Encrypted files

S

srynznfyra

New member
Member
Local time
12:19 AM
Messages
29
Location
London, England
Recently some damage happened to a user account with lots of encrypted files (virus or something), and now the files aren't accessible, even with that account (which is the original account that encrypted the files in the first place). When trying to decrypt the files, all I get is 'access denied'.

There is a program, 'Advanced EFS data recovery' by Elcomsoft, which can recover the files, however it costs an arm and a leg and I'm wondering, if that program can recover the files then surely why can't I?

The program searched for a 'certificate' (it scanned the whole drive) with which to decrypt the data, I'm wondering, once I have this certificate to hand how I can decrypt the data manually with it?

This data is very important so any help is much appreciated.

Thanks in advance
 

My Computer

Computer Manufacturer/Model Number
Self Built
OS
Windows 7 Ultimate x64
CPU
AMD Phenom II X4 940
Motherboard
Gigabyte GA-M52L-S3
Memory
4GB DDR2
Graphics Card(s)
nVidia GF 9800GT 512MB
Sound Card
Realtek onboard
Monitor(s) Displays
Viewsonic 22" 1920x1080
Hard Drives
750GB Samsung
250GB Maxtor
PSU
Thermaltake 420W
Case
Gigabyte GZ-X3
Cooling
Stock cooler

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
CPU
Ivy Bridge Core i5 3570K (Delidded)
Motherboard
Asus P8Z77-V LE PLUS
Memory
G.Skill "Ares" DDR3 PC3-12800 - 1600MHz (16Gb)
Graphics Card(s)
Asus Dual-RX480-O4G
Sound Card
Creative Sound Blaster Z w/5.1 sound system
Monitor(s) Displays
Asus IPS 23"
Screen Resolution
16/9
Hard Drives
Internal:
500Go Sata 6Gb/s (x2)
500Go Sata 3Gb/s (x2)
SSD 60Go Sata 6Gb/s
PSU
In Win C 900W Series 80+ Platinum
Case
Thermaltake Chaser A71
Cooling
Custom Water Cooling Loop
Keyboard
Cooler Master QuickFire XTi
Mouse
Razer Imperator 2012 (4G)
Antivirus
MSE
Browser
IE 11.0.xxx Rtm
Other Info
"Raid0" with Intel Smart Response Technology (HDD/SSD)
NoN said:
You mean you'd created a 'certificate' to encrypt your files, then never backed it up on a usb stick drive...

On the first crash/damage, you couldn't recover those files unless taking back the certificate.

If you are on 7 Ultimate you can use that EFS Application Tab:

-Encrypt or Decrypt a Folder or File - Vista Forums

-Encrypted File System (EFS) Certificate Backup - Vista Forums

-Encrypted File System (EFS) Certificate Restore - Vista Forums

Those tutorials might give you an hand...
Click to expand...

Thanks, yeah it's 7 Ultimate, I'll have a look at those links, cheers

EDIT: No, had a look at those links, didn't help :(

Basically this is the situation: the files are encrypted and the only user that can decrypt them has an SID that doesn't match any SID of any user on the system, for an unknown reason - I know which account encrypted them, it still exists, yet seems to have a different SID now :/

There must be a way of decrypting them, seeing as the program can do it. The certificate for the lost account must exist somewhere on the hard drive.

cheers
 

My Computer

Computer Manufacturer/Model Number
Self Built
OS
Windows 7 Ultimate x64
CPU
AMD Phenom II X4 940
Motherboard
Gigabyte GA-M52L-S3
Memory
4GB DDR2
Graphics Card(s)
nVidia GF 9800GT 512MB
Sound Card
Realtek onboard
Monitor(s) Displays
Viewsonic 22" 1920x1080
Hard Drives
750GB Samsung
250GB Maxtor
PSU
Thermaltake 420W
Case
Gigabyte GZ-X3
Cooling
Stock cooler
srynznfyra said:
NoN said:
You mean you'd created a 'certificate' to encrypt your files, then never backed it up on a usb stick drive...

On the first crash/damage, you couldn't recover those files unless taking back the certificate.

If you are on 7 Ultimate you can use that EFS Application Tab:

-Encrypt or Decrypt a Folder or File - Vista Forums

-Encrypted File System (EFS) Certificate Backup - Vista Forums

-Encrypted File System (EFS) Certificate Restore - Vista Forums

Those tutorials might give you an hand...
Click to expand...

Thanks, yeah it's 7 Ultimate, I'll have a look at those links, cheers

EDIT: No, had a look at those links, didn't help :(

Basically this is the situation: the files are encrypted and the only user that can decrypt them has an SID that doesn't match any SID of any user on the system, for an unknown reason - I know which account encrypted them, it still exists, yet seems to have a different SID now :/

There must be a way of decrypting them, seeing as the program can do it. The certificate for the lost account must exist somewhere on the hard drive.

cheers
Click to expand...

This what i found here:
5-Minute Security Advisor - Recovering Encrypted Data Using EFS
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
CPU
Ivy Bridge Core i5 3570K (Delidded)
Motherboard
Asus P8Z77-V LE PLUS
Memory
G.Skill "Ares" DDR3 PC3-12800 - 1600MHz (16Gb)
Graphics Card(s)
Asus Dual-RX480-O4G
Sound Card
Creative Sound Blaster Z w/5.1 sound system
Monitor(s) Displays
Asus IPS 23"
Screen Resolution
16/9
Hard Drives
Internal:
500Go Sata 6Gb/s (x2)
500Go Sata 3Gb/s (x2)
SSD 60Go Sata 6Gb/s
PSU
In Win C 900W Series 80+ Platinum
Case
Thermaltake Chaser A71
Cooling
Custom Water Cooling Loop
Keyboard
Cooler Master QuickFire XTi
Mouse
Razer Imperator 2012 (4G)
Antivirus
MSE
Browser
IE 11.0.xxx Rtm
Other Info
"Raid0" with Intel Smart Response Technology (HDD/SSD)
srynznfyra said:
Recently some damage happened to a user account with lots of encrypted files (virus or something), and now the files aren't accessible, even with that account (which is the original account that encrypted the files in the first place). When trying to decrypt the files, all I get is 'access denied'.

There is a program, 'Advanced EFS data recovery' by Elcomsoft, which can recover the files, however it costs an arm and a leg and I'm wondering, if that program can recover the files then surely why can't I?

The program searched for a 'certificate' (it scanned the whole drive) with which to decrypt the data, I'm wondering, once I have this certificate to hand how I can decrypt the data manually with it?

This data is very important so any help is much appreciated.

Thanks in advance
Click to expand...

Errr. Is this what you are talking about? Crack password : Download fastest password recovery, forensic and system security software. Forgot your password? Lost passwords recovery tools, passwords crackers, system security and forensic software. Advanced EFS Data Recovery

It says there is a 30 day trial. UNless one of the restrictions is you can't restore use it and uninstall it.
 

My Computer

OS
XP & Vista
You must log in or register to reply here.
Back
Top