Announcement

Collapse
No announcement yet.

Encrypted files - EFS

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • #1

    Encrypted files - EFS

    Well, I am a dumbass.

    I encrypted tons of movies, music, pictures, and misc. stuff. All on my 250GB firewire drive.

    I then formatted my priary drive and re-installed winxp.

    I have just learned the hardway that ALL of my files are un-encyptable

    I thought I'd check with you all before I curl up into a fetal position and cry myself to sleep.

    I tried this software and it told me I was ****ed

    All Windows knowledge base says I am ****ed. Any last ditch ideas before I lose all of this data (100GB+ worth).

    *Goes to ready noose*

    Thanks in advance

    Dave
    Ladies and gentlemen, take my advice, pull down your pants and slide on the ice.
    Tags: None
  • #2
    BTW - What is the lesson? IF you MUST encrypt your files, amke sure you backup your certificates and stuff so you can transfer them to the newly formatted drive.
    Ladies and gentlemen, take my advice, pull down your pants and slide on the ice.

    Comment

    • #3
      Ouch, that sucks.

      From what I've seen the only real function of EFS is to lose data...

      Comment

      • #4
        Here's a site that has some useful info:

        http://www.beginningtoseethelight.org/efsrecovery/

        Comment

        • #5
          have you tried unformating, jsut to get your keys back?
          Also, I ahve some data recovery software which may not work on your encrypted drive, but should be able to see the data on the nuked one- providing of course that you havn't overwritten everything...
          The Welsh support two teams when it comes to rugby. Wales of course, and anyone else playing England

          Comment

          • #6
            sorry to hear of your plight but your data is gone!
            it's probably too late now but have a read here for the future.

            Comment

            • #7
              sad to hear that, I hope you can recover your stuff.

              I once used efs, but I stopped using it, I encountered too many drawbacks when working with it.
              Main: Dual Xeon LV2.4Ghz@3.1Ghz | 3X21" | NVidia 6800 | 2Gb DDR | SCSI
              Second: Dual PIII 1GHz | 21" Monitor | G200MMS + Quadro 2 Pro | 512MB ECC SDRAM | SCSI
              Third: Apple G4 450Mhz | 21" Monitor | Radeon 8500 | 1,5Gb SDRAM | SCSI

              Comment

              • #8
                Sounds like EFS worked exactly as it was supposed to. If you don't have a backup of your certificates, then the data is truely gone. Unless of course you want to start up a distributed computing project and run it for 6 months to try to crack the key.

                The lesson is, always backup your certs!!
                Lady, people aren't chocolates. Do you know what they are mostly? Bastards. Bastard coated bastards with bastard filling. But I don't find them half as annoying as I find naive, bubble-headed optimists who walk around vomiting sunshine. -- Dr. Perry Cox

                Comment

                • #9
                  Back up your what? In case you've never used XP's encryption, here's how it works:

                  Right click on icon of object to be encrypted->properties->advanced->check "Encrypt contents to secure data"->Ok->Ok

                  There, now you have an apparently magicly encrypted file, no warnings about backing up certifications, nothing about the potential to lose data, just a check-mark and green icon label text.

                  I guess being "user friendly" means not telling the user about ABSOLUTELY CRITICAL INFORMATION.

                  Comment

                  • #10
                    Log on as Adminitrator (not an administrator, the Administrator). Move the folder to C:\ (if it won't let you, try the command below on the firewire drive). Open command prompt (Start -> Run, Open: CMD -> OK). Try some of these commands:

                    Run this command first:

                    CIPHER /n /u

                    ANd then one or both of these:

                    CIPHER /d /s:folder /a /i /f

                    CIPHER /d /a /i /f path/file

                    What this should do is force all encrpyted files to use the computers current encryption key:
                    /u
                    Updates the user's file encryption key or recovery agent's key to the current ones in all of the encrypted files on local drives (that is, if the keys have been changed). This option only works with /n.
                    /n
                    Prevents keys from being updated. Use this option to find all of the encrypted files on the local drives. This option only works with /u.
                    And the second command should force a decryption of the files. Should being the operative word. If you're having troubles logging in as Administrator (or whatever you renamed it to), reboot, press F8 after POST to enter the boot screen, enter Safe Mode. That will get you into Administrator.

                    Let me know how it works.

                    Jammrock
                    “Inside every sane person there’s a madman struggling to get out”
                    –The Light Fantastic, Terry Pratchett

                    Comment

                    • #11
                      Thanks for the help and suggestions everyone.

                      Jammrock, that didn't work

                      Every single file is still encrypted.
                      Ladies and gentlemen, take my advice, pull down your pants and slide on the ice.

                      Comment

                      • #12
                        @Jammrock: it can't work since the keys are "based" on the recovery agent key. When you format, everything goes. The "old" keys are thus not based on the "new" recovery agent key, so you cant't get anything back.

                        You could try a recovery program, get the files back and hopefully the right key will be amongst them -or you have alot of time to try and crack it. Otherwise, swallow hard.

                        Comment

                        • #13
                          Jammrock, if that worked, it would kind of defeat the purpose of encryption, don't you think?

                          Those commands will only work if you're logged in to the computer as the original user that encrypted the files, or as the recovery agent. Once you format, all bets are off.

                          If the section of the drive that held the local SAM database for the old installation hasn't been overwritten, it may be possible to pull the original encyrption keys out of there, but you'd need specialized tools and a lot of luck for that to work.
                          Lady, people aren't chocolates. Do you know what they are mostly? Bastards. Bastard coated bastards with bastard filling. But I don't find them half as annoying as I find naive, bubble-headed optimists who walk around vomiting sunshine. -- Dr. Perry Cox

                          Comment

                          • #14
                            Man, I feel for you!
                            P.S. You've been Spanked!

                            Comment

                            • #15
                              Was there a solution to this??
                              RC Agent
                              AMD Athlon 64 X2 5000+ Brisbane 2.6GHz, MSI 785GT-E63, 6 GB(2x1GB, 2x2GG) DDR2 800 Corsair XMS2, Asus EAH4850 TOP
                              AMD Athlon 64 X2 7750 Kuma 2.7GHz, ASRock A790GXH/128M BIOS 1.7, 4 GB(2x2GB) DDR2 800 Corsair XMS2, Gigabyte HD 6850 1GB DDR5
                              AMD Phenom II X6 1045T 2.7GHz, Asus M5A99FX Pro R2.0 BIOS 2501 , 8GB(2x4GB) DDR3 1866 CL9 Crucial BallisticX(BLT4G3D1869DT1TX0) , Sapphire HD7870 2GB GDDR5 OC, Seasonic 850w powers supply

                              Comment

                              Previous 1 2 template Next
                              Working...
                              X