ENCRYPTED DATA RECOVERY

I have a somewhat complicated situation so please bear with me as I explain this problem. I am working with XP Pro and have 2 HDDs, a 40gig & a 160giger. In the 160 giger I have data etc where some of it was encrypted. I had made the decision to do a clean
install of XP on the 40giger since I just got the XPSP2 RC1 with RC2 forthcoming. Disconnected the 160giger and proceeded from there.
After installing XP when I attempted to open up those files, the message I got was ACCESS DENIED! I was completely baffled. So now I have come into the realm of that thing called Certificates and when I do a DETAILS view on a particular file it shows my o
ld user name and a Thumb Certitificate. Reading up more I find out I should attempt to install a Recovery Agent [sounds like the Matrix here now] to decrypt my files.
However I am getting mixed messages and since I am no expert in this stuff, I am having this grave feeling that since the old XP install is no longer around the certificate[s] that were stored in THAT registry are no longer available to open up my files.
Is this about right or do I have it all wrong and maybe I can breathe easy and recover my data? HELP!
If so, PLEASE provide me with a step-by-step solution since some of these files I have read assume you know everything about security and certificates!
--
ENAS

Before you encrypt anything important, you should back up your
personal encryption certificate (with its associated private key)
and the recovery agent certificate to a floppy disk and store it in
a secure location. If you ever lose your original certificate
(because of a hard disk failure, for example), you can restore
the backup copy and regain access to your files. If you lose all
copies of your certificate (and no recovery agent certificates exist),
you won't be able to use your encrypted files. No back door exists,
nor is there any practical way to hack these files.
(If there were, it wouldn't be very good encryption.)

HOW TO: Remove File Encryption in Windows XP
http://support.microsoft.com/default...b;EN-US;308993

Without a backup of the original Encryption Certificate Key, encrypted files
are unrecoverable as they will stay encrypted forever. There is no recovery
method since the encryption algorithm is now completely different with a
reinstall of Windows XP.

See if the following articles help in any way:

HOW TO: Take Ownership of a File or Folder in Windows XP
http://support.microsoft.com/default...b;en-us;308421

Methods for Recovering Encrypted Data Files
http://support.microsoft.com/default...b;EN-US;255742

Best Practices for the Encrypting File System
http://support.microsoft.com/default...b;en-us;223316

Encrypting File System in Windows XP
http://www.microsoft.com/technet/pro...y/cryptfs.mspx

EFS Files Appear Corrupted When You Open Them
http://support.microsoft.com/default...b;en-us;329741

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

------------------------------------------------------------------------------------------------

"XDA974" wrote in message:
...

|I have a somewhat complicated situation so please bear with me as I explain this problem. I am working with
XP Pro and have 2 HDDs, a 40gig & a 160giger. In the 160 giger I have data etc where some of it was encrypted.
I had made the decision to do a clean install of XP on the 40giger since I just got the XPSP2 RC1 with RC2
forthcoming. Disconnected the 160giger and proceeded from there.
| After installing XP when I attempted to open up those files, the message I got was ACCESS DENIED! I was
completely baffled. So now I have come into the realm of that thing called Certificates and when I do a
DETAILS view on a particular file it shows my old user name and a Thumb Certitificate. Reading up more I find
out I should attempt to install a Recovery Agent [sounds like the Matrix here now] to decrypt my files.
| However I am getting mixed messages and since I am no expert in this stuff, I am having this grave feeling
that since the old XP install is no longer around the certificate[s] that were stored in THAT registry are no
longer available to open up my files.
| Is this about right or do I have it all wrong and maybe I can breathe easy and recover my data? HELP!
| If so, PLEASE provide me with a step-by-step solution since some of these files I have read assume you know
everything about security and certificates!
| --
| ENAS

You need the original certificates.
The certificates can not be recreated.
The Recovery Agent needs to be designated beforehand.
Your data is most likely gone for good.

See this link for ways to prevent this in the futu
http://www3.telus.net/dandemar/encrypt.htm
If it is an Ownership issue and not an encryption issue, Step one
should work.

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar/


"XDA974" wrote in message
...
I have a somewhat complicated situation so please bear with me as I
explain this problem. I am working with XP Pro and have 2 HDDs, a
40gig & a 160giger. In the 160 giger I have data etc where some of it
was encrypted. I had made the decision to do a clean install of XP on
the 40giger since I just got the XPSP2 RC1 with RC2 forthcoming.
Disconnected the 160giger and proceeded from there.
After installing XP when I attempted to open up those files, the
message I got was ACCESS DENIED! I was completely baffled. So now I
have come into the realm of that thing called Certificates and when I
do a DETAILS view on a particular file it shows my old user name and a
Thumb Certitificate. Reading up more I find out I should attempt to
install a Recovery Agent [sounds like the Matrix here now] to decrypt
my files.
However I am getting mixed messages and since I am no expert in this
stuff, I am having this grave feeling that since the old XP install is
no longer around the certificate[s] that were stored in THAT registry
are no longer available to open up my files.
Is this about right or do I have it all wrong and maybe I can
breathe easy and recover my data? HELP!
If so, PLEASE provide me with a step-by-step solution since some of
these files I have read assume you know everything about security and
certificates!
--
ENAS

I guess this has become a VERY PAINFUL EXPERIENCE for me now. 20/20 hindsight I should have decrypted those folders or if I had known to have had a Recovery Agent beforehand I wold not be in this mess.
Man this really sucks! Let me ask you, is it futile to keep these files around in the hope that maybe something will come along that will be able to do some kind of reverse engineering?
--
ENAS


"Carey Frisch [MVP]" wrote:

Before you encrypt anything important, you should back up your
personal encryption certificate (with its associated private key)
and the recovery agent certificate to a floppy disk and store it in
a secure location. If you ever lose your original certificate
(because of a hard disk failure, for example), you can restore
the backup copy and regain access to your files. If you lose all
copies of your certificate (and no recovery agent certificates exist),
you won't be able to use your encrypted files. No back door exists,
nor is there any practical way to hack these files.
(If there were, it wouldn't be very good encryption.)

HOW TO: Remove File Encryption in Windows XP
http://support.microsoft.com/default...b;EN-US;308993

Without a backup of the original Encryption Certificate Key, encrypted files
are unrecoverable as they will stay encrypted forever. There is no recovery
method since the encryption algorithm is now completely different with a
reinstall of Windows XP.

See if the following articles help in any way:

HOW TO: Take Ownership of a File or Folder in Windows XP
http://support.microsoft.com/default...b;en-us;308421

Methods for Recovering Encrypted Data Files
http://support.microsoft.com/default...b;EN-US;255742

Best Practices for the Encrypting File System
http://support.microsoft.com/default...b;en-us;223316

Encrypting File System in Windows XP
http://www.microsoft.com/technet/pro...y/cryptfs.mspx

EFS Files Appear Corrupted When You Open Them
http://support.microsoft.com/default...b;en-us;329741

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

------------------------------------------------------------------------------------------------

"XDA974" wrote in message:
...

|I have a somewhat complicated situation so please bear with me as I explain this problem. I am working with
XP Pro and have 2 HDDs, a 40gig & a 160giger. In the 160 giger I have data etc where some of it was encrypted.
I had made the decision to do a clean install of XP on the 40giger since I just got the XPSP2 RC1 with RC2
forthcoming. Disconnected the 160giger and proceeded from there.
| After installing XP when I attempted to open up those files, the message I got was ACCESS DENIED! I was
completely baffled. So now I have come into the realm of that thing called Certificates and when I do a
DETAILS view on a particular file it shows my old user name and a Thumb Certitificate. Reading up more I find
out I should attempt to install a Recovery Agent [sounds like the Matrix here now] to decrypt my files.
| However I am getting mixed messages and since I am no expert in this stuff, I am having this grave feeling
that since the old XP install is no longer around the certificate[s] that were stored in THAT registry are no
longer available to open up my files.
| Is this about right or do I have it all wrong and maybe I can breathe easy and recover my data? HELP!
| If so, PLEASE provide me with a step-by-step solution since some of these files I have read assume you know
everything about security and certificates!
| --
| ENAS

Advanced EFS Data Recovery v1.30
http://www.sharewareriver.com/product.php?id=2671

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

-------------------------------------------------------------------------------------

"XDA974" wrote in message:
...

|I guess this has become a VERY PAINFUL EXPERIENCE for me now. 20/20 hindsight I should have decrypted those
folders or if I had known to have had a Recovery Agent beforehand I wold not be in this mess.
| Man this really sucks! Let me ask you, is it futile to keep these files around in the hope that maybe
something will come along that will be able to do some kind of reverse engineering?
| --
| ENAS

I have little doubt the technology will eventually be broken and the
average user will be able to regain access.
The question is how long? Days, Months, Years...

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar/


"XDA974" wrote in message
...
I guess this has become a VERY PAINFUL EXPERIENCE for me now. 20/20
hindsight I should have decrypted those folders or if I had known to
have had a Recovery Agent beforehand I wold not be in this mess.
Man this really sucks! Let me ask you, is it futile to keep these
files around in the hope that maybe something will come along that
will be able to do some kind of reverse engineering?
--
ENAS

I just had a thought. I had saved some data that was encrypted as well on a diskette and was able to replace the folder that wouldn't allow me off the HDD. Can I use the certificates off the diskette to open up other files? Or something to that effect or a
m I barking up the wrong tree?
Thanks for the fast response though. I can have my heartache early instead of tomorrow morning.
--
ENAS


"Carey Frisch [MVP]" wrote:

Before you encrypt anything important, you should back up your
personal encryption certificate (with its associated private key)
and the recovery agent certificate to a floppy disk and store it in
a secure location. If you ever lose your original certificate
(because of a hard disk failure, for example), you can restore
the backup copy and regain access to your files. If you lose all
copies of your certificate (and no recovery agent certificates exist),
you won't be able to use your encrypted files. No back door exists,
nor is there any practical way to hack these files.
(If there were, it wouldn't be very good encryption.)

HOW TO: Remove File Encryption in Windows XP
http://support.microsoft.com/default...b;EN-US;308993

Without a backup of the original Encryption Certificate Key, encrypted files
are unrecoverable as they will stay encrypted forever. There is no recovery
method since the encryption algorithm is now completely different with a
reinstall of Windows XP.

See if the following articles help in any way:

HOW TO: Take Ownership of a File or Folder in Windows XP
http://support.microsoft.com/default...b;en-us;308421

Methods for Recovering Encrypted Data Files
http://support.microsoft.com/default...b;EN-US;255742

Best Practices for the Encrypting File System
http://support.microsoft.com/default...b;en-us;223316

Encrypting File System in Windows XP
http://www.microsoft.com/technet/pro...y/cryptfs.mspx

EFS Files Appear Corrupted When You Open Them
http://support.microsoft.com/default...b;en-us;329741

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

------------------------------------------------------------------------------------------------

"XDA974" wrote in message:
...

|I have a somewhat complicated situation so please bear with me as I explain this problem. I am working with
XP Pro and have 2 HDDs, a 40gig & a 160giger. In the 160 giger I have data etc where some of it was encrypted.
I had made the decision to do a clean install of XP on the 40giger since I just got the XPSP2 RC1 with RC2
forthcoming. Disconnected the 160giger and proceeded from there.
| After installing XP when I attempted to open up those files, the message I got was ACCESS DENIED! I was
completely baffled. So now I have come into the realm of that thing called Certificates and when I do a
DETAILS view on a particular file it shows my old user name and a Thumb Certitificate. Reading up more I find
out I should attempt to install a Recovery Agent [sounds like the Matrix here now] to decrypt my files.
| However I am getting mixed messages and since I am no expert in this stuff, I am having this grave feeling
that since the old XP install is no longer around the certificate[s] that were stored in THAT registry are no
longer available to open up my files.
| Is this about right or do I have it all wrong and maybe I can breathe easy and recover my data? HELP!
| If so, PLEASE provide me with a step-by-step solution since some of these files I have read assume you know
everything about security and certificates!
| --
| ENAS

"XDA974" wrote in message
...
I have a somewhat complicated situation so please bear with me as I
explain this problem. I am working with XP Pro and have 2 HDDs, a 40gig & a
160giger. In the 160 giger I have data etc where some of it was encrypted. I
had made the decision to do a clean install of XP on the 40giger since I
just got the XPSP2 RC1 with RC2 forthcoming. Disconnected the 160giger and
proceeded from there.
After installing XP when I attempted to open up those files, the message I
got was ACCESS DENIED! I was completely baffled. So now I have come into
the realm of that thing called Certificates and when I do a DETAILS view on
a particular file it shows my old user name and a Thumb Certitificate.
Reading up more I find out I should attempt to install a Recovery Agent
[sounds like the Matrix here now] to decrypt my files.
However I am getting mixed messages and since I am no expert in this
stuff, I am having this grave feeling that since the old XP install is no
longer around the certificate[s] that were stored in THAT registry are no
longer available to open up my files.
Is this about right or do I have it all wrong and maybe I can breathe easy
and recover my data? HELP!
If so, PLEASE provide me with a step-by-step solution since some of these
files I have read assume you know everything about security and
certificates!
--
ENAS

Depending on how important your files are, you might have a chance by using
recovery software to recreate your old boot drive. I've been able to recover
files off of drives that had been formatted and overwritten, but I never
tried getting the old OS to boot; usually I'm just after a few files, and
the software I have is able to "see" several layers of data on the drive.

Do a search for data recovery software, and look for software that says it
can recover after a format and after files were overwritten.

Actually no luck in that idea since I did a DoD scrubbing of the bloody drive, not knowing what kind of a mess I got myself into after the fact.
Carey Frisch [MVP] suggested this Advanced EFS Data Recovery v1.30. Have you had it work for you, are you aware of it?

--
ENAS


"D.Currie" wrote:


"XDA974" wrote in message
...
I have a somewhat complicated situation so please bear with me as I
explain this problem. I am working with XP Pro and have 2 HDDs, a 40gig & a
160giger. In the 160 giger I have data etc where some of it was encrypted. I
had made the decision to do a clean install of XP on the 40giger since I
just got the XPSP2 RC1 with RC2 forthcoming. Disconnected the 160giger and
proceeded from there.
After installing XP when I attempted to open up those files, the message I
got was ACCESS DENIED! I was completely baffled. So now I have come into
the realm of that thing called Certificates and when I do a DETAILS view on
a particular file it shows my old user name and a Thumb Certitificate.
Reading up more I find out I should attempt to install a Recovery Agent
[sounds like the Matrix here now] to decrypt my files.
However I am getting mixed messages and since I am no expert in this
stuff, I am having this grave feeling that since the old XP install is no
longer around the certificate[s] that were stored in THAT registry are no
longer available to open up my files.
Is this about right or do I have it all wrong and maybe I can breathe easy
and recover my data? HELP!
If so, PLEASE provide me with a step-by-step solution since some of these
files I have read assume you know everything about security and
certificates!
--
ENAS

Depending on how important your files are, you might have a chance by using
recovery software to recreate your old boot drive. I've been able to recover
files off of drives that had been formatted and overwritten, but I never
tried getting the old OS to boot; usually I'm just after a few files, and
the software I have is able to "see" several layers of data on the drive.

Do a search for data recovery software, and look for software that says it
can recover after a format and after files were overwritten.

XDA974 wrote:
Actually no luck in that idea since I did a DoD scrubbing of the
bloody drive, not knowing what kind of a mess I got myself into
after the fact. Carey Frisch [MVP] suggested this Advanced EFS
Data Recovery v1.30. Have you had it work for you, are you aware
of it?
Hi

From "Advanced EFS Data Recovery v1.30" readme.txt:

quote
Known problems and limitations

- The program can decrypt protected files only if encryption keys
(at least, some of them) are still exist in the system and have
not been tampered.

....

/quote


As you have no access to the profile folder for the user that encrypted
the files anymore, the encryption keys are not available to the
"Advanced EFS Data Recovery" program, and it will not be able to
decrypt any files for you.


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/com...r/default.mspx