Is it possible to decrypt EFS files without backup certificate
I had some drives which are about to die. The client has encrypted the data. I need some help to recover the encrypted data from the drive. I want to know that does there is a way by which I an recover or decrypt those files if I lost to the certificate. It might be not ethical, but somehow it would be possible to that. I tried to find out some tools on web that has some options but they are useless. Till yet I am not able to get any appropriate solution for the same.
Re: Is it possible to decrypt EFS files without backup certificate
EFS is a different thing. It encrypts the file system at root level. The certification tells the system to decrypt the file. If you lost that or you had not kept the backup then I am doubtful that other software can help you. The tools that I had found basically ask for certificate. This all are very crucial process and you must always keep a backup with you.
Re: Is it possible to decrypt EFS files without backup certificate
I want to know that does here anyone really tried to recovery the encrypted files. I found a tool called as Elcomsoft program. They have a paid edition to get this thing done. But I am not willing to buy one before I get a confirmation that it really works. The tools provides option to recover all the files and decrypt them without the need of certificate. I am not really sure about that. I had seen some videos on Youtube which shows Elcomsoft program tries to find the certificates first on the hard drive and then decrypt them. So in simple words no EFS files can be recovered by any tool unless and until it locates the certificate.
Re: Is it possible to decrypt EFS files without backup certificate
EFS is developed by Microsoft and once all your files are encrypted no user can see them. That is the place where it becomes complicated while recovering. I was wondering that what if someone tries to recover the same on Linux. Does EFS is application on linux system also. There might some support or recovery tool provided which can allow us to do the same.
Re: Is it possible to decrypt EFS files without backup certificate
That can be a way, but I found that complicated. All of us are not having good skills in Linux. And in this OS you have to configure each and everything manually. That is why Linux remains the last choice of many users. EFS does not comes with any backdoor. There are large discussions on this topic which says that there are possibility of recovering files, but no one has given a valid information. What I know that it is illegal to use any utility that might break EFS encryption. There are legal restriction on using tools that can provide this kid of facility. Also any invalid discussion or hacking stuff can cause legal action.
Re: Is it possible to decrypt EFS files without backup certificate
I agree that there might be legal implications on this kind of file system. But what a person will do if his important data in on risk. My client is working for a financial firm. He is only having a single server where all important data which consist of transaction information is stored. He encrypted the drive so that the data is not visible to anyone. But if that is not recovered then it would be a great loss. As my client is not so technically good, but he has hired a guy who does all the server manging job. He left and there is no information available for us to recover the files. Microsoft must have kept some kind of tool or some kind of service that can allow use to get the data backup.
Re: Is it possible to decrypt EFS files without backup certificate
I had contacted some developers that can help me in that. They are working on some dos program that might help but for that you need proper support. You cannot just go on any drive and get the data from it. It is recommended that you consult first properly and then only go for the process. What I know that ample of security software simply failed on this process. There is no other way to recover the same. Thanks.
Re: Is it possible to decrypt EFS files without backup certificate
Whenever I search on Google information on EFS recovery I can only find Advanced EFS Data Recovery by Elcomsoft. I checked the features and was able to find some set of things that I am really looking for. Like it helps to recover the data from hard drive which is moved to other system. Also it helps to to get deleted user profiles back. I do not know but that the tool claims to get data from damage disk also. So I am going to take a chance and get this software. I hope this will help me to get data back.
Re: Is it possible to decrypt EFS files without backup certificate
One thing I want to inform here about Recovery agent. You cannot use them unless you have backup certificate. That is the only best way to get your data decrypted. I have to migrate my server and the data also. The certificate was in the drive and using Recovery Agent I was able to get all the data back. It is safe to use EFS, but if you loose the certificate then it becomes more complicated for you to get your files back.
Re: Is it possible to decrypt EFS files without backup certificate
There are already people above told that it is not possible to recover EFS data without a recovery certificate. Whatever tool you try or software you go for, there are very less chances. I am working on multiple servers where on failed to work properly due to hardware failure. All servers have EFS. I failed to get the data out of it. Luckily that was not so important. Later on I start keeping the backup of certificate in different place so that if something happen it would be easier to replace. I can provide the method of export certificate. For that run mmc.exe. In the file menu click on Add/Remove Snap-in > Add. Then click on Certificates > Add. Later on go to Console Root and then open the Certificate folder. You can find a Personal Folder in that you can locate Certificates. On the right side right click and choose Export.