Announcement

Collapse
No announcement yet.

I really need HELP for EFS problem!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • I really need HELP for EFS problem!

    Hey People,

    I hope someone here can help me.

    Well to start off i was away for a number of years came back, tried to login to my PC and i forgot the password, which wasn't a bother as I used EBCD to reset the password BUT i didn't remember that i had used the EFS tab to encrypt some of my files and now as I can't remember the old password, and as I have been told that's what I need to get into my files, i can't get into them and i really need to.
    So my question is if i remember my old password and thus it fixing the EFS on my files, is it safe to say the old password is still buried somewhere in the registry or some folder and if so is there anyway of retrieving it or is there any other way to decipher the password hashes to get it or anything along the lines of updating the certificates that were issued with the EFS?

    I do apologise in advance if i have overstepped the boundary in regards to asking about passwords as I know other forums are really strict but i genuinely need help.

    Thank you ever so much in advance for any and all help i get.

    Using XP PRO SP2
    Last edited by dhalix; 25th May 2011, 19:58.

  • #2
    Re: I really need HELP for EFS problem!

    Ok so my bad for not searching this forum, complete noob mistake, not saying i'm a noob but anyway, have seen other topics already started about this so if i don't find anything, please leave this or move to the appropriate forum but if i find anything, i'll let a mod know so they can close or delete this new topic.

    Cheers people!

    Comment


    • #3
      Re: I really need HELP for EFS problem!

      Once you have reset your password on a workgroup system, that is it -- EFS certificates are destroyed. Sorry, but there is no solution. Even forensic packages rely on having access to the certificate stored with the user account and will not decrypt if the cert isnt there.
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: I really need HELP for EFS problem!

        Hi and thank you for your reply.
        I have checked and there does seem to be certificates there with a long validity but not sure if they changed when I changed the password or if they're the original ones.
        But does this mean, hypothetically speaking, if i had docs and files that weren't supposed to be on my pc, i could put efs on and then change the passwords and no authority would be able to decipher them?
        just trying to understand if any or all hope is gone for my files....DAMN this is like losing an usb (

        Comment


        • #5
          Re: I really need HELP for EFS problem!

          Unless it is a domain computer (I assume not from your first post) the certificates are regenerated when you change the password so no longer valid. It is also possible you defined a "Recovery Agent" on your computer, in which case you would use that account to get access to files encrypted after the RA was configured.

          Hypothetically, yes, although I am sure various initialed government agencies have some sort of backdoor into EFS files -- I cannot see Microsoft being allowed to distribute EFS without some sort of CIA/NSA/KGB way in

          There are various programs which claim to recover EFS files -- all involve money and I have no indication of their success rate -- my experience with EnCase (market leader forensic software) is that I cannot decrypt EFS files after a password change but I can without one.
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment

          Working...
          X