out about the certificates but by them it had gone through a format and data was already moved onto it and the recover program couldn't turn up anything.

Collapse -

A good Forensic Program

by HAL 9000 Moderator In reply to Also

Could recover or rebuild the last Bootable HDD but these are not cheap and it generally cheaper to just break the encryption.


Collapse -

This is what you're up against

by TechExec2 In reply to Need help with EFS encryp ...

This is what you're up against.

From reference (1):

"The process of enabling EFS is quick and simple, but the consequences of losing your private key can be catastrophic. If your user account is damaged or deleted then you will almost certainly lose the decryption key and your data will be effectively lost. To avoid this you should backup your personal encryption certificate immediately after the service has been enabled."


I have no experience with this tool, but it looks pretty good. It's called "Advanced EFS Data Recovery" (7). They say "With Advanced AEFS Data Recovery, protected files can decrypted even in a case when the system is not bootable and so you cannot log on, and/or some encryption keys (private or master) have been tampered." and "The latest addition to ElcomSoft's family of password recovery software allows business managers to deal with lost and destroyed encryption keys".

Caution: This company, Elcomsoft, is based in Moscow, Russia, and appears to be highly competent. I don't want to disparage our Russian friends. I like Russia! I cannot say there is any more lawlessness in Russia than in the USA. But, I can say that it will be more difficult for a USA person to get justice if the perpetrator is in Russia. Proceed as you deem appropriate.


I you successfully crack your EFS encryption and recover your data, please post back and let us know what you did and how well it worked. We may need to know one day. Thanks.


(1) Windows XP Pro: Using File Encryption ? part 1

(2) Windows XP Pro: Using File Encryption ? part 2

(3) Windows XP Pro: Using File Encryption ? part 3

(4) Windows XP Pro: Using File Encryption ? part 4

(5) Windows XP Pro: Using File Encryption ? part 5

(6) Data Protection (EFS on Windows 2000)

(7) Advanced EFS Data Recovery

edit: caution about Elcomsoft

Back to Community Forum
56 total posts (Page 2 of 6)   Prev   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums