If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
ENCRYPTED DATA RECOVERY
I have a somewhat complicated situation so please bear with me as I explain this problem. I am working with XP Pro and have 2 HDDs, a 40gig & a 160giger. In the 160 giger I have data etc where some of it was encrypted. I had made the decision to do a clean
install of XP on the 40giger since I just got the XPSP2 RC1 with RC2 forthcoming. Disconnected the 160giger and proceeded from there. After installing XP when I attempted to open up those files, the message I got was ACCESS DENIED! I was completely baffled. So now I have come into the realm of that thing called Certificates and when I do a DETAILS view on a particular file it shows my o ld user name and a Thumb Certitificate. Reading up more I find out I should attempt to install a Recovery Agent [sounds like the Matrix here now] to decrypt my files. However I am getting mixed messages and since I am no expert in this stuff, I am having this grave feeling that since the old XP install is no longer around the certificate[s] that were stored in THAT registry are no longer available to open up my files. Is this about right or do I have it all wrong and maybe I can breathe easy and recover my data? HELP! If so, PLEASE provide me with a step-by-step solution since some of these files I have read assume you know everything about security and certificates! -- ENAS |
Ads |
#2
|
|||
|
|||
ENCRYPTED DATA RECOVERY
Before you encrypt anything important, you should back up your
personal encryption certificate (with its associated private key) and the recovery agent certificate to a floppy disk and store it in a secure location. If you ever lose your original certificate (because of a hard disk failure, for example), you can restore the backup copy and regain access to your files. If you lose all copies of your certificate (and no recovery agent certificates exist), you won't be able to use your encrypted files. No back door exists, nor is there any practical way to hack these files. (If there were, it wouldn't be very good encryption.) HOW TO: Remove File Encryption in Windows XP http://support.microsoft.com/default...b;EN-US;308993 Without a backup of the original Encryption Certificate Key, encrypted files are unrecoverable as they will stay encrypted forever. There is no recovery method since the encryption algorithm is now completely different with a reinstall of Windows XP. See if the following articles help in any way: HOW TO: Take Ownership of a File or Folder in Windows XP http://support.microsoft.com/default...b;en-us;308421 Methods for Recovering Encrypted Data Files http://support.microsoft.com/default...b;EN-US;255742 Best Practices for the Encrypting File System http://support.microsoft.com/default...b;en-us;223316 Encrypting File System in Windows XP http://www.microsoft.com/technet/pro...y/cryptfs.mspx EFS Files Appear Corrupted When You Open Them http://support.microsoft.com/default...b;en-us;329741 -- Carey Frisch Microsoft MVP Windows XP - Shell/User Be Smart! Protect your PC! http://www.microsoft.com/security/protect/ ------------------------------------------------------------------------------------------------ "XDA974" wrote in message: ... |I have a somewhat complicated situation so please bear with me as I explain this problem. I am working with XP Pro and have 2 HDDs, a 40gig & a 160giger. In the 160 giger I have data etc where some of it was encrypted. I had made the decision to do a clean install of XP on the 40giger since I just got the XPSP2 RC1 with RC2 forthcoming. Disconnected the 160giger and proceeded from there. | After installing XP when I attempted to open up those files, the message I got was ACCESS DENIED! I was completely baffled. So now I have come into the realm of that thing called Certificates and when I do a DETAILS view on a particular file it shows my old user name and a Thumb Certitificate. Reading up more I find out I should attempt to install a Recovery Agent [sounds like the Matrix here now] to decrypt my files. | However I am getting mixed messages and since I am no expert in this stuff, I am having this grave feeling that since the old XP install is no longer around the certificate[s] that were stored in THAT registry are no longer available to open up my files. | Is this about right or do I have it all wrong and maybe I can breathe easy and recover my data? HELP! | If so, PLEASE provide me with a step-by-step solution since some of these files I have read assume you know everything about security and certificates! | -- | ENAS |
#3
|
|||
|
|||
ENCRYPTED DATA RECOVERY
You need the original certificates.
The certificates can not be recreated. The Recovery Agent needs to be designated beforehand. Your data is most likely gone for good. See this link for ways to prevent this in the futu http://www3.telus.net/dandemar/encrypt.htm If it is an Ownership issue and not an encryption issue, Step one should work. -- Jupiter Jones [MVP] http://www3.telus.net/dandemar/ "XDA974" wrote in message ... I have a somewhat complicated situation so please bear with me as I explain this problem. I am working with XP Pro and have 2 HDDs, a 40gig & a 160giger. In the 160 giger I have data etc where some of it was encrypted. I had made the decision to do a clean install of XP on the 40giger since I just got the XPSP2 RC1 with RC2 forthcoming. Disconnected the 160giger and proceeded from there. After installing XP when I attempted to open up those files, the message I got was ACCESS DENIED! I was completely baffled. So now I have come into the realm of that thing called Certificates and when I do a DETAILS view on a particular file it shows my old user name and a Thumb Certitificate. Reading up more I find out I should attempt to install a Recovery Agent [sounds like the Matrix here now] to decrypt my files. However I am getting mixed messages and since I am no expert in this stuff, I am having this grave feeling that since the old XP install is no longer around the certificate[s] that were stored in THAT registry are no longer available to open up my files. Is this about right or do I have it all wrong and maybe I can breathe easy and recover my data? HELP! If so, PLEASE provide me with a step-by-step solution since some of these files I have read assume you know everything about security and certificates! -- ENAS |
#4
|
|||
|
|||
ENCRYPTED DATA RECOVERY
I guess this has become a VERY PAINFUL EXPERIENCE for me now. 20/20 hindsight I should have decrypted those folders or if I had known to have had a Recovery Agent beforehand I wold not be in this mess.
Man this really sucks! Let me ask you, is it futile to keep these files around in the hope that maybe something will come along that will be able to do some kind of reverse engineering? -- ENAS "Carey Frisch [MVP]" wrote: Before you encrypt anything important, you should back up your personal encryption certificate (with its associated private key) and the recovery agent certificate to a floppy disk and store it in a secure location. If you ever lose your original certificate (because of a hard disk failure, for example), you can restore the backup copy and regain access to your files. If you lose all copies of your certificate (and no recovery agent certificates exist), you won't be able to use your encrypted files. No back door exists, nor is there any practical way to hack these files. (If there were, it wouldn't be very good encryption.) HOW TO: Remove File Encryption in Windows XP http://support.microsoft.com/default...b;EN-US;308993 Without a backup of the original Encryption Certificate Key, encrypted files are unrecoverable as they will stay encrypted forever. There is no recovery method since the encryption algorithm is now completely different with a reinstall of Windows XP. See if the following articles help in any way: HOW TO: Take Ownership of a File or Folder in Windows XP http://support.microsoft.com/default...b;en-us;308421 Methods for Recovering Encrypted Data Files http://support.microsoft.com/default...b;EN-US;255742 Best Practices for the Encrypting File System http://support.microsoft.com/default...b;en-us;223316 Encrypting File System in Windows XP http://www.microsoft.com/technet/pro...y/cryptfs.mspx EFS Files Appear Corrupted When You Open Them http://support.microsoft.com/default...b;en-us;329741 -- Carey Frisch Microsoft MVP Windows XP - Shell/User Be Smart! Protect your PC! http://www.microsoft.com/security/protect/ ------------------------------------------------------------------------------------------------ "XDA974" wrote in message: ... |I have a somewhat complicated situation so please bear with me as I explain this problem. I am working with XP Pro and have 2 HDDs, a 40gig & a 160giger. In the 160 giger I have data etc where some of it was encrypted. I had made the decision to do a clean install of XP on the 40giger since I just got the XPSP2 RC1 with RC2 forthcoming. Disconnected the 160giger and proceeded from there. | After installing XP when I attempted to open up those files, the message I got was ACCESS DENIED! I was completely baffled. So now I have come into the realm of that thing called Certificates and when I do a DETAILS view on a particular file it shows my old user name and a Thumb Certitificate. Reading up more I find out I should attempt to install a Recovery Agent [sounds like the Matrix here now] to decrypt my files. | However I am getting mixed messages and since I am no expert in this stuff, I am having this grave feeling that since the old XP install is no longer around the certificate[s] that were stored in THAT registry are no longer available to open up my files. | Is this about right or do I have it all wrong and maybe I can breathe easy and recover my data? HELP! | If so, PLEASE provide me with a step-by-step solution since some of these files I have read assume you know everything about security and certificates! | -- | ENAS |
#5
|
|||
|
|||
ENCRYPTED DATA RECOVERY
Advanced EFS Data Recovery v1.30
http://www.sharewareriver.com/product.php?id=2671 -- Carey Frisch Microsoft MVP Windows XP - Shell/User Be Smart! Protect your PC! http://www.microsoft.com/security/protect/ ------------------------------------------------------------------------------------- "XDA974" wrote in message: ... |I guess this has become a VERY PAINFUL EXPERIENCE for me now. 20/20 hindsight I should have decrypted those folders or if I had known to have had a Recovery Agent beforehand I wold not be in this mess. | Man this really sucks! Let me ask you, is it futile to keep these files around in the hope that maybe something will come along that will be able to do some kind of reverse engineering? | -- | ENAS |
#6
|
|||
|
|||
ENCRYPTED DATA RECOVERY
I have little doubt the technology will eventually be broken and the
average user will be able to regain access. The question is how long? Days, Months, Years... -- Jupiter Jones [MVP] http://www3.telus.net/dandemar/ "XDA974" wrote in message ... I guess this has become a VERY PAINFUL EXPERIENCE for me now. 20/20 hindsight I should have decrypted those folders or if I had known to have had a Recovery Agent beforehand I wold not be in this mess. Man this really sucks! Let me ask you, is it futile to keep these files around in the hope that maybe something will come along that will be able to do some kind of reverse engineering? -- ENAS |
#7
|
|||
|
|||
ENCRYPTED DATA RECOVERY
I just had a thought. I had saved some data that was encrypted as well on a diskette and was able to replace the folder that wouldn't allow me off the HDD. Can I use the certificates off the diskette to open up other files? Or something to that effect or a
m I barking up the wrong tree? Thanks for the fast response though. I can have my heartache early instead of tomorrow morning. -- ENAS "Carey Frisch [MVP]" wrote: Before you encrypt anything important, you should back up your personal encryption certificate (with its associated private key) and the recovery agent certificate to a floppy disk and store it in a secure location. If you ever lose your original certificate (because of a hard disk failure, for example), you can restore the backup copy and regain access to your files. If you lose all copies of your certificate (and no recovery agent certificates exist), you won't be able to use your encrypted files. No back door exists, nor is there any practical way to hack these files. (If there were, it wouldn't be very good encryption.) HOW TO: Remove File Encryption in Windows XP http://support.microsoft.com/default...b;EN-US;308993 Without a backup of the original Encryption Certificate Key, encrypted files are unrecoverable as they will stay encrypted forever. There is no recovery method since the encryption algorithm is now completely different with a reinstall of Windows XP. See if the following articles help in any way: HOW TO: Take Ownership of a File or Folder in Windows XP http://support.microsoft.com/default...b;en-us;308421 Methods for Recovering Encrypted Data Files http://support.microsoft.com/default...b;EN-US;255742 Best Practices for the Encrypting File System http://support.microsoft.com/default...b;en-us;223316 Encrypting File System in Windows XP http://www.microsoft.com/technet/pro...y/cryptfs.mspx EFS Files Appear Corrupted When You Open Them http://support.microsoft.com/default...b;en-us;329741 -- Carey Frisch Microsoft MVP Windows XP - Shell/User Be Smart! Protect your PC! http://www.microsoft.com/security/protect/ ------------------------------------------------------------------------------------------------ "XDA974" wrote in message: ... |I have a somewhat complicated situation so please bear with me as I explain this problem. I am working with XP Pro and have 2 HDDs, a 40gig & a 160giger. In the 160 giger I have data etc where some of it was encrypted. I had made the decision to do a clean install of XP on the 40giger since I just got the XPSP2 RC1 with RC2 forthcoming. Disconnected the 160giger and proceeded from there. | After installing XP when I attempted to open up those files, the message I got was ACCESS DENIED! I was completely baffled. So now I have come into the realm of that thing called Certificates and when I do a DETAILS view on a particular file it shows my old user name and a Thumb Certitificate. Reading up more I find out I should attempt to install a Recovery Agent [sounds like the Matrix here now] to decrypt my files. | However I am getting mixed messages and since I am no expert in this stuff, I am having this grave feeling that since the old XP install is no longer around the certificate[s] that were stored in THAT registry are no longer available to open up my files. | Is this about right or do I have it all wrong and maybe I can breathe easy and recover my data? HELP! | If so, PLEASE provide me with a step-by-step solution since some of these files I have read assume you know everything about security and certificates! | -- | ENAS |
#8
|
|||
|
|||
ENCRYPTED DATA RECOVERY
"XDA974" wrote in message ... I have a somewhat complicated situation so please bear with me as I explain this problem. I am working with XP Pro and have 2 HDDs, a 40gig & a 160giger. In the 160 giger I have data etc where some of it was encrypted. I had made the decision to do a clean install of XP on the 40giger since I just got the XPSP2 RC1 with RC2 forthcoming. Disconnected the 160giger and proceeded from there. After installing XP when I attempted to open up those files, the message I got was ACCESS DENIED! I was completely baffled. So now I have come into the realm of that thing called Certificates and when I do a DETAILS view on a particular file it shows my old user name and a Thumb Certitificate. Reading up more I find out I should attempt to install a Recovery Agent [sounds like the Matrix here now] to decrypt my files. However I am getting mixed messages and since I am no expert in this stuff, I am having this grave feeling that since the old XP install is no longer around the certificate[s] that were stored in THAT registry are no longer available to open up my files. Is this about right or do I have it all wrong and maybe I can breathe easy and recover my data? HELP! If so, PLEASE provide me with a step-by-step solution since some of these files I have read assume you know everything about security and certificates! -- ENAS Depending on how important your files are, you might have a chance by using recovery software to recreate your old boot drive. I've been able to recover files off of drives that had been formatted and overwritten, but I never tried getting the old OS to boot; usually I'm just after a few files, and the software I have is able to "see" several layers of data on the drive. Do a search for data recovery software, and look for software that says it can recover after a format and after files were overwritten. |
#9
|
|||
|
|||
ENCRYPTED DATA RECOVERY
Actually no luck in that idea since I did a DoD scrubbing of the bloody drive, not knowing what kind of a mess I got myself into after the fact.
Carey Frisch [MVP] suggested this Advanced EFS Data Recovery v1.30. Have you had it work for you, are you aware of it? -- ENAS "D.Currie" wrote: "XDA974" wrote in message ... I have a somewhat complicated situation so please bear with me as I explain this problem. I am working with XP Pro and have 2 HDDs, a 40gig & a 160giger. In the 160 giger I have data etc where some of it was encrypted. I had made the decision to do a clean install of XP on the 40giger since I just got the XPSP2 RC1 with RC2 forthcoming. Disconnected the 160giger and proceeded from there. After installing XP when I attempted to open up those files, the message I got was ACCESS DENIED! I was completely baffled. So now I have come into the realm of that thing called Certificates and when I do a DETAILS view on a particular file it shows my old user name and a Thumb Certitificate. Reading up more I find out I should attempt to install a Recovery Agent [sounds like the Matrix here now] to decrypt my files. However I am getting mixed messages and since I am no expert in this stuff, I am having this grave feeling that since the old XP install is no longer around the certificate[s] that were stored in THAT registry are no longer available to open up my files. Is this about right or do I have it all wrong and maybe I can breathe easy and recover my data? HELP! If so, PLEASE provide me with a step-by-step solution since some of these files I have read assume you know everything about security and certificates! -- ENAS Depending on how important your files are, you might have a chance by using recovery software to recreate your old boot drive. I've been able to recover files off of drives that had been formatted and overwritten, but I never tried getting the old OS to boot; usually I'm just after a few files, and the software I have is able to "see" several layers of data on the drive. Do a search for data recovery software, and look for software that says it can recover after a format and after files were overwritten. |
#10
|
|||
|
|||
ENCRYPTED DATA RECOVERY
XDA974 wrote:
Actually no luck in that idea since I did a DoD scrubbing of the bloody drive, not knowing what kind of a mess I got myself into after the fact. Carey Frisch [MVP] suggested this Advanced EFS Data Recovery v1.30. Have you had it work for you, are you aware of it? Hi From "Advanced EFS Data Recovery v1.30" readme.txt: quote Known problems and limitations - The program can decrypt protected files only if encryption keys (at least, some of them) are still exist in the system and have not been tampered. .... /quote As you have no access to the profile folder for the user that encrypted the files anymore, the encryption keys are not available to the "Advanced EFS Data Recovery" program, and it will not be able to decrypt any files for you. -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/com...r/default.mspx |
Thread Tools | |
Display Modes | |
|
|