Reefs.com - Saltwater Aquarium - Reef Aquarium

Accessing Encrypted files after a crash?

Aqua Pro Builder

Aqua Pro Builder

Vendor: WingoLED
Manhattan Reefs
Location
Flushing NY 11355
Rating - 99.1%
225   2   0
Windows XP
Files are in an USB harddrive
Files are encrypted using the window provided encryption button


After the crash

Created a new Windows XP (using may or may not be the same version of XP)
It was created in another directory rather than the old XP's. The new one is stored at "windows2"
I can get to see the directory of the encrypted files but cannot open them.
Tried to use the properties to decode them, but were rejected access.

What to do now?

Thanks in advance for any help.
 
Last edited:
Widdy

Widdy

Moderator
Vendor
Manhattan Reefs
Rating - 100%
75   0   0
What are the chances of you exporting the encryption keys and stored them in a safe place for times like these?

Your directory/files was probably encrypted using Microsoft's EFS. Both the private and public keys to decrypt the directory and/or files are bound to the user that initiated the encryption process. With that said, since you did a parallel install of XP, unless you're savvy enough to move the SAM (Security Account Manager), Crypto data and somehow mimic the old Windows XP's GUID, without those 2 keys; at the very least the private key -- your data is pretty much gone.

However, since you're able to do a parallel install successfully, I'm going to take a stab and say that the crash isn't hardware related. At the very least, the hard drive is still intact and functional. During the boot process, if you can still select the old OS via a dual boot menu, I would attempt or get someone to attempt to repair the old OS. At least to a point where you can login with the user account that encrypted the directory/files so you can retrieve them. Keep in mind, you're tinkering with low-level processes and methods here. Don't walk your PC into Bestbuy and expect the Geeksquad crew to offer anything helpful. They'll just look at you funny.

You can also look into utilities that claims it can recover encrypted files. But I've haven't had much exposure to them. Your mileage may vary and there's a set of prerequisites that needs to be satisfied before you can even begin the recovery process. G'luck.

http://www.easeus.com/datarecoverywizard/recover-encrypted-data.htm
 
J

jrobbins

Advanced Reefer
Location
New York
Rating - 100%
95   0   0
I have a computer security guy that handles most of our needs in the office. he is pretty skilled (sony brought him in as a consultant when their network was hacked fwiw)

if you are truly screwed, send me a pm and i will give you his contact info.
 
Aqua Pro Builder

Aqua Pro Builder

Vendor: WingoLED
Manhattan Reefs
Location
Flushing NY 11355
Rating - 99.1%
225   2   0
@Widdy,
I have DL the free trialversion Easeus to analysis the machine but not going to commit anything until I fully understand what it does. It does not have a direct option to recover my scenario even though, the spec said they can recover encrypted files. As you said, I think the best bet is to recover the old to a bootable state such as the safe mode and access them with the command prompt, test a attribute change with one file, if it works them do a batch convert.
When I press the encrypt button in XP, I did not remember they ever asked me about pass phase or such, so I assume they must use my windows account(and possibly some machine and/or windows specifics) to generate the key. I tried to install the second copy of XP and provide with same machine name, account name and password to mimic the previous system but obviously failed. May be it's just a wrong version of XP or there are more to it
 
Last edited:
guarda

guarda

Advanced Reefer
Manhattan Reefs
Location
Midtown East, Manhattan
Rating - 100%
88   0   0
Did you get it?

And I just read your reply above. You can't create a new profile (when you install a new copy of Windows) and think that MS EFS will work. It won't. You MUST be logged in with the original windows profile that you were in when you encrypted the file. I said it up above already. It won't work. You need access to the original profile. Trust me on this.
 
Aqua Pro Builder

Aqua Pro Builder

Vendor: WingoLED
Manhattan Reefs
Location
Flushing NY 11355
Rating - 99.1%
225   2   0
guarda said:
Did you get it?

And I just read your reply above. You can't create a new profile (when you install a new copy of Windows) and think that MS EFS will work. It won't. You MUST be logged in with the original windows profile that you were in when you encrypted the file. I said it up above already. It won't work. You need access to the original profile. Trust me on this.
Click to expand...

I noticed that it won't work and that's why I put out this question in this thread. It was a mere description of what I have tried so far. Thanks for the reminder. Save me in trying to install yet another copy of windows.

I stumbled across a support forum with Microsoft and there are Q&A on similar situation but I have not browse thru all the questions whether there is one exactly like my case. I think my case is quite common though. The support mention to export the certificate with the function cipher. I will study a little more on this route before going further as I have a lot of other projects at hand.

I will continue to post both the failed and successful attempts.
 
Last edited:
You must log in or register to reply here.

Sponsor Reefs

We're a FREE website, and we exist because of hobbyists like YOU who help us run this community.

Click here to sponsor $10:


Top